25 matches found
User Impersonation
Overview symfony/security-http is a provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. Affected versions of this package are vulnerable to User...
CVE-2026-40872
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...
EUVD-2007-6142
Malware in sbrugna...
EUVD-2017-5646
Malware in sbrugna...
EUVD-2007-6483
Malware in sbrugna...
CVE-2023-41523
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php...
CVE-2023-41523
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php...
CVE-2023-41523
The CVE-2023-41523 entry maps to the Student Attendance Management System v1, which contains a SQL injection in the createClassTeacher.php endpoint that reads the emailAddress parameter. The vulnerability is described as an injection flaw that can affect the application’s database queries; CVSSv3...
PT-2025-32291 · Unknown · Attendance Management System
Name of the Vulnerable Software and Affected Versions: Student Attendance Management System version 1 Description: The Student Attendance Management System is susceptible to a SQL injection issue through the emailAddress parameter at the createClassTeacher.php endpoint. Recommendations: As a...
CVE-2023-41523
Student Attendance Management System v1 was discovered to contain a SQL injection vulnerability via the emailAddress parameter at createClassTeacher.php...
Insightly: Email verification bypass via request to endpoint "accounts.insightly.com/signup/provisionuser"
The vulnerability allowed bypassing email verification when creating a new Insightly account. The vulnerability existed in the "EmailAddress" parameter of the member creation endpoint. By modifying the parameter, an attacker could create a new account using any email address, including those of...
CVE-2024-6869
CVE-2024-6869 : Falang multilanguage for WordPress is vulnerable up to version 1.3.52 due to missing capability checks, enabling authenticated attackers with Subscriber+ access to update/delete translations and expose the admin email. Wordfence/Red Hat notes indicate a patch is available; remedia...
Unescaped control characters in Gitblit
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext '[email protected]\n\trole = "admin"' value...
Privilege escalation
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'email protected\n\trole = "admin"' value...
Flarum Core Leaks PII
In Flarum Core 0.1.0-beta.7.1, a serious leak can get everyone's email address...
CVE-2022-26990
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability allows attackers...
Command injection
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability allows attackers...
CVE-2022-26990
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability allows attackers...
Regular Expression Denial of Service in jshamcrest
The jshamcrest package is affected by a regular expression denial of service vulnerability when certain types of user input are passed in to the emailAddress validator. Proof of concept js var js = require'jshamcrest' var emailAddress = new js.JsHamcrest.Matchers.emailAddress; var genstr = functi...
CVE-2016-10521
jshamcrest is vulnerable to regular expression denial of service ReDoS when certain types of user input is passed in to the emailAddress validator...