CVE-2026-44679

Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes ...

CVE-2026-25043

Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s password reset functionality due to the absence of rate limiting, CAPTCHA, or abuse prevention mechanisms on the “Forgot Password” endpoint. An unauthenticated attacker can...

CVE-2026-25043

Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s password reset functionality due to the absence of rate limiting, CAPTCHA, or abuse prevention mechanisms on the “Forgot Password” endpoint. An unauthenticated attacker can...

CVE-2026-25043

Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s password reset functionality due to the absence of rate limiting, CAPTCHA, or abuse prevention mechanisms on the “Forgot Password” endpoint. An unauthenticated attacker can...

PT-2026-30170

Budibase is an open-source low-code platform. Prior to version 3.23.25, a business logic vulnerability exists in Budibase’s password reset functionality due to the absence of rate limiting, CAPTCHA, or abuse prevention mechanisms on the “Forgot Password” endpoint. An unauthenticated attacker can...

CVE-2026-22182 wpDiscuz before 7.6.47 - Unauthenticated Email Notification Flood via wpdCheckNotificationType

wpDiscuz before 7.6.47 contains an unauthenticated denial of service vulnerability that allows anonymous users to trigger mass notification emails by exploiting the checkNotificationType function. Attackers can repeatedly call the wpdiscuz-ajax.php endpoint with arbitrary postId and commentid...

Spammers abuse Zendesk to flood inboxes with legitimate-looking emails, but why?

Short answer: we have no idea. People are actively complaining that their mailboxes and queues are being flooded by emails coming from the Zendesk instances of trusted companies like Discord, Riot Games, Dropbox, and many others. Zendesk is a customer service and support software platform that...

EUVD-2023-56031

Malicious code in bioql PyPI...

EUVD-2023-56055

Malicious code in bioql PyPI...

CVE-2023-51339

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Event Ticketing System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51334

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cinema Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51327

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51323

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51326

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51323

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Shared Asset Booking System v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51314

A lack of rate limiting in the 'Forgot Password', 'Email Settings' feature of PHPJabbers Restaurant Booking System v3.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

CVE-2023-51323

CVE-2023-51323 concerns PHPJabbers Shared Asset Booking System v1.0, where a missing rate-limit in the Forgot Password/Email flow can allow an attacker to trigger a flood of email messages for a legitimate user, potentially causing a DoS. The issue is described in public writeups (e.g., PacketSto...

CVE-2024-9199

Rate limit vulnerability in Clibo Manager v1.1.9.2 that could allow an attacker to send a large number of emails to the victim in a short time, affecting availability and leading to a denial of service DoS...

Clibo Manager 安全漏洞

Clibo Manager is a management platform from Clibo Manager, Inc. providing sports clubs with the ability to manage subscriptions and ticket sales, as well as direct contact with subscribers, events, sales statistics, and more. A security vulnerability exists in Clibo Manager version v1.1.9.2. An...

Denial Of Service (DoS)

rdiffweb is vulnerable to denial of service. The vulnerability exists because the rate limit on email triggering is not properly validated, allowing an attacker to send an email flood, resulting in an application crash...