Lucene search
K

26 matches found

Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.13 views

PT-2026-46130

OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...

6.9CVSS5.8AI score0.00244EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2014-8415

Malware in sbrugna...

3.5CVSS6.1AI score0.0118EPSS
Exploits0References7
Prion
Prion
added 2024/01/26 2:15 a.m.19 views

Design/Logic Flaw

An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled...

5CVSS6.5AI score0.04392EPSS
Exploits3References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/01/25 12:0 a.m.35 views

GitLab 0 < 16.6.6 / 16.7 < 16.7.4 / 16.8 < 16.8.1 (CVE-2023-5612)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the...

5.3CVSS6.3AI score0.04392EPSS
Exploits3References8
CNNVD
CNNVD
added 2023/12/15 12:0 a.m.4 views

XWiki Platform Information Disclosure Vulnerability

XWiki Platform is the XWiki Foundation's suite of Wiki platforms for creating Web collaboration applications. An information disclosure vulnerability exists in XWiki Platform, which stems from a Solr-based search in XWiki disclosing a user's e-mail address even if e-mail address obfuscation is...

5.3CVSS6.3AI score0.59119EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/07/11 7:58 a.m.31 views

CVE-2023-1936 Exposure of Private Personal Information to an Unauthorized Actor in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to leak the email address of a user who created a service desk issue...

3.5CVSS4.8AI score0.00576EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/02 6:29 p.m.24 views

CVE-2023-26051 Saleor is vulnerable to staff-authenticated error message information disclosure vulnerability via Python exceptions

Saleor is a headless, GraphQL commerce platform delivering personalized shopping experiences. Some internal Python exceptions are not handled properly and thus are returned in API as error messages. Some messages might contain sensitive information like user email address in staff-authenticated...

6.5CVSS6.5AI score0.00817EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.3 views

SonicWall Email 安全漏洞

SonicWALL Email Security Appliance is an email security appliance from SonicWALL USA. A security vulnerability exists in SonicWall Email. A remote attacker could exploit the vulnerability to access an error page containing sensitive information about a user's email address...

5.3CVSS5.3AI score0.00717EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/02/14 9:20 a.m.16 views

CVE-2021-25110 Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure

The Futurio Extra WordPress plugin before 1.6.3 allows any logged in user, such as subscriber, to extract any other user's email address...

5AI score0.00883EPSS
Exploits2References1
Patchstack
Patchstack
added 2022/01/14 12:0 a.m.27 views

WordPress Futurio Extra plugin <= 1.6.2 - User Email Address Leakage vulnerability

User Email Address Leakage vulnerability discovered by Krzysztof Zając in WordPress Futurio Extra plugin versions = 1.6.2. Solution Update the WordPress Futurio Extra plugin to the latest available version at least 1.6.3...

4.3CVSS2.7AI score0.00883EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/01/14 12:0 a.m.17 views

Futurio Extra < 1.6.3 - Subscriber+ User Email Address Disclosure

The plugin allows any logged in user, such as subscriber, to extract any other user's email address. PoC fetch"http://127.0.0.1:8001/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded" , "body": new URLSearchParams"action": "dilazmbqueryselect", "q": "@gma",...

4.3CVSS0.8AI score0.00883EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2021/11/23 7:16 p.m.36 views

CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR

Insecure Direct Object Reference in edit function of Advanced Forms Free & Pro before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administrator account. To exploit this...

8.7AI score0.01798EPSS
Exploits1References2
CVE
CVE
added 2021/08/03 6:12 p.m.69 views

CVE-2021-33321

CVE-2021-33321 affects Liferay Portal 6.2.3–7.3.2 and Liferay DXP before 7.3. The root cause is an insecure default configuration where the portal.property login.secure.forgot.password should be defaulted to true, enabling remote attackers to enumerate user email addresses via the forgot-password...

7.5CVSS7.6AI score0.01422EPSS
Exploits0References2Affected Software2
Cvelist
Cvelist
added 2020/08/17 6:0 p.m.17 views

CVE-2020-3472 Cisco Webex Meetings User Email Address Information Disclosure Vulnerability

A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information. The vulnerability is due to improper access restrictions on users who are added within user contacts. An attacker on one...

5CVSS5AI score0.01133EPSS
Exploits0References1
NVD
NVD
added 2020/01/03 8:15 p.m.14 views

CVE-2014-5516

Cross-site request forgery CSRF vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request...

6.5CVSS6.8AI score0.01302EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/01/03 7:57 p.m.25 views

CVE-2014-5516

Cross-site request forgery CSRF vulnerability in the Storefront Application in DS Data Systems KonaKart before 7.3.0.0 allows remote attackers to hijack the authentication of administrators for requests that change a user email address via an unspecified GET request...

6.8AI score0.01302EPSS
Exploits1References3
CVE
CVE
added 2020/01/03 7:57 p.m.158 views

CVE-2014-5516

KonaKart Storefront Application (DS Data Systems) prior to 7.3.0.0 is vulnerable to CSRF protection bypass that allows an attacker to hijack an administrator’s session by issuing a manipulated GET request to change a user email address. The issue is documented in CVE-2014-5516, with a remediation...

6.5CVSS6.7AI score0.01302EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2014/10/31 3:55 p.m.23 views

CVE-2014-3475

Cross-site scripting XSS vulnerability in the Users panel admin/users/ in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than...

3.5CVSS5.3AI score0.01235EPSS
Exploits0References4
OSV
OSV
added 2014/10/31 3:55 p.m.8 views

CVE-2014-8578

Cross-site scripting XSS vulnerability in the Groups panel in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475...

5.3AI score
Exploits0References5
Prion
Prion
added 2014/10/31 3:55 p.m.24 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Groups panel in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475...

3.5CVSS5.9AI score0.01235EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder