37 matches found
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
EUVD-2019-0664
Malware in sbrugna...
EUVD-2023-1016
Malicious code in bioql PyPI...
EUVD-2022-1108
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2021-36402
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. CVE-2021-36402 Note that...
CVE-2021-36402
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk...
CVE-2025-32782
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...
CVE-2025-32782
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...
CVE-2025-32782
CVE-2025-32782 affects Ash Authentication (Ash framework). The vulnerability stems from the account-creation confirmation flow, which uses a GET request triggered by clicking an email link. Some email clients and security tools may auto-follow the link, unintentionally confirming the new account ...
CVE-2025-32782 Ash Authentication email link auto-click account confirmation vulnerability
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...
GHSA-3988-Q8Q7-P787 ash_authentication has email link auto-click account confirmation vulnerability
Impact The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow these links, unintentionally confirming the account. This...
ash_authentication has email link auto-click account confirmation vulnerability
Impact The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow these links, unintentionally confirming the account. This...
CVE-2024-51989 Cross-site Scripting (XSS) Vulnerability in PasswordPusher
Password Pusher is an open source application to communicate sensitive information over the web. A cross-site scripting XSS vulnerability was identified in the PasswordPusher application, affecting versions v1.41.1 through and including v.1.48.0. The issue arises from an un-sanitized parameter...
CVE-2024-51989
The CVE-2024-51989 entry describes a cross-site scripting (XSS) vulnerability in PasswordPusher, affecting versions v1.41.1 through v1.48.0. The root cause is an unsanitized parameter that enables injection of malicious JavaScript. Affected deployments include self-hosted PasswordPusher installat...
BIT-MOODLE-2021-36402
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk...
Moodle < 3.9.24, 3.11.x < 3.11.17, 4.0.x < 4.0.11, 4.1.x < 4.1.6, 4.2.x < 4.2.3 Multiple Vulnerabilities
Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...
GHSA-GV8F-43PG-C5QW Moodle Improper Input Validation vulnerability
In affected versions of Moodle, users' names require additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. This issue has been patched in versions 3.9.8, 3.10.5 and 3.11.1...
UBUNTU-CVE-2021-36402
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk...
Design/Logic Flaw
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk...
CVE-2021-36402
Technical details (affected Moodle versions, remediation, exploitability) are not provided in the connected documents. Monitor for updates from official advisories; current entries reiterate a sanitization risk in Moodle account confirmation emails without further specifics.