Bevy Event
by Bevy
CVEs (2)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54599 | 0.00 | — | 0.00 | Sep 2, 2025 | The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an… | |||
| CVE-2025-54598 | 0.00 | — | 0.00 | Aug 27, 2025 | The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI. |
- CVE-2025-54599Sep 2, 2025risk 0.00cvss —epss 0.00
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows account takeover, if SSO is used, when a victim changes the email address that they have configured. To exploit this, an attacker would create their own account and perform an…
- CVE-2025-54598Aug 27, 2025risk 0.00cvss —epss 0.00
The Bevy Event service through 2025-07-22, as used for eBay Seller Events and other activities, allows CSRF to delete all notifications via the /notifications/delete/ URI.