Lucene search
K

49779 matches found

Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-56032

Name of the Vulnerable Software and Affected Versions FOSSBilling versions prior to 0.8.0 Description The PayPalEmail payment adapter fails to validate the amount supplied via PayPal IPN Instant Payment Notification callbacks, specifically the mc gross variable, against the actual invoice total...

2.3CVSS5.9AI score0.00274EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56066

Name of the Vulnerable Software and Affected Versions Coder versions prior to 2.34.2 Coder versions prior to 2.33.8 Coder versions prior to 2.32.7 Coder versions prior to 2.29.17 Description An issue exists in the OIDC callback where the email verified claim is checked using a direct Go bool type...

7.4CVSS5.9AI score0.00479EPSS
Exploits0References13
NVD
NVD
added 5 days ago10 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS0.00196EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 5 days ago9 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References3
CVE
CVE
added 5 days ago17 views

CVE-2026-14781

A flaw in Keycloak’s OIDC broker (org.keycloak.broker.oidc) causes incorrect synchronization of the email_verified claim. When trustEmail=true and the userinfo endpoint is enabled, Keycloak uses email from userinfo but takes email_verified from the id_token without validating that it corresponds ...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-41732

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 5 days ago12 views

CVE-2026-14781

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References3
Cvelist
Cvelist
added 5 days ago32 views

CVE-2026-14781 Keycloak-services: keycloak-services: oidc email_verified claim incorrectly applied to userinfo email

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS0.00196EPSS
Exploits0References2
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-41719

A security vulnerability has been detected in code-projects Internship Management System 1.0. The impacted element is an unknown function of the file employer/login.php of the component Employer Login Endpoint. The manipulation of the argument email/password leads to sql injection. Remote...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-14688

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...

7.5CVSS6.9AI score0.00281EPSS
Exploits0References6Affected Software1
EUVD
EUVD
added 5 days ago10 views

EUVD-2026-41710

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...

7.5CVSS6.9AI score0.00281EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-14688 itsourcecode Online Hotel Management System login.php sql injection

A vulnerability was identified in itsourcecode Online Hotel Management System 1.0. The affected element is an unknown function of the file /admin/login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...

7.5CVSS0.00281EPSS
Exploits0References6
CVE
CVE
added 5 days ago17 views

CVE-2026-14688

CVE-2026-14688 affects itsourcecode Online Hotel Management System 1.0. The vulnerability is SQL injection in an unknown function of /admin/login.php triggered by manipulating the email parameter. Exploitation can be remote and publicly available proofs-of-concept exist. Impact metrics indicate l...

7.5CVSS6.9AI score0.00281EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago12 views

PT-2026-55772

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw in the org.keycloak.broker.oidc package causes the OIDC broker to incorrectly synchronize the email verified claim. When an OIDC identity provider is configured with trustEmail=true a...

4.8CVSS6AI score0.00196EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 5 days ago13 views

PT-2026-55750

Name of the Vulnerable Software and Affected Versions itsourcecode Online Hotel Management System version 1.0 Description A remote SQL injection is possible via the manipulation of the email argument within an unknown function of the '/admin/login.php' endpoint. SQL injection is a technique where...

7.5CVSS7.1AI score0.00281EPSS
Exploits0References8
EUVD
EUVD
added 6 days ago8 views

EUVD-2026-41693

A vulnerability was detected in code-projects Online Voting System 1.0. Impacted is the function testinput of the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in sql injection. The attack can be initiated remotely...

7.5CVSS7AI score0.00269EPSS
Exploits0References6
CVE
CVE
added 6 days ago14 views

CVE-2026-14649

The CVE-2026-14649 entry concerns code-projects Online Voting System 1.0. The vulnerability is in the test_input function of /saveVote.php, where manipulating the arguments voterName, voterEmail, voterID, or selectedCandidate leads to SQL injection. The flaw is exploitable remotely over the netwo...

7.5CVSS7AI score0.00269EPSS
Exploits0References6
Snyk
Snyk
added 2026/07/03 10:19 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/03 10:19 p.m.7 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the email settings process. An attacker can modify another user's primary email address by sending crafted requests to the relevant endpoint. Remediation Upgrade...

7.5CVSS6AI score0.00345EPSS
Exploits0References2
NVD
NVD
added 2026/07/03 9:16 p.m.6 views

CVE-2026-27657

Gitea versions before 1.25.5 allow a user to change another user's primary email address...

7.5CVSS0.00345EPSS
Exploits0References4
Rows per page
Query Builder