CVE-2025-69614

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31...

EUVD-2025-208507

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31...

EUVD-2025-208506

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31...

CVE-2025-69614

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31...

CVE-2025-69614

Incorrect Access Control via activation token reuse on the password-reset endpoint allowing unauthorized password resets and full account takeover. Affected Product: Deutsche Telekom AG Telekom Account Management Portal, versions before 2025-10-27, fixed 2025-10-31...

PT-2026-24256

Name of the Vulnerable Software and Affected Versions Deutsche Telekom AG Telekom Account Management Portal versions prior to 2025-10-27 Description An incorrect access control issue exists due to activation token reuse on the password-reset endpoint. This allows unauthorized password resets and...

CVE-2025-69614

CVE-2025-69614 affects Deutsche Telekom AG Telekom Account Management Portal (versions prior to 2025-10-27). Root cause: Incorrect Access Control via activation token reuse on the password-reset endpoint, enabling unauthorized password resets and potential full account takeover. Impact is rated C...

EUVD-2024-39455

Malicious code in bioql PyPI...

CVE-2024-42165

Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...

CVE-2024-11717

Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...

PT-2024-17207 · Ctfd · Ctfd

Name of the Vulnerable Software and Affected Versions: CTFd versions prior to 3.7.5 Description: The issue concerns tokens used for account activation and password resetting in CTFd, which can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter...

CVE-2024-42165

Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...

CVE-2024-42165 Arbitrary User Activation

Insufficiently random values for generating activation token in FIWARE Keyrock = 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link...

8x8: Bypass Email activation on http://axa.dxi.eu

The account activation link utilized by the ContactNow application utilized a token in the existing session for validation. Knowing this token it was possible to bypass the activation step...

eZ Publish < 3.9.5/3.10.1/4.0.1 (token) Privilege Escalation Exploit

No description provided by source. ?php / eZ Publish privilege escalation and weak activation token for new user exploit by s4avrd0w [email protected] Versions affected = 3.5.6 eZ Publish privilege escalation resolved in 3.9.5, 3.10.1, 4.0.1 More info:...

EZ Publish 3.9.53.10.14.0.1 - token Privilege Escalation

EZ Publish 3.9.53.10.14.0.1 - token Privilege Escalation = 3.5.6 eZ Publish privilege escalation resolved in 3.9.5, 3.10.1, 4.0.1 More info: http://ez.no/developer/security/securityadvisories/ezpublish39/ezsa2008003insufficientformhandlingmadeprivilegeescalationpossible eZ Publish weak activation...

eZ Publish &lt; 3.9.5/3.10.1/4.0.1 (token) Privilege Escalation Exploit

No description provided by source. ?php / eZ Publish privilege escalation and weak activation token for new user exploit by s4avrd0w [email protected] Versions affected = 3.5.6 eZ Publish privilege escalation resolved in 3.9.5, 3.10.1, 4.0.1 More info:...

EZ Publish &lt; 3.9.5/3.10.1/4.0.1 - &#039;token&#039; Privilege Escalation

= 3.5.6 eZ Publish privilege escalation resolved in 3.9.5, 3.10.1, 4.0.1 More info: http://ez.no/developer/security/securityadvisories/ezpublish39/ezsa2008003insufficientformhandlingmadeprivilegeescalationpossible eZ Publish weak activation token for new user not resolved now zero-day. Vulnerable...