Lucene search
K

364 matches found

GithubExploit
GithubExploit
added 2026/04/23 9:0 a.m.168 views

tecno_xss_hotfix

tecnoxsshotfix Security hotfix module for PrestaShop — patc...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/21 5:16 p.m.9 views

CVE-2026-40590

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already...

4.3CVSS0.00214EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/21 4:52 p.m.4 views

CVE-2026-40590 FreeScout's Customer AJAX Create Modifies Hidden Existing Customer

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/21 4:52 p.m.9 views

EUVD-2026-24185

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.214, the Change Customer modal exposes a “Create a new customer” flow via POST /customers/ajax with action=create. Under limited visibility, the endpoint drops unique-email validation. If the supplied email already...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References3
CVE
CVE
added 2026/04/21 4:52 p.m.14 views

CVE-2026-40590

FreeScout prior to 1.8.214 exposes a Change Customer flow (POST /customers/ajax, action=create) in the Change Customer modal. The endpoint skips unique-email validation under limited visibility, and if the provided email matches a hidden existing customer, Customer::create() reuses that hidden cu...

4.3CVSS5.8AI score0.00214EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 8:18 p.m.2 views

GHSA-H9CX-XJG6-5V2W Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering

Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/04/10 8:18 p.m.5 views

Flux notification-controller GCR Receiver missing email validation allows unauthorized reconciliation triggering

Impact The gcr Receiver type in Flux notification-controller does not validate the email claim of Google OIDC tokens used for Pub/Sub push authentication. This allows any valid Google-issued token, to authenticate against the Receiver webhook endpoint, triggering unauthorized Flux reconciliations...

3.1CVSS5.8AI score0.00127EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/06 11:24 p.m.5 views

SUSE CVE-2026-34389

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS5.9AI score0.00184EPSS
Exploits0References3
NVD
NVD
added 2026/04/02 3:16 p.m.6 views

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example "alert1"@evil.com. PHP's FILTERVALIDATEEMAIL accepts this...

6.4CVSS0.00262EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/04/02 12:0 a.m.8 views

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual FAQ system developed by Thorsten Rinne. It is entirely database-driven. Versions of phpMyFAQ prior to 4.1.1 contained security vulnerabilities, which were due to insufficient email address validation and cleanup measures. These vulnerabilities could lead to cross-site...

6.4CVSS5.6AI score0.00262EPSS
Exploits1References2
OSV
OSV
added 2026/03/31 10:48 p.m.3 views

GHSA-98GW-W575-H2PH phpMyFAQ is Vulnerable to Stored XSS via Unsanitized Email Field in Admin FAQ Editor

Summary An unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example "alert1"@evil.com. PHP's FILTERVALIDATEEMAIL accepts this email as valid. The email is stored in the database without HTM...

6.4CVSS5.9AI score0.00262EPSS
Exploits1References4
EUVD
EUVD
added 2026/03/30 7:29 p.m.3 views

EUVD-2026-16797

Fleet's user account creation via invite does not enforce invited email address...

7.1CVSS5.8AI score0.00184EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/03/30 7:29 p.m.7 views

Fleet's user account creation via invite does not enforce invited email address

Summary Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token could create an account under an arbitrary email address whi...

7.1CVSS6AI score0.00184EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/30 7:29 p.m.2 views

GHSA-4F9R-X588-PP2H Fleet's user account creation via invite does not enforce invited email address

Summary Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token could create an account under an arbitrary email address whi...

7.1CVSS6AI score0.00184EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/03/28 11:9 p.m.4 views

CVE-2026-34389

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS6AI score0.00184EPSS
Exploits0References1
NVD
NVD
added 2026/03/27 8:16 p.m.8 views

CVE-2026-34389

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/27 7:18 p.m.1 views

CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS6AI score0.00184EPSS
Exploits0References1
CVE
CVE
added 2026/03/27 7:18 p.m.17 views

CVE-2026-34389

CVE-2026-34389 affects Fleet open-source device management. Before 4.81.0, the user invitation flow did not validate the invitee’s email during invite acceptance against the email tied to the invite token. An attacker with a valid invite token could create an account under an arbitrary email whil...

7.1CVSS6AI score0.00184EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/27 7:18 p.m.2 views

CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS6AI score0.00184EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/27 7:18 p.m.20 views

CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address

Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...

7.1CVSS0.00184EPSS
Exploits0References1
Rows per page
Query Builder