CVE-2026-48846

In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var value in an e-mail message, which may lead to information disclosure or access-control bypass...

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example ""@evil.com. PHP's FILTERVALIDATEEMAIL accepts this email...

CVE-2026-35542

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email containing a malicious background attribute within a BODY element. This vulnerability may lead to unauthorized information disclosure or an access-control...

EUVD-2026-18502

Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users...

CVE-2026-32497 WordPress User Verification plugin <= 2.0.45 - Email Verification Bypass vulnerability

Weak Authentication vulnerability in PickPlugins User Verification user-verification allows Authentication Abuse.This issue affects User Verification: from n/a through = 2.0.45...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function in the Express Checkout feature. An attacker can bypass the login procedure via email. Note: Versions 9.4.3.1 through 9.4.3.3, which used the build numbering scheme prior to 2025, are also...

EUVD-2018-13767

Malware in sbrugna...

EUVD-2024-32494

Malicious code in bioql PyPI...

CVE-2024-3927

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an...

CVE-2022-39263

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

CVE-2020-13265

User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification...

CVE-2019-15723

An issue was discovered in GitLab Community and Enterprise Edition 11.9.x and 11.10.x before 11.10.1. Merge requests created by email could be used to bypass push rules in certain situations...

Phishing Attack Uses Blob URIs to Show Fake Login Pages in Your Browser

Cofense Intelligence reveals a novel phishing technique using blob URIs to create local fake login pages, bypassing email…...

Apache StreamPipes Security Bypass Vulnerability

Apache StreamPipes is a self-service industrial IoT toolkit from the Apache USA Foundation that enables non-technical users to connect, analyze and explore IIoT data streams. Apache StreamPipes suffers from a security bypass vulnerability that can be exploited by an attacker to create multiple...

CVE-2024-3927

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an...

CVE-2024-3927

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an...

CVE-2024-3927

CVE-2024-3927 affects the WordPress plugin “Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows)”. The vulnerability is a form submission admin email bypass where unauthenticated attackers can bypass admin-email restrictions by submitting a conta...

CVE-2024-3927 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an...

CVE-2024-3927 Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) <= 5.6.3 - Form Submission Admin Email Bypass

The Element Pack Elementor Addons Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows plugin for WordPress is vulnerable to Form Submission Admin Email Bypass in all versions up to, and including, 5.6.3. This is due to the plugin not properly checking for all variations of an...

Element Pack Elementor Addons < 5.6.4 - Form Submission Admin Email Bypass

Description The plugin is vulnerable to Form Submission Admin Email Bypass due to the plugin not properly checking for all variations of an administrators emails. This makes it possible for unauthenticated attackers to bypass the restriction using a +value when submitting the contact form...