Lucene search
K

4 matches found

Debian CVE
Debian CVE
added 2026/03/18 8:55 p.m.5 views

CVE-2026-32700

Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...

6CVSS5.4AI score0.00275EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/03/17 5:24 p.m.8 views

Devise has a confirmable "change email" race condition permits user to confirm email they have no access to

Impact A race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using Confirmable with email changes. By sending two concurrent email change requests, an...

6CVSS5.8AI score0.00275EPSS
Exploits0References7Affected Software1
Snyk
Snyk
added 2025/11/03 8:12 p.m.2 views

Insufficient Verification of Data Authenticity

Overview mantisbt/mantisbt is a mantis bug tracker. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity in the email address change. An attacker can cause unauthorized disclosure of information by updating their profile with an email address they do...

5.4CVSS6.2AI score0.00149EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/09/07 12:0 a.m.8 views

PT-2022-23161 · Unknown · Rubygems.Org

Name of the Vulnerable Software and Affected Versions: RubyGems.org affected versions not specified Description: A bug in the password and email change confirmation code allowed an attacker to change their RubyGems.org account's email to an unowned email address. This could enable the attacker to...

8.8CVSS8.6AI score0.00845EPSS
Exploits0References5
Rows per page
Query Builder