Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2026/06/01 10:4 p.m.18 views

CVE-2026-9092

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...

9.1CVSS5.8AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 4:20 p.m.10 views

EUVD-2026-32943

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...

5.8AI score0.00316EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 4:20 p.m.8 views

CVE-2026-9092

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the emailverified claim from upstream providers; the idp.UserInfo struct does not even...

5.8AI score0.00316EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.15 views

PT-2026-44421

Casdoor versions 2.362.0 and earlier contain a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email without checking the email verified claim from upstream providers; the idp.UserInfo struct does not even...

5.8AI score0.00316EPSS
Exploits0References2
Rows per page
Query Builder