2 matches found
CVE-2025-55795
OpenML OpenML.org web app v2.0.20241110 is affected by CVE-2025-55795 due to incremental user IDs and insufficient email ownership verification during email updates. An authenticated attacker with a lower user ID can reassign their email to a higher-ID user, causing the victim to be locked out an...
CVE-2025-55796
OpenML Frontend (openml.org) web app version v2.0.20241110 is affected by a token-generation flaw. Tokens used for signup confirmation, password resets, email confirmations/resends, and email changes are MD5-based and generated from the current timestamp (format "%d %H:%M:%S") without user-specif...