CVE-2026-40590

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already...

CVE-2026-40590

FreeScout prior to 1.8.214 exposes a Change Customer flow (POST /customers/ajax, action=create) in the Change Customer modal. The endpoint skips unique-email validation under limited visibility, and if the provided email matches a hidden existing customer, Customer::create() reuses that hidden cu...

EUVD-2026-24185

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already...

CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

CVE-2026-26279

Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...

CVE-2026-26279 Froxlor Admin-to-Root Privilege Escalation via Input Validation Bypass + OS Command Injection

Froxlor is open source server administration software. Prior to 2.3.4, a typo in Froxlor's input validation code == instead of = completely disables email format checking for all settings fields declared as email type. This allows an authenticated admin to store arbitrary strings in the...

Zeroheight 安全漏洞

Zeroheight is a design system management platform from Zeroheight UK. A security vulnerability exists in versions of Zeroheight prior to 2025-06-13, which stems from a legacy user creation API that allows bypassing the email validation step to create an account, potentially leading to spam or fak...

EUVD-2020-23753

Malware in sbrugna...

EUVD-2024-46907

Malicious code in bioql PyPI...

CVE-2024-5755

In lunary-ai/lunary versions =v1.2.11, an attacker can bypass email validation by using a dot character '.' in the email address. This allows the creation of multiple accounts with essentially the same email address e.g., '[email protected]' and '[email protected]', leading to incorrect...

CVE-2020-36175

The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via the email field...

Mattermost Server 9.5.x < 9.5.12, 9.11.x < 9.11.4, 10.0.x < 10.0.2, 10.1.x < 10.1.2, 10.2.0 (MMSA-2024-00386)

The version of Mattermost Server installed on the remote host is prior to 9.5.12, 9.11.4, 10.0.2, 10.1.2 or 10.2.0. It is, therefore, affected by a vulnerability as referenced in the MMSA-2024-00386 advisory. - Mattermost versions 10.0.x = 10.0.1, 10.1.x = 10.1.1, 9.11.x = 9.11.3, 9.5.x = 9.5.11...

CVE-2024-5755

In lunary-ai/lunary versions =v1.2.11, an attacker can bypass email validation by using a dot character '.' in the email address. This allows the creation of multiple accounts with essentially the same email address e.g., '[email protected]' and '[email protected]', leading to incorrect...

CVE-2024-5755 Email Validation Bypass in lunary-ai/lunary

In lunary-ai/lunary versions =v1.2.11, an attacker can bypass email validation by using a dot character '.' in the email address. This allows the creation of multiple accounts with essentially the same email address e.g., '[email protected]' and '[email protected]', leading to incorrect...

CVE-2024-5755 Email Validation Bypass in lunary-ai/lunary

In lunary-ai/lunary versions =v1.2.11, an attacker can bypass email validation by using a dot character '.' in the email address. This allows the creation of multiple accounts with essentially the same email address e.g., '[email protected]' and '[email protected]', leading to incorrect...

PT-2024-37122 · Lunary Ai · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions =v1.2.11 Description: The issue allows an attacker to bypass email validation by using a dot character '.' in the email address, enabling the creation of multiple accounts with essentially the same email address. Thi...

WordPress Plugin WooCommerce-Social Login Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A security vulnerability exists in WordPress Plugin...

USN-4621-1 netqmail vulnerabilities

It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause netqmail to crash or execute arbitrary code. CVE-2005-1513, CVE-2005-1514, CVE-2005-1515 It was discovered that netqmail did not properly handle certain inp...

Unspecified Vulnerability in Mattermost Server (CNVD-2020-35452)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A security vulnerability exists in Mattermost Server versions prior to 3.5.1. An attacker can exploit this vulnerability to bypass email address validation...

h1-ctf: [h1-415 2020] h1ctf{y3s_1m_c0sm1c_n0w}

Summary: add summary of the vulnerability Account takeover was possible because of the email validation used - [email protected] could be registered, but when the the system created the recovery QR code the extra symbols would get stripped leaving us with a valid recovery QR code to log into...