Lucene search
K

22 matches found

NVD
NVD
added 2026/06/23 7:17 p.m.7 views

CVE-2026-54320

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and...

8.4CVSS0.00215EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/23 6:11 p.m.7 views

EUVD-2026-38566

Daytona is a secure and elastic infrastructure runtime for AI-generated code execution and agent workflows. Prior to 0.184.0, organization invitations could be accepted and declined by a user whose email matched the invitation but had not been verified. Daytona authenticates users via OIDC and...

8.4CVSS6.2AI score0.00215EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.11 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from unverified email binding issues, which could lead to account...

9.1CVSS5.8AI score0.00316EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.10 views

WordPress plugin Firebase Support & Chat Management 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS5.9AI score0.00283EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/11 12:0 a.m.12 views

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities stem from the objects/sendEmail.json.php file, which allows unverified attackers to send arbitrary emails...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/18 1:0 a.m.7 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the providerFlowSignIn process. An attacker can gain unauthorized access to another user's account by exploiting improper handling of email verification status from OAuth providers. This allows the attacker to...

9.8CVSS5.8AI score0.00809EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/03 11:26 p.m.4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via the authentication when usernameclaim is set to email and email verification is not enforced. An attacker can gain unauthorized access and potentially take over accounts by using an unverified email address o...

8.8CVSS5.9AI score0.00438EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/03 12:0 a.m.10 views

OAuthenticator 安全漏洞

OAuthenticator is the OAuth token library used by the JupyerHub login process. Versions of OAuthenticator prior to 17.4.0 contained a security vulnerability. This vulnerability stemmed from an authentication bypass mechanism, which could allow attackers with unverified email addresses to log in t...

8.8CVSS5.8AI score0.00438EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/19 6:21 p.m.3 views

Information Exposure

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure through the Pages and legacy PublicAPI routes that do not respect emailVerifySuccessOnInvalidEmail...

6.9CVSS5.8AI score0.00322EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.8 views

ZITADEL 安全漏洞

ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed by ZITADEL in Switzerland for the era of containers and serverless architectures. Versions of ZITADEL prior to 4.11.1 and 3.4.7 contain security vulnerabilities. These vulnerabilities stem fr...

8.2CVSS7.3AI score0.00176EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/02 11:1 p.m.1 views

CVE-2025-6593 "{{SITENAME}} registered email address has been changed" email sent to unverified email addresses

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

2.1CVSS5.3AI score0.00396EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/02 11:1 p.m.27 views

CVE-2025-6593 "{{SITENAME}} registered email address has been changed" email sent to unverified email addresses

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0...

2.1CVSS0.00396EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2020-13276

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 CVE-2020-13276...

7.4CVSS5.2AI score0.00674EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:53 a.m.4 views

CVE-2023-1204

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically...

4.3CVSS6.9AI score0.00514EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/04/27 12:0 a.m.3 views

On the Prevalence and Usage of Commit Signing on GitHub: a Longitudinal and Cross-Domain Study

GitHub is one of the most widely used public code development platform. However, the code hosted publicly on the platform is vulnerable to commit spoofing that allows an adversary to introduce malicious code or commits into the repository by spoofing the commit metadata to indicate that the code...

7AI score
Exploits0
OSV
OSV
added 2024/06/18 5:0 p.m.3 views

CVE-2024-38351 Password auth and OAuth2 unverified email linking

Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...

5.4CVSS6.7AI score0.00289EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2024/05/01 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-7028

GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover...

10CVSS7.3AI score0.94955EPSS
Exploits16References1
OSV
OSV
added 2024/03/06 11:23 a.m.29 views

BIT-GITLAB-2020-13276

User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1...

7.4CVSS5.3AI score0.00674EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/02/21 4:8 p.m.11 views

CVE-2023-46241 Potential account take over due to unverified emails from Microsoft Identity Platform

discourse-microsoft-auth is a plugin that enables authentication via Microsoft. On sites with the discourse-microsoft-auth plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than...

9CVSS7AI score0.00798EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/21 4:8 p.m.16 views

CVE-2023-46241 Potential account take over due to unverified emails from Microsoft Identity Platform

discourse-microsoft-auth is a plugin that enables authentication via Microsoft. On sites with the discourse-microsoft-auth plugin enabled, an attack can potentially take control of a victim's Discourse account. Sites that have configured their application's account type to any options other than...

9CVSS9.4AI score0.00798EPSS
Exploits0References3
Rows per page
Query Builder