GHSA-QXRW-F6FH-34R7 Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users

Summary The unauthenticated resend-verification endpoint returns different responses for registered and unregistered email addresses. A malicious third party can submit candidate addresses to /api/v4/account/auth/resendverificationemail and distinguish accounts from misses. Details...

CVE-2026-30959

OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated unlike the verify endpoint. This affects the...

CVE-2026-30959

OneUptime is a solution for monitoring and managing online services. The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated unlike the verify endpoint. This affects the...

CVE-2026-30959

The Connected documents reveal a vulnerability in OneUptime: the POST endpoint /api/user-whats-app/resend-verification-code allows any authenticated user to trigger a verification code resend for any UserWhatsApp item by ID, without validating ownership. The code-path for ownership verification e...

OneUptime has WhatsApp Resend Verification Authorization Bypass

Description The resend-verification-code endpoint allows any authenticated user to trigger a verification code resend for any UserWhatsApp record by ID. Ownership is not validated unlike the verify endpoint. Affected Source - Endpoint: UserWhatsAppAPI.ts - Service: UserWhatsAppService.ts - Verify...

PT-2026-24191

Name of the Vulnerable Software and Affected Versions OneUptime affected versions not specified Description The 'resend-verification-code' endpoint in OneUptime allows an authenticated user to trigger a verification code resend for any UserWhatsApp record by its itemId. A critical flaw exists...

CVE-2023-2781

The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticateuserbyemail in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resendverificationemail function. This allows unauthenticated...