PT-2026-45693

Name of the Vulnerable Software and Affected Versions Kirki versions 6.0.0 through 6.0.6 Description The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress contains a flaw allowing unauthenticated privilege escalation and account takeover. The issue occurs because th...

CVE-2026-5753

The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmveSchedulesController::save' handler for 'adminpostai1wmscheduleeventsave' not verifying user capabilities before saving...

SUSE CVE-2017-18908

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address...

CVE-2026-28681 IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links

Internet Routing Registry daemon version 4 is an IRR database server, processing IRR objects in the RPSL format. From version 4.4.0 to before version 4.4.5 and from version 4.5.0 to before version 4.5.1, an attacker can manipulate the HTTP Host header on a password reset or account creation...

EUVD-2022-3070

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-16587

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Open Ticket Request System OTRS 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system...

CVE-2017-18908

An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address...

CVE-2023-40260

EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA multi factor authentication requirement if the first factor username and password is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email addres...

Mozilla: Braille space character caused incorrect sender email to be shown for a digitally signed email

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird displays all spaces. This flaw allows an attacker to send an ema...

Mozilla: Braille space character caused incorrect sender email to be shown for a digitally signed email

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue of when displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird displays all spaces. This flaw allows an attacker to send an ema...

UBUNTU-CVE-2022-1834

When displaying the sender of an email, and the sender name contained the Braille Pattern Blank space character multiple times, Thunderbird would have displayed all the spaces. This could have been used by an attacker to send an email message with the attacker's digital signature, that was shown...

GHSA-34CX-HVM4-VX7J Mattermost Server password reset email requests can be sent to attacker-provided email addresses

An issue was discovered in Mattermost Server before 4.0.0, 3.10.1, and 3.9.1. A password reset request was sometimes sent to an attacker-provided e-mail address...

Mattermost Server password reset email requests can be sent to attacker-provided email addresses

An issue was discovered in Mattermost Server before 4.0.0, 3.10.1, and 3.9.1. A password reset request was sometimes sent to an attacker-provided e-mail address...

CVE-2021-23991

If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an email containing a crafted version of Alice's key with an invalid subkey, Thunderbird might...

Omise: Authenticity token doesnt expire after single use leading to CSRF

Summary Once you said that you ruby framework for making the authenticity-token which acts as a CSRF protection. You also send me this as to help me understand https://medium.com/rubyinside/a-deep-dive-into-csrf-protection-in-rails-19fa0a42c0ef . After finding i found that an authenticity-token c...

PT-2020-8454

Name of the Vulnerable Software and Affected Versions: Mattermost Server versions prior to 4.0.0 Mattermost Server version 3.10.2 Mattermost Server version 3.9.2 Description: An issue was discovered where a password-reset request could be sent to an attacker-provided e-mail address...

PT-2020-15300 · Cloudbees +1 · Jenkins Health Advisor By Cloudbees Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Health Advisor by CloudBees Plugin versions 3.0 and earlier Description: A missing permission check in the plugin allows attackers with Overall/Read permission to send a fixed email to an attacker-specific recipient. The form validati...