Lucene search
K

469 matches found

Cvelist
Cvelist
added 2026/04/07 8:26 p.m.21 views

CVE-2026-27949 Plane Exposes User Email (PII and part of credential) in GET Parameter

Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling e.g., when an invalid magic code is submitted. Transmitting personally...

2CVSS0.00168EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/26 6:6 p.m.9 views

Missing Authorization

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Missing Authorization in the list.json.php endpoints of the Scheduler plugin, which lack authentication checks. An attacker can access sensitive information such a...

6.9CVSS5.8AI score0.00382EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.2 views

CVE-2026-4235

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/20 1:2 p.m.23 views

CVE-2026-31381 Gainsight Assist plugin information disclosure

An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...

5.3CVSS0.00303EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/03/19 10:16 p.m.4 views

WordPress Download Manager plugin <= 3.3.49 - Missing Authorization to Authenticated (Subscriber+) User Email Enumeration via 'user' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ User Email Enumeration via 'user' Parameter vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Download Manager versions = 3.3.49...

4.3CVSS5.8AI score0.00222EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12403

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/03/16 11:2 a.m.3 views

CVE-2026-4235 itsourcecode Online Enrollment System login.php sql injection

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/16 11:2 a.m.2 views

CVE-2026-4235

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

7.5CVSS5.7AI score0.00254EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/03/16 11:2 a.m.30 views

CVE-2026-4235 itsourcecode Online Enrollment System login.php sql injection

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This issue affects some unknown processing of the file /sms/login.php. This manipulation of the argument useremail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...

7.5CVSS0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/03/16 11:2 a.m.18 views

CVE-2026-4235

CVE-2026-4235 affects itsourcecode Online Enrollment System 1.0. The vulnerability is an SQL injection in /sms/login.php via the user_email parameter, exploitable remotely over the network (no authentication). The cited exploit is PROOF-OF-CONCEPT. Impact is described in metrics as CONFIDENTIALIT...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.3 views

PT-2026-25682

Name of the Vulnerable Software and Affected Versions itsourcecode Online Enrollment System version 1.0 Description A weakness exists in itsourcecode Online Enrollment System version 1.0 related to the processing of the /sms/login.php file. Manipulation of the user email argument can lead to SQL...

7.5CVSS7AI score0.00254EPSS
Exploits0References9
EUVD
EUVD
added 2026/03/12 6:30 p.m.4 views

EUVD-2019-19833

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the useremail parameter. Attackers can send POST requests to index.php with malicious payloads in the useremail field to...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References3
CVE
CVE
added 2026/03/12 3:37 p.m.10 views

CVE-2019-25542

CVE-2019-25542 affects Netartmedia Real Estate Portal 5.0. The vulnerability is an SQL injection in the user_email parameter of index.php, exploitable by unauthenticated attackers to manipulate database queries. The attack can bypass authentication and potentially extract sensitive data or modify...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/12 3:37 p.m.6 views

CVE-2019-25542

Netartmedia Real Estate Portal 5.0 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the useremail parameter. Attackers can send POST requests to index.php with malicious payloads in the useremail field to...

8.8CVSS5.9AI score0.0046EPSS
Exploits1References2Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/05 1:57 a.m.4 views

CVE-2026-1945

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpbusername' and 'wpbuseremail' parameters in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6AI score0.00318EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/04 6:0 a.m.381 views

CVE-2026-2025 Mail Mint < 1.19.5 - Unauthenticated Emails Disclosure

The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog...

0.01379EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/04 1:21 a.m.4 views

CVE-2026-1945 WPBookit <= 1.0.8 - Unauthenticated Stored Cross-Site Scripting via 'wpb_user_name' and 'wpb_user_email' Parameters

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpbusername' and 'wpbuseremail' parameters in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS6AI score0.00318EPSS
Exploits0References4
CVE
CVE
added 2026/03/04 1:21 a.m.14 views

CVE-2026-1945

The CVE-2026-1945 entry concerns the WPBookit WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability affects the plugin via the wpb_user_name and wpb_user_email parameters in all versions up to and including 1.0.8, caused by insufficient input sanitization and output escaping. Exploi...

7.2CVSS6AI score0.00318EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/03/04 12:0 a.m.4 views

PT-2026-22858

The WPBookit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpb user name' and 'wpb user email' parameters in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

7.2CVSS6AI score0.00318EPSS
Exploits0References5
NVD
NVD
added 2026/03/02 3:16 p.m.11 views

CVE-2025-58107

In Microsoft Exchange through 2019, Exchange ActiveSync EAS configurations on on-premises servers may transmit sensitive data from Samsung mobile devices in cleartext, including the user's name, e-mail address, device ID, bearer token, and base64-encoded password...

7.5CVSS0.00253EPSS
Exploits0References1
Rows per page
Query Builder