CVE-2025-55155

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing...

EUVD-2020-0337

Malware in sbrugna...

CVE-2024-1739

lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the cas...

Discourse < 3.3.2 Multiple Vulnerabilities

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

Fedora 40 : python3-docs / python3.12 (2024-1d0cb3b43f)

The remote Fedora 40 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2024-1d0cb3b43f advisory. This is the sixth maintenance release of Python 3.12 ==================================================== Python 3.12 is the newest major release of...

Authentication Bypass

hail is is vulnerable to Authentication Bypass. The vulnerability is due to improper validation while handling OpenID Connect OIDC email addresses. This lack of verification of the user's email domain allows an attacker to manipulate their email address to match an organization's domain with...

CVE-2022-37010

CVE-2022-37010 affects JetBrains IntelliJ IDEA prior to 2022.2, due to missing email address validation in the "Git User Name Is Not Defined" dialog. Root cause: absence of validation in that dialog as described in multiple sources (NVD/Red Hat/CVE records, PT-2022-23755). Reported impact is low ...

Code injection

Mattermost 6.0 and earlier fails to sufficiently validate the email address during registration, which allows attackers to trick users into signing up using attacker-controlled email addresses via crafted invitation token...

UBUNTU-CVE-2021-22251

Improper validation of invited users' email address in GitLab EE affecting all versions since 12.2 allowed projects to add members with email address domain that should be blocked by group settings...

Ubuntu 16.04 LTS / 18.04 LTS : netqmail vulnerabilities (USN-4621-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4621-1 advisory. It was discovered that netqmail did not properly handle certain input. Both remote and local attackers could use this vulnerability to cause...

Radancy: [mijn.werkenbijdefensie.nl] Denial of service occurs due to lack of email length confirmation

Creating an account on https://mijn.werkenbijdefensie.nl/profielaanmaken/ could be done with a very long emailaddress. A max email address length validation check has been implemented as per RFC the maximum length allowed for an email address is 255 characters. However, we don't validate email...

Input validation

An issue was discovered in Sales & Company Management System SCMS through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address...

CVE-2018-6879

The CVE-2018-6879 entry concerns PHP Scripts Mall Website Seller Script 2.0.3 where client-side validation is used to enforce email format. The vulnerability arises because the validation can be bypassed by removing the client-side validation code, enabling a remote attacker to modify a registere...

PHPMailer Mail From Remote Code Execution (CVE-2016-10033; CVE-2016-10045)

A remote code execution vulnerability exists in PHPMailer. The vulnerability is due to lack of email address validation. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

C2FO: User guessing/enumeration at https://app.c2fo.com/api/password-reset

Hi there, I noticed a small information leak which allows an attacker to check whether an email address is associated with an account. Steps to reproduce: 1. Send a POST-Request to the url https://app.c2fo.com/api/password-reset as the following example shows: POST /api/password-reset HTTP/1.1...

CVE-2012-0795

Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address...

JVN#40382909: Microsoft Outlook read receipt function vulnerability

Microsoft Outlook contains a vulnerability in the read receipt function. A read receipt may be sent unintentionally, notifying the sender that the email was received. Impact A spam distributor may use this information to determine whether an email address is valid or not. Solution Upgrade the...

[SECURITY] Fedora 12 Update: php-pear-Mail-1.1.14-5.fc12

PEAR's Mail package defines an interface for implementing mailers under the PEAR hierarchy. It also provides supporting functions useful to multiple mailer backends. Currently supported backends include: PHP's native mail function, sendmail, and SMTP. This package also provides a RFC822 email...