7 matches found
DEBIAN-CVE-2026-32700
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to
Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...
CVE-2020-10535
GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address...
EUVD-2020-2988
Malware in sbrugna...
PT-2020-12191 · Gitlab · Gitlab
Name of the Vulnerable Software and Affected Versions: GitLab versions 12.8.x through 12.8.5 Description: The issue allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address when sign-up is enabled. Recommendations: For GitLab...
Mail.ru: Account takeover at geekbrains.ru
It was possible to takeover Geekbrains account registered via Google account due to misuse of unconfirmed attached e-mail as account id...
Khan Academy: Cross-Site Request Forgery (CSRF) vulnerability on API endpoint allows account takeovers
Summary The /signup/email API endpoint at khanacademy.org is vulnerable to Cross-Site Request Forgery CSRF attacks, allowing takeovers of accounts associated with unconfirmed email addresses. Description The vulnerable endpoint allows an authenticated user to change the email address associated...