Lucene search
K

54 matches found

CVE
CVE
added 2026/06/22 12:50 p.m.28 views

CVE-2026-7167

The CVE-2026-7167 entry concerns the Assassin game by Gaudire. It identifies a flaw in the authentication flow where the system improperly validates the 'email' field, allowing unverified or fake email addresses to be used to create accounts. The underlying cause is insufficient validation during...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 12:2 a.m.14 views

CVE-2025-65925

An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...

6.5CVSS6.8AI score0.00214EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/30 12:0 a.m.28 views

CVE-2025-65925

An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...

0.00214EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.6 views

Zeroheight 安全漏洞

Zeroheight is a design system management platform from Zeroheight UK. A security vulnerability exists in versions of Zeroheight prior to 2025-06-13, which stems from a legacy user creation API that allows bypassing the email validation step to create an account, potentially leading to spam or fak...

6.5CVSS5.8AI score0.00214EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/30 6:31 p.m.5 views

EUVD-2025-37032

mCarFix Motorists App version 2.3 package name com.skytop.mcarfix, developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data...

7.5CVSS6.5AI score0.00286EPSS
Exploits0References2
NVD
NVD
added 2025/10/30 4:15 p.m.5 views

CVE-2025-61118

mCarFix Motorists App version 2.3 package name com.skytop.mcarfix, developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data...

7.5CVSS0.00286EPSS
Exploits0References1
Microsoft Secure
Microsoft Secure
added 2025/10/06 9:0 p.m.8 views

Inside Microsoft Threat Intelligence: Calm in the chaos

Leading Through the Worst Day Incident response is never orderly. Threat actors don’t wait. Environments are compromised. Data is missing. Confidence is shaken. But for Microsoft’s Incident Response IR team, that chaos is exactly where the work begins. In Episode 1, we showed how Microsoft Threat...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/02 8:23 p.m.5 views

CVE-2025-54573

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...

6.5CVSS6.3AI score0.00268EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.4 views

CVAT.ai CVAT 授权问题漏洞

CVAT.ai CVAT is an open source data processing tool from CVAT.ai. An authorization issue vulnerability exists in CVAT.ai CVAT versions 1.1.0 to 2.41.0, which stems from not enforcing email validation, and could lead to account creation and bot registration using a fake email address...

6.5CVSS6.6AI score0.00268EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/07/17 5:40 p.m.9 views

Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters

Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025. "The MaaS malware-as-a-service operators used fake GitHub accounts to host payloads, tools, and Amadey plug-ins, likely as an attempt to...

7.5AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/07/01 11:7 a.m.5 views

Iranian Blackout Affected Misinformation Campaigns

Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran. Well, that's one way to identify fake accounts and misinformation campaigns...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/30 4:9 a.m.8 views

Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas

Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/10/23 3:8 p.m.9 views

LinkedIn bots and spear phishers target job seekers

Microsoft's social network for professionals, LinkedIn, is an important platform for job recruiters and seekers alike. It's also a place where criminals go to find new potential victims. Like other social media platforms, LinkedIn is no stranger to bots attracted to special keywords and hashtags...

7.8AI score
Exploits0
HackRead
HackRead
added 2024/06/18 4:10 p.m.20 views

Internet Computer Protocol Launches Walletless Verified Credentials for Public Trust

Internet Computer Protocol ICP introduces Verified Credentials VCs, a walletless solution enhancing data sharing privacy. Unveiled at DICE 2024, VCs help combat bots and fake accounts on social media, ensuring secure and efficient verification...

7.3AI score
Exploits0
Malwarebytes
Malwarebytes
added 2024/06/05 1:30 p.m.17 views

Financial sextortion scams on the rise

“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charli...

6.8AI score
Exploits0
HackRead
HackRead
added 2023/12/14 5:30 p.m.14 views

Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts

By Deeba Ahmed The internet's underbelly is thriving on stolen identities and fake accounts, fueling mass phishing campaigns, identity theft rings, and DDoS attacks. This is a post from HackRead.com Read the original post: Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts...

7.4AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2023/09/02 1:15 p.m.34 views

2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows

Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the...

7AI score
Exploits0
HackRead
HackRead
added 2023/06/17 12:33 p.m.15 views

Warning: Fake GitHub Repos Delivering Malware as PoCs

By Waqas According to researchers, these fake accounts on GitHub and Twitter are spreading malware that infects both Windows- and Linux-based systems. This is a post from HackRead.com Read the original post: Warning: Fake GitHub Repos Delivering Malware as PoCs...

7AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2023/04/12 2:23 p.m.21 views

LinkedIn Verification Now Lets You Verify Your Job and Account

To beat back fake accounts, the professional social network is rolling out new tools to prove you work where you say you do and are who you say you are...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/01/16 1:0 p.m.19 views

"Untraceable" surveillance firm sued for scraping Facebook and Instagram data

Days after Meta achieved victory after suing the NSO Group for Computer Fraud and Abuse Act charges, Meta filed a lawsuit against surveillance company Voyager Labs for violations of its Terms and Policies and California law. According to court documents, Voyager Labs created 38,000 fake accounts ...

Exploits0
Rows per page
Query Builder