15 matches found
CVE-2026-35407 Saleor has Cross-Account Email Change via Unbound Confirmation Token
Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given...
CVE-2026-35407
Saleor’s CVE-2026-35407 describes a cross-account email-change weakness in the account email-change workflow. The confirmation token could be used for a different authenticated user, allowing the token’s new_email to update the second account’s address even though the token wasn’t issued for that...
Linux Distros Unpatched Vulnerability : CVE-2019-16109
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record...
Moodle 4.4.x < 4.4.5 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.15, 4.3.x prior to 4.3.9, or 4.4.x prior to 4.4.5. It is, therefore, affected by multiple vulnerabilities. - A potential denial of service risk due to guest sessions' longer timeout period. ...
Moodle < 4.1.15 Multiple Vulnerabilities
According to its self-reported version, the Moodle install hosted on the remote host is 4.1.x prior to 4.1.15, 4.3.x prior to 4.3.9, or 4.4.x prior to 4.4.5. It is, therefore, affected by multiple vulnerabilities. - A potential denial of service risk due to guest sessions' longer timeout period. ...
Internet Bug Bounty: rubygems.org Batching attack to `confirmation_token` by bypass rate limit
The following is copied from hackerone's report. https://hackerone.com/reports/1529183 --- I confirmed that EmailConfirmationsController has the same problem as https://hackerone.com/reports/449356...
Pterodactyl 授权问题漏洞
Pterodactyl is an open source game server administration panel built using PHP, Nodejs and Go. Pterodactyl suffers from a security vulnerability that allows a malicious user to modify the content of the confirmationtoken input during the two-factor authentication process to refer to cached values...
PT-2021-23112 · Unknown · Pterodactyl
Name of the Vulnerable Software and Affected Versions: Pterodactyl affected versions not specified Description: A malicious user can modify the contents of a confirmation token input during the two-factor authentication process to reference a cache value not associated with the login attempt. Thi...
QIWI: hard-use account takeover qiwi.com
It was possible to brute force guessable confirmation token id due to an auth flaw...
UBUNTU-CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
CVE-2019-16109
An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...
Devise Gem for Ruby confirmation token validation with a blank string
Devise before 4.7.1 confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records would exist...
Radancy: I can subscribe and unsubscribe any user with the same token for as many times as i want
During the subscription process for a newsletter it was possible to enter any email-address which would automatically be added to the emaillist without proper confirmation via a confirmation token send by email. Same for the unsubscription process, anyone could unsubscribe all emailaddress becaus...
Shopify: Ability to verify any email address you don't own - accounts.shopify.com
Summary: During testing it's been found that in accounts.shopify.com it's possible to change your email address to any email address that you don't own and confirm that email due to the confirmation token being leaked. Steps to reproduce: 1. Login to https://accounts.shopify.com/account 2. Click...
HackerOne: Reopen Disable Accounts/ Hidden Access After Disable
For POC: Original Email or banned email: [email protected] Updating Email: [email protected] Hello team this bug is something interesting and critical.. I have checked once the accounts are disable not easy to open, but i have found a vulnerability which allow a user to reopen disable accounts. Disable...