CVE-2026-5776

The Email Encoder WordPress plugin before 2.4.7 does not escape email addresses retrieved via user input, allowing unauthenticated attackers to perform Stored XSS attacks...

PT-2026-29423

Summary An unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example "alert1"@evil.com. PHP's FILTER VALIDATE EMAIL accepts this email as valid. The email is stored in the database without...

Wecodex Online Store System CMS SQL注入漏洞

Wecodex Online Store System CMS is a content management system for online stores developed by Wecodex. Version 1.0 of the Wecodex Online Store System CMS has a SQL injection vulnerability. This vulnerability stems from insufficient validation of email parameter inputs, which may lead to SQL...

EUVD-2019-19892

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash...

CVE-2019-25572

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash...

CVE-2019-25572

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash...

PT-2026-26917

NordVPN 6.19.6 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string in the email input field. Attackers can paste a buffer of 100,000 characters into the email field during login to trigger an application crash...

NordVPN 安全漏洞

NordVPN is a virtual private network service provided by the NordVPN company. Version 6.19.6 of NordVPN contains a security vulnerability. This vulnerability stems from a buffer overflow in the email input field, which could allow local attackers to cause the application to crash by submitting...

CVE-2026-4235 itsourcecode Online Enrollment System login.php sql injection

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

GHSA-GQX7-99JW-6FPR LibreNMS affected by reflected xss via email field

Summary reflected xss via email field Details 1. visit http://127.0.0.1/settings/alerting/email 2. in the email address input but this payload 3. notice the alert PoC - video attached with the report https://github.com/user-attachments/assets/c1b443f5-85c6-4545-b04f-def06d82b42e Impact can lead t...

Email Address Parsing Vulnerability

next-auth is vulnerable to email address parsing vulnerability. The vulnerability is due to an incorrect address parsing behavior in Nodemailer, which allows an attacker to craft a malicious email input that redirects authentication or verification emails to an attacker-controlled mailbox instead...

CVE-2021-47911

Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests...

PT-2026-1238

Name of the Vulnerable Software and Affected Versions code-projects Online Product Reservation System version 1.0 Description A security flaw exists in code-projects Online Product Reservation System version 1.0. The issue is located in the file app/user/login.php within the User Login component...

PHPGurukul Online Shopping Portal 安全漏洞

Online Shopping Portal is an online store system. Online Shopping Portal suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the email parameter of forgot-password.php. No details of the vulnerability are available at this time...

IPCop 安全漏洞

IPCop is a firewall software from IPCop Open Source. A security vulnerability exists in IPCop 2.1.9 and earlier versions that stems from the email configuration component not properly cleaning up user input, which could lead to remote code execution...

Curfew e-Pass Management System admin-profile.php file cross-site scripting vulnerability

Curfew e-Pass Management System is an electronic pass management system. Curfew e-Pass Management System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameter adminname or email in the file...

CVE-2025-12325

A vulnerability has been found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public...

IssabelPbx 跨站脚本漏洞

IssabelPbx is an open source Gui graphical user interface from the Issabel Foundation. It is used to control and manage Asterisk Pbx. A cross-site scripting vulnerability exists in IssabelPbx version 5.0.0, which stems from insufficient validation of user input for the email parameter in index.ph...

CVE-2025-10800 itsourcecode Online Discussion Forum index.php sql injection

A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password can lead to sql injection. The attack can be executed remotely. The exploit has been made available...

CVE-2025-41685

A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address...