Vulnerabilities in heartcombo

2 results

CVE-2026-32700MEDIUMDevise has a confirmable "change email" race condition that permits user to confirm email they have no access toEPSS 0.3%CVE-2026-40295MEDIUMDevise: Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout HandlerEPSS 0.2%