Lucene search
+L

321 matches found

Positive Technologies
Positive Technologies
added 2026/05/16 12:0 a.m.29 views

PT-2026-41440

Queue Management System 4.0.0 contains a stored cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through user creation fields. Attackers can insert JavaScript payloads in the First Name, Last Name, and Email fields during user creation, which...

6.4CVSS5.7AI score0.00243EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/14 6:32 p.m.17 views

EUVD-2025-209860

Strapi is an open source headless content management system. In Strapi versions prior to 5.45.0, the rate-limit middleware in the users-permissions plugin derived its rate-limit key in part from ctx.request.body.email, including on routes whose body schema does not contain an email field...

6.9CVSS6AI score0.00492EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/13 8:2 p.m.12 views

Brute Force

Overview @strapi/plugin-users-permissions is a headless CMS Affected versions of this package are vulnerable to Brute Force via the rate-limiting middleware. An attacker can bypass intended request throttling by manipulating the email field in the request body to generate unique rate-limit keys f...

6.9CVSS5.8AI score0.00492EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/13 12:0 a.m.20 views

PT-2026-40833

Name of the Vulnerable Software and Affected Versions Strapi versions prior to 5.45.0 Description The rate-limit middleware in the users-permissions plugin incorrectly derives its rate-limit key using ctx.request.body.email, even on routes where the body schema does not require an email field, su...

6.9CVSS6AI score0.00492EPSS
Exploits0References8
Snyk
Snyk
added 2026/05/07 9:16 p.m.12 views

Exposure of Private Personal Information to an Unauthorized Actor

Overview Affected versions of this package are vulnerable to Exposure of Private Personal Information to an Unauthorized Actor via the Email field in the Comment model exposed through unauthenticated public API endpoints. An attacker can obtain the email addresses of all guest commenters by makin...

6.9CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2026/05/07 9:16 p.m.16 views

GHSA-RJ4G-RQGH-RX9H Ech0 comment model's Email field returned on public /api/comments endpoints

Summary The Comment model serializes its Email field through the public comment-listing API. internal/model/comment/comment.go:33 uses json:"email", while adjacent PII fields IPHash, UserAgent correctly use json:"-". The public endpoints GET /api/comments?echoid=X and GET...

5.3CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2026/04/27 3:16 p.m.16 views

CVE-2026-7131

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

7.5CVSS0.00254EPSS
Exploits0References5
NVD
NVD
added 2026/04/26 10:17 p.m.5 views

CVE-2018-25294

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition...

8.7CVSS0.00387EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/26 1:19 p.m.5 views

CVE-2018-25294

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition...

8.7CVSS5.7AI score0.00387EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/26 1:19 p.m.5 views

CVE-2018-25294 CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition...

8.7CVSS5.7AI score0.00387EPSS
Exploits0References4
CVE
CVE
added 2026/04/26 1:19 p.m.22 views

CVE-2018-25294

CEWE Photoshow 6.3.4 is affected by a buffer overflow in the login dialog. The vulnerability can be triggered by submitting oversized input (up to ~4000 bytes in the email address and password fields), leading to denial of service (crash). Connected documents confirm the existence of this buffer ...

8.7CVSS5.8AI score0.00387EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/04/26 1:19 p.m.39 views

CVE-2018-25294 CEWE Photoshow 6.3.4 Buffer Overflow Denial of Service

CEWE Photoshow 6.3.4 contains a buffer overflow vulnerability in the login dialog that allows attackers to crash the application by submitting oversized input. Attackers can inject 4000 bytes of data into the email address and password fields to trigger a denial of service condition...

8.7CVSS0.00387EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/05 8:45 p.m.2 views

CVE-2019-25665

River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can paste 300 bytes of data into the Email textbox and Activation code textarea via the Help menu's...

6.9CVSS6.2AI score0.00191EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/05 8:45 p.m.5 views

CVE-2019-25665 River Past Ringtone Converter 2.7.6.1601 Buffer Overflow DoS

River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can paste 300 bytes of data into the Email textbox and Activation code textarea via the Help menu's...

6.9CVSS6.2AI score0.00191EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/05 8:45 p.m.22 views

CVE-2019-25665 River Past Ringtone Converter 2.7.6.1601 Buffer Overflow DoS

River Past Ringtone Converter 2.7.6.1601 contains a local buffer overflow vulnerability that allows attackers to crash the application by supplying oversized input to activation fields. Attackers can paste 300 bytes of data into the Email textbox and Activation code textarea via the Help menu's...

6.9CVSS0.00191EPSS
Exploits1References3
CVE
CVE
added 2026/04/02 2:43 p.m.13 views

CVE-2026-32629

Summary: CVE-2026-32629 affects phpMyFAQ prior to 4.1.1, where an unauthenticated attacker can submit a guest FAQ with a syntactically valid but HTML-containing email address. PHP’s FILTER_VALIDATE_EMAIL accepts the quoted-local-part email, stores it without HTML sanitization, and later renders i...

6.4CVSS5.8AI score0.00262EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/03/26 3:30 p.m.6 views

EUVD-2019-20037

River Past Audio Converter 7.7.16 contains a local buffer overflow vulnerability in the activation code field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a large payload of repeated characters into the 'E-Mail and Activation Cod...

6.8CVSS6.1AI score0.00113EPSS
Exploits0References3
CVE
CVE
added 2026/03/26 11:39 a.m.7 views

CVE-2018-25203

CVE-2018-25203 affects Online Store System CMS 1.0. The vulnerability is an SQL injection in the email field of index.php when action=clientaccess is supplied, allowing unauthenticated attackers to influence database queries and extract sensitive information via boolean-based blind or time-based ...

8.8CVSS6AI score0.00334EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/21 12:47 p.m.2 views

CVE-2019-25572 NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash...

6.9CVSS6AI score0.00157EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/03/21 12:47 p.m.29 views

CVE-2019-25572 NordVPN 6.19.6 Denial of Service via Email Field Buffer Overflow

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash...

6.9CVSS0.00157EPSS
Exploits1References4
Rows per page
Query Builder