63 matches found
CVE-2026-25222
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...
CVE-2026-25222
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...
Improper Input Validation
mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of email ownership verification during profile updates, which allows an attacker to register an unauthorized email address and potentially cause information disclosure by redirecting notifications...
EUVD-2009-4434
Malware in sbrugna...
EUVD-2024-37251
Malicious code in bioql PyPI...
EUVD-2025-5658
Malicious code in bioql PyPI...
EUVD-2025-23863
Malicious code in bioql PyPI...
EUVD-2025-32303
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password...
CVE-2025-59943 phpMyFAQ duplicate email registration allows multiple accounts with the same email
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password...
org.keycloak/keycloak-services: Keycloak SMTP Inject Vulnerability
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters limited local part of the email, so the attack is limited to very shorts emails subject...
CRLF Injection
Keycloak-services is vulnerable to CRLF Injection. The vulnerability is due to improper input validation due to special characters in email registration being improperly handled, allowing attackers to inject SMTP commands and send unsolicited emails...
Keycloak <= 26.3.2 SMTP Inject (GHSA-qj5r-2r5p-phc7)
The version of Keycloak installed on the remote host is prior or equal to 26.3.2. It is, therefore, affected by SMTP inject vulnerability as reference in GHSA-qj5r-2r5p-phc7 advisory. - A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform...
GHSA-QJ5R-2R5P-PHC7 Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP...
CRLF Injection
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to CRLF Injection during the e-mail registration. An attacker can cause the system to send unsolicited emails...
CRLF Injection
Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to CRLF Injection during the e-mail registration. An attacker can cause the system to send unsolicited...
Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP...
CVE-2025-8419
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters limited local part of the email, so the attack is limited to very shorts emails subject...
CVE-2025-8419 Org.keycloak/keycloak-services: keycloak smtp inject vulnerability
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters limited local part of the email, so the attack is limited to very shorts emails subject...
CVE-2025-8419
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters limited local part of the email, so the attack is limited to very shorts emails subject...
Keycloak 注入漏洞
Keycloak is an open source identity and access management solution from Keycloak Open Source. Keycloak suffers from an injection vulnerability that stems from the fact that the use of special characters during the email registration process could lead to SMTP injection, sending unsolicited short...