4 matches found
CVE-2025-54599
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an SSO login. The roo...
CVE-2025-54598
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...
CVE-2025-54598
Bevy Event service (as used for eBay Seller Events) up to 2025-07-22 is affected by a Cross-Site Request Forgery (CSRF) vulnerability that enables an attacker to delete all notifications via the /notifications/delete/ endpoint. Root cause is CSRF on the notification-deletion path; impact is parti...
CVE-2025-54598
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI...