PT-2025-43552

Name of the Vulnerable Software and Affected Versions Frontier Airlines website affected versions not specified Description The Frontier Airlines website has a publicly available endpoint that allows validation of whether an email address is associated with an account. An unauthenticated, remote...

EUVD-2007-5958

Malware in sbrugna...

EUVD-2017-17133

Malware in sbrugna...

EUVD-2018-0963

Malware in sbrugna...

EUVD-2022-7721

Malicious code in bioql PyPI...

EUVD-2022-4000

Malicious code in bioql PyPI...

CVE-2025-35432

CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes...

CVE-2025-35436 CISA Thorium account verification email error handling

CISA Thorium uses '.unwrap' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27...

CVE-2025-35432 CISA Thorium does not rate limit account verification email messages

CISA Thorium does not rate limit requests to send account verification email messages. A remote unauthenticated attacker can send unlimited messages to a user who is pending verification. Fixed in 1.1.1 by adding a rate limit set by default to 10 minutes...

CVE-2025-4973 Workreap <= 3.3.1 - Authentication Bypass via 'workreap_verify_user_account'

The Workreap plugin for WordPress, used by the Workreap - Freelance Marketplace WordPress Theme, is vulnerable to authentication bypass in all versions up to, and including, 3.3.1. This is due to the plugin not properly verifying a user's identity prior to logging them in when verifying an accoun...

PT-2025-19982 · Umbraco · Umbraco

Name of the Vulnerable Software and Affected Versions: Umbraco versions prior to 10.8.10 Umbraco versions prior to 13.8.1 Description: The issue allows an attacker to determine whether an account exists based on an analysis of the timing of post login API responses. No known workarounds are...

CVE-2023-7293

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the checkmollieaccountdetails function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2023-7293

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the checkmollieaccountdetails function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2024-4185

The Customer Email Verification for WooCommerce plugin for WordPress (emails-verification-for-woocommerce) contains an Email Verification and Authentication Bypass in all versions up to 2.7.4 due to insufficiently random activation codes. This allows unauthenticated attackers to bypass email veri...

BIT-MOODLE-2021-20282

When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

CVE-2023-44399 ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting

ZITADEL provides identity infrastructure. In versions 2.37.2 and prior, ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. While this settings was properly working during the authentication process it...

CVE-2023-44399 ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting

ZITADEL provides identity infrastructure. In versions 2.37.2 and prior, ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. While this settings was properly working during the authentication process it...

Holehe - Tool To Check If The Mail Is Used On Different Sites Like Twitter, Instagram And Will Retrieve Information On Sites With The Forgotten Password Function

Holehe Online Version Summary Efficiently finding registered accounts from emails. Holehe checks if an email is attached to an account on sites like twitter, instagram, imgur and more than 120 others. Retrieves information using the forgotten password function. Does not alert the target email. Ru...

CVE-2023-30544

Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the My profile admin page. This page allowed them to change the email address registered with their account without the ownership verification performed...

GHSA-GRJ4-G57C-9XMV Moodle Bypass email verification secret when confirming account registration

When creating a user account, it was possible to verify the account without having access to the verification email link/secret in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...