10 matches found
EUVD-2012-0826
Malware in sbrugna...
EUVD-2021-9397
Malicious code in bioql PyPI...
CVE-2024-46242
An issue in the validateemail function in CTFd/utils/validators/init.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service ReDoS via supplying a crafted string as e-mail address during registration...
CVE-2024-5552
kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service ReDoS attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes th...
CVE-2024-46242
An issue in the validateemail function in CTFd/utils/validators/init.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service ReDoS via supplying a crafted string as e-mail address during registration...
CVE-2024-21632 omniauth-microsoft_graph vulnerable to account takeover (nOAuth)
omniauth-microsoftgraph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the email attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases...
PT-2023-6404 · Nextcloud +1 · Nextcloud Calendar +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Calendar app versions prior to 4.4.4 Description: The issue is related to missing precondition checks in the Nextcloud calendar app, which causes the server to attempt validation of strings of any length as email addresses. This can...
PT-2022-11329 · Unknown · Scniro-Validator
Name of the Vulnerable Software and Affected Versions: scniro-validator version 1.0.1 Description: A Regular Expression Denial of Service ReDOS issue was found in the validation of crafted invalid emails. Recommendations: For scniro-validator version 1.0.1, consider updating to a newer version th...
PT-2022-11321 · Unknown · Validate-Data
Name of the Vulnerable Software and Affected Versions: validate-data version 0.1.1 Description: A Regular Expression Denial of Service ReDOS issue was found in the validation of crafted invalid emails. This occurs when the software attempts to validate specially crafted email addresses, leading t...
Email address is not validated when updating user profile
On the view profile page /secure/ViewProfile.jspa it's possible to update your user profile /secure/EditProfile!default.jspa?username=admin to an invalid email address. See attached screenshots. !Screen Shot 2017-09-28 at 2.49.48 PM.png|thumbnail! !Screen Shot 2017-09-28 at 2.49.58...