Lucene search
+L

4 matches found

NVD
NVD
added 2025/03/21 5:15 p.m.17 views

CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

7.2CVSS0.30164EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.6 views

PT-2024-1045

Name of the Vulnerable Software and Affected Versions GitLab versions 16.1 through 16.7.1 Description The issue allows an attacker to specify a secondary email during a password reset request, enabling account takeover via password reset without user interaction. This vulnerability affects GitLab...

10CVSS9.4AI score0.94955EPSS
Exploits16References277
Vulnrichment
Vulnrichment
added 2023/04/05 2:45 p.m.9 views

CVE-2023-28632 GLPI vulnerable to account takeover by authenticated user

GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emails of any user, and can therefore takeover another user account through the "forgotten password" feature. By modifying emails, the user c...

8.1CVSS7.9AI score0.00677EPSS
Exploits0References3
OSV
OSV
added 2020/04/08 6:15 p.m.4 views

CVE-2018-21071

An issue was discovered on Samsung mobile devices with M6.0 software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 May 2018...

7.3CVSS5.9AI score0.00324EPSS
Exploits0References1
Rows per page
Query Builder