CVE-2026-34975 Plunk has a CRLF Email Header Injection in raw MIME message construction allows authenticated API user to inject arbitrary email headers

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment filenames were interpolated directly into raw MIME...

GHSA-PC73-RJ2C-WVF9 Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists

In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists...

EUVD-2025-201723

Incorrect access control in the /api/v1/user endpoint of usememos memos v0.25.2 allows unauthorized attackers to create arbitrary accounts via a crafted request...

EUVD-2018-11853

Malware in sbrugna...

EUVD-2020-5584

Malware in sbrugna...

EUVD-2019-13932

Malware in sbrugna...

EUVD-2021-19513

Malware in sbrugna...

EUVD-2022-5354

Malicious code in bioql PyPI...

EUVD-2023-40080

Malicious code in bioql PyPI...

EUVD-2025-3057

Malicious code in bioql PyPI...

EUVD-2022-5623

Malicious code in bioql PyPI...

EUVD-2025-14753

Malicious code in bioql PyPI...

EUVD-2023-59003

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-36191

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lacks an xsrf field, as demonstrated by a /hub/api/user request to add or remove a user...

CVE-2024-52965

A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user...

CVE-2024-52965

A missing critical step in authentication vulnerability CWE-304 in Fortinet FortiOS version 7.6.0 through 7.6.1, 7.4.0 through 7.4.5, 7.2.0 through 7.2.10, and before 7.0.16 & FortiProxy version 7.6.0 through 7.6.1, 7.4.0 through 7.4.8, 7.2.0 through 7.2.13 and before 7.0.20 allows an API-user...

PT-2025-28463 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.0.0 through 7.0.15 Fortinet FortiOS versions 7.2.0 through 7.2.10 Fortinet FortiOS versions 7.4.0 through 7.4.5 Fortinet FortiOS versions 7.6.0 through 7.6.1 FortiProxy versions 7.0.0 through 7.0.19 FortiProxy...

CVE-2023-47298

An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses...

CVE-2021-32739

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. From version 2.4.0 through version 2.12.4, a vulnerability exists that may allow privilege escalation for authenticated API users. With a...

CVE-2019-4325

"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."...