CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

184 matches found

Veracode•added 2026/03/21 5:28 a.m.•6 views

Devise Has A Confirmable "change Email" Race Condition Permits User To Confirm Email They Have No Access To

Impact A race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the "reconfirmable" option the default when using Confirmable with email changes. By sending two concurrent email change requests, an...

6CVSS5.9AI score0.00019EPSS

Exploits0Affected Software1

SUSE CVE•added 2026/03/20 12:24 a.m.•2 views

SUSE CVE-2026-32700

Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...

6CVSS5.8AI score0.00019EPSS

Exploits0References3

Tenable Nessus•added 2026/03/19 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2026-32700

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to...

6CVSS5.9AI score0.00019EPSS

Exploits0References3

RedhatCVE•added 2026/03/18 11:49 p.m.•3 views

CVE-2026-32700

A flaw was found in Devise, an authentication solution for Rails. A race condition in the Confirmable module allows a remote attacker to confirm an email address they do not own. By sending two concurrent email change requests, an attacker can desynchronize the confirmation token and unconfirmed...

6.8CVSS5.8AI score0.00019EPSS

Exploits0References7

OSV•added 2026/03/18 9:16 p.m.•6 views

DEBIAN-CVE-2026-32700

6CVSS5.4AI score0.00019EPSS

Exploits0References1

NVD•added 2026/03/18 9:16 p.m.•2 views

CVE-2026-32700

6CVSS0.00019EPSS

Exploits0References4

UbuntuCve•added 2026/03/18 9:16 p.m.•2 views

CVE-2026-32700

6CVSS5.9AI score0.00019EPSS

Exploits0References5

OSV•added 2026/03/18 9:16 p.m.•2 views

UBUNTU-CVE-2026-32700

6CVSS5.8AI score0.00019EPSS

Exploits0References6

Vulnrichment•added 2026/03/18 8:55 p.m.•1 views

CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to

6CVSS5.8AI score0.00019EPSS

Exploits0References4

ATTACKERKB•added 2026/03/18 8:55 p.m.•2 views

CVE-2026-32700

6CVSS5.8AI score0.00019EPSS

Exploits0References5Affected Software1

Debian CVE•added 2026/03/18 8:55 p.m.•3 views

CVE-2026-32700

6CVSS5.4AI score0.00019EPSS

Exploits0

OSV•added 2026/03/18 8:55 p.m.•3 views

CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to

6CVSS5.9AI score0.00019EPSS

Exploits0References6

CVE•added 2026/03/18 8:55 p.m.•7 views

CVE-2026-32700

Devise (Rails) prior to v5.0.3 has a race condition in the Confirmable module used with reconfirmable, allowing an attacker to confirm a victim’s email by issuing two concurrent email-change requests. This desynchronizes confirmation_token and unconfirmed_email; the attacker controls the token’s ...

6CVSS5.8AI score0.00019EPSS

Exploits0References4Affected Software1

Cvelist•added 2026/03/18 8:55 p.m.•20 views

CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to

6CVSS0.00019EPSS

Exploits0References4

CNNVD•added 2026/03/18 12:0 a.m.•3 views

Devise 竞争条件问题漏洞

Devise is an open-source authentication solution based on Warden, developed by heartcombo. Versions of Devise prior to 5.0.3 had a race condition vulnerability, which stemmed from a race condition in the Confirmable module. This vulnerability could allow attackers to confirm email addresses that...

6CVSS5.8AI score0.00019EPSS

Exploits0References5

Github Security Blog•added 2026/03/17 5:24 p.m.•6 views

Devise has a confirmable "change email" race condition permits user to confirm email they have no access to

Impact A race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using Confirmable with email changes. By sending two concurrent email change requests, an...

6CVSS5.8AI score0.00019EPSS

Exploits0References7Affected Software1

Snyk•added 2026/03/17 5:24 p.m.•4 views

Race Condition

Overview devise is a flexible authentication solution for Rails with Warden. Affected versions of this package are vulnerable to Race Condition in the Confirmable module, when the reconfirmable option is enabled which it is by default. An attacker can confirm an email address they don't own by...

6CVSS5.8AI score0.00019EPSS

Exploits0References2

Positive Technologies•added 2026/03/17 12:0 a.m.•4 views

PT-2026-25981

6CVSS5.8AI score0.00019EPSS

Exploits0References8

RubySec•added 2026/03/16 12:0 a.m.•5 views

Confirmable "change email" race condition permits user to confirm email they have no access to

6CVSS5.8AI score0.00019EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/07 9:32 a.m.•7 views

CVE-2019-16109

An issue was discovered in Plataformatec Devise before 4.7.1. It confirms accounts upon receiving a request with a blank confirmationtoken, if a database record has a blank value in the confirmationtoken column. However, there is no scenario within Devise itself in which such database records wou...

5.3CVSS6.7AI score0.00297EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by