CVE-2025-55796

The openml/openml.org web application version v2.0.20241110 uses predictable MD5-based tokens for critical user workflows such as signup confirmation, password resets, email confirmation resends, and email change confirmation. These tokens are generated by hashing the current timestamp formatted ...

Moodle 4.3.x < 4.3.9 Multiple Vulnerabilities

According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.15, 4.3.x prior to 4.3.9, or 4.4.x prior to 4.4.5. It is, therefore, affected by multiple vulnerabilities. - A potential denial of service risk due to guest sessions' longer timeout period. ...

PT-2025-6098 · Perfood · Couch-Auth

Name of the Vulnerable Software and Affected Versions: perfood/couch-auth versions = 0.21.2 Description: A host header injection vulnerability exists in the NPM package of perfood/couch-auth. By sending a specially crafted host header in the email change confirmation request, it is possible to...

PT-2022-23161 · Unknown · Rubygems.Org

Name of the Vulnerable Software and Affected Versions: RubyGems.org affected versions not specified Description: A bug in the password and email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. This could enable the attacker to...

Slack: Team admin can change unauthorized team setting (allow_message_deletion)

Team admin can escalate his privileges and change 'allowmessagedeletion' team setting, which can be changed only by a team owner. Steps to reproduce: 1. Log in as team admin. 2. Send the below request using his cookie & token and notice that it changes 'allowmessagedeletion' team setting to true...