Lucene search
K

7 matches found

OSV
OSV
added 2026/03/18 9:16 p.m.7 views

DEBIAN-CVE-2026-32700

Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...

5.3CVSS5.4AI score0.00275EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/18 8:55 p.m.2 views

CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to

Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...

6CVSS5.8AI score0.00275EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/01/09 9:51 a.m.4 views

CVE-2020-10535

GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address...

5.3CVSS6.8AI score0.01016EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-2988

Malware in sbrugna...

5.3CVSS5.3AI score0.01016EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2020/03/12 12:0 a.m.5 views

PT-2020-12191 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 12.8.x through 12.8.5 Description: The issue allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address when sign-up is enabled. Recommendations: For GitLab...

5.3CVSS5.1AI score0.01016EPSS
Exploits0References6
Hacker One
Hacker One
added 2019/12/19 12:17 p.m.10 views

Mail.ru: Account takeover at geekbrains.ru

It was possible to takeover Geekbrains account registered via Google account due to misuse of unconfirmed attached e-mail as account id...

3.8AI score
Exploits0
Hacker One
Hacker One
added 2018/10/06 12:33 a.m.52 views

Khan Academy: Cross-Site Request Forgery (CSRF) vulnerability on API endpoint allows account takeovers

Summary The /signup/email API endpoint at khanacademy.org is vulnerable to Cross-Site Request Forgery CSRF attacks, allowing takeovers of accounts associated with unconfirmed email addresses. Description The vulnerable endpoint allows an authenticated user to change the email address associated...

0.5AI score
Exploits0
Rows per page
Query Builder