Lucene search
K

28 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.9 views

CVE-2026-10597

OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...

6.9CVSS5.5AI score0.00244EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/20 1:2 p.m.23 views

CVE-2026-31381 Gainsight Assist plugin information disclosure

An attacker can extract user email addresses PII exposed in base64 encoding via the state parameter in the OAuth callback URL...

5.3CVSS0.00303EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/27 10:14 p.m.5 views

EUVD-2026-9093

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 5.73.11 and 6.4.0, user email addresses were included in responses from the user fieldtype’s data endpoint for control panel users who did not have the "view users" permission. This has been fixed in 5.73.11 a...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 9:30 a.m.13 views

EUVD-2025-203061

The Guest Support plugin for WordPress is vulnerable to User Email Disclosure in versions up to, and including, 1.2.3. This is due to the plugin exposing a public AJAX endpoint that allows anyone to search for and retrieve user email addresses without any authentication or capability checks. This...

5.3CVSS5.6AI score0.00294EPSS
Exploits0References5
OSV
OSV
added 2025/10/27 9:30 p.m.2 views

GHSA-CW79-FQ4F-9R96 Liferay Portal Vulnerable to Information Exposure Through a Log File Vulnerability in LDAP Import Feature

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users t...

4.6CVSS6.5AI score0.00202EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2005-3337

Malware in sbrugna...

5CVSS6.1AI score0.0141EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-34087

Malicious code in bioql PyPI...

6.3CVSS6.3AI score0.11659EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-31508

Malicious code in bioql PyPI...

5.3CVSS5.7AI score0.01117EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-9395

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00974EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-3402

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.01113EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/09/26 12:0 a.m.5 views

PT-2025-39658

Name of the Vulnerable Software and Affected Versions Flag Forge versions 2.0.0 through 2.3.0 Description Flag Forge, a Capture The Flag CTF platform, has an issue where the public API endpoint /api/user/username returns user email addresses in its JSON response. This exposes sensitive user...

6.9CVSS5.9AI score0.00389EPSS
Exploits0References13
NVD
NVD
added 2025/08/19 9:15 a.m.7 views

CVE-2025-41685

A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address...

6.5CVSS0.00335EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:32 a.m.15 views

CVE-2023-5561

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

5.3CVSS5.1AI score0.03862EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:26 p.m.5 views

CVE-2022-0287

The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog...

4.3CVSS6.6AI score0.00752EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:36 p.m.5 views

CVE-2021-34683

An issue was discovered in EXCELLENT INFOTEK CORPORATION EIC E-document System 3.0. A remote attacker can use kw/auth/bbs/asp/getuseremailinfobbs.asp to obtain the contact information name and e-mail address of everyone in the entire organization. This information can allow remote attackers to...

5.3CVSS6.8AI score0.01082EPSS
Exploits0References1
NVD
NVD
added 2025/03/01 12:15 p.m.9 views

CVE-2025-1404

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayssccpreportsusersearch function in all versions up to, and including, 4.4.7. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00369EPSS
Exploits0References5
CVE
CVE
added 2025/03/01 11:22 a.m.76 views

CVE-2025-1404

CVE-2025-1404 affects the WordPress plugin Secure Copy Content Protection and Content Locking . The vulnerability is due to a missing capability check in the function ays_sccp_reports_user_search() and affects all versions up to 4.4.7. This allows unauthenticated attackers to retrieve a list of r...

5.3CVSS6.9AI score0.00369EPSS
Exploits0References5
Hacker One
Hacker One
added 2025/02/20 4:14 p.m.1824 views

WakaTime: User Email Disclosure via ID-Based Invitation

The issue occurs when inviting a user by their WakaTime ID. If a user has set their email to private, their email address was disclosed when they were invited using their ID. This contradicted the privacy settings and led to unintended email exposure...

7AI score
Exploits0
Cvelist
Cvelist
added 2025/01/02 4:8 p.m.17 views

CVE-2024-11717

Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to...

6.3CVSS0.0064EPSS
Exploits0References5
OSV
OSV
added 2024/03/18 4:15 p.m.1 views

UBUNTU-CVE-2024-27937

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13...

6.5CVSS5.7AI score0.26937EPSS
Exploits1References5
Rows per page
Query Builder