V
Vexday
by TrueHacking
›
PT
ES
EN
Overview
CVEs
Technologies
Vendors
Weakness types
Briefing
Live
Home
/
Technologies
/
heartcombo
Vulnerabilities in
heartcombo
2 results
CVE-2026-32700
MEDIUM
Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to
EPSS
0.3%
CVE-2026-40295
MEDIUM
Devise: Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler
EPSS
0.2%