PT-2026-23515

Name of the Vulnerable Software and Affected Versions hexpm versions prior to bb0e42091995945deef10556f58d046a52eb7884 Description A flaw exists in hexpm that allows for account takeover due to insufficient session expiration. Specifically, password reset tokens generated through the password res...

MiracleLinux 8 : thunderbird-115.9.0-1.el8_9.ML.1 (AXSA:2024-7670:08)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7670:08 advisory. nss: timing attack against RSA decryption CVE-2023-5388 Mozilla: Crash in NSS TLS method CVE-2024-0743 Mozilla: Leaking of encrypted email subjects ...

CVE-2018-19133

In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address...

EUVD-2018-4348

Malware in sbrugna...

EUVD-2003-1342

Malware in sbrugna...

EUVD-2024-35889

Malicious code in bioql PyPI...

EUVD-2022-4697

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-1936

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all...

Linux Distros Unpatched Vulnerability : CVE-2023-1210

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions...

CVE-2025-54125 XWiki Platform: Password and email exposure in xml.vm fields

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki Platform Legacy Old Core and XWiki Platform Old Core versions 1.1 through 16.4.6, 16.5.0-rc-1 through 16.10.4 and 17.0.0-rc-1 through 17.1.0, the XML export of a page in XWiki that can b...

TencentOS Server 3: thunderbird (TSSA-2024:0120)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0120 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2023-1936

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue...

CVE-2021-30998

A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's email address may be leaked when sending an S/MIME encrypted email using a certificate with more...

CVE-2024-36682

In the module "Theme settings" pkthemesettings = 1.8.8 from Promokit.eu for PrestaShop, a guest can download all email collected while SHOP is in maintenance mode. Due to a lack of permissions control, a guest can access the txt file which collect email when maintenance is enable which can lead t...

PT-2024-27126 · Prestashop +1 · Theme Settings +1

Name of the Vulnerable Software and Affected Versions: PrestaShop module "Theme settings" pk themesettings versions = 1.8.8 Description: The issue allows a guest to download a txt file containing collected email addresses when the shop is in maintenance mode, due to a lack of permissions control...

SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.

Impact A user enumeration attack is possible when SMTP is not setup correctly, but reset password is enabled Explanation of the vulnerability Two different error messages was shown, based on if the user exists or not when using the forgot password functionality, when the SMTP was configured but d...

CVE-2023-46138 JumpServer default admin user email leak password reset

JumpServer is an open source bastion host and maintenance security audit system that complies with 4A specifications. Prior to version 3.8.0, the default email for initial user admin is [email protected], and users reset their passwords by sending an email. Currently, the domain mycompany.com h...

UBUNTU-CVE-2023-1210

An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email...

CVE-2023-1210

An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email...

CVE-2023-1210 Generation of Error Message Containing Sensitive Information in GitLab

An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email...