Lucene search
K

1571 matches found

EUVD
EUVD
added yesterday8 views

EUVD-2026-41732

A flaw exists in the org.keycloak.broker.oidc package where the OIDC broker incorrectly synchronizes the emailverified claim. When an OIDC identity provider is configured with trustEmail=true and the userinfo endpoint is enabled, Keycloak retrieves the email address from the userinfo response but...

4.8CVSS6.1AI score0.00196EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/29 10:17 a.m.5 views

gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison

A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of nameConstraints labels, specifically for dNSName DNS or rfc822Name email constraints within excludedSubtrees or permittedSubtrees. A remote attacker can exploit this by crafting a leaf...

7.4CVSS5.8AI score0.00566EPSS
Exploits1References5
NVD
NVD
added 2026/06/25 3:16 p.m.7 views

CVE-2026-13225

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 2:26 p.m.34 views

CVE-2026-13225 Stored XSS in ticket confirmation page

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order...

5.3CVSS0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 9:31 a.m.5 views

EUVD-2026-39187

The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks...

8.8CVSS5.8AI score0.00301EPSS
Exploits0References2
NVD
NVD
added 2026/06/25 7:16 a.m.9 views

CVE-2026-5305

The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks...

8.8CVSS0.00301EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 6:0 a.m.31 views

CVE-2026-5305 Email Address Encoder (Free < 1.0.25, Premium < 0.3.12) - Unauthenticated Stored XSS

The Email Address Encoder WordPress plugin before 1.0.25, email-encoder-premium WordPress plugin before 0.3.12 does not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks...

0.00301EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 6:0 a.m.21 views

CVE-2026-5305

The CVE-2026-5305 issue affects the WordPress plugins Email Address Encoder (free) prior to 1.0.25 and Email Encoder Premium prior to 0.3.12. The root cause is improper handling of email replacement, which can allow unauthenticated attackers to perform Stored XSS. Impact per sources is high (CVE-...

8.8CVSS5.8AI score0.00301EPSS
Exploits0References1
NVD
NVD
added 2026/06/24 7:16 a.m.12 views

CVE-2026-9178

The WP Forms Connector plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.8. The plugin registers the REST route wp/v3/user/list/ callback userDetail with permissioncallback set to 'returntrue', and the function's home-grown authentication only...

7.5CVSS0.00347EPSS
Exploits0References5
NVD
NVD
added 2026/06/23 11:16 p.m.11 views

CVE-2026-56785

FlatPress contains a stored cross-site scripting vulnerability in comment and contact forms where name, URL, and email fields are rendered without proper output encoding in Smarty templates. Attackers can inject arbitrary HTML and JavaScript through these fields to execute malicious scripts in...

8.4CVSS0.00243EPSS
Exploits0References3
Redos
Redos
added 2026/06/22 12:0 a.m.5 views

ROS-20260622-73-0036

The vulnerability of the consumePhrase function in the Go programming language is related to insufficient validation of input data during the analysis of email addresses. Exploiting this vulnerability could allow a remote attacker to cause service failures...

7.5CVSS5.9AI score0.00798EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/16 2:10 p.m.24 views

CVE-2026-48780 Forem vulnerable to bypass of email address domain restrictions

Forem is open source software for building communities. Prior to commit a2ab6d4, a maliciously crafted email address could allow an attacker to bypass domain allowlist or denylist restrictions and gain access to invite-only forem deployments. The issue is patched as of a2ab6d4. As a workaround,...

8.2CVSS0.00218EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48906

The Aqara Cloud Developer Portal developer.aqara.com issued a developer token to any email address supplied by the attacker. This is an instance of "CWE-306: Missing Authentication for Critical Function" with an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 6.5 Medium. When...

6.5CVSS5.4AI score0.00219EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 12:16 p.m.11 views

CVE-2026-8589

GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user to add unauthorized email addresses to a targeted user's account due to improper...

8.7CVSS0.00255EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/09 7:15 p.m.10 views

CVE-2026-47106 Ellucian Banner Self-Service Stored XSS via getFacultyMeetingTimes API

Ellucian Banner Self-Service before the April T2 release 2025-04-23 contains a stored cross-site scripting vulnerability in the course search functionality that allows authenticated Banner ERP users to inject malicious payloads into faculty and course fields by exploiting missing HTML encoding...

5.4CVSS5.6AI score0.00196EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/09 12:0 a.m.14 views

PT-2026-47841

Issue summary: When the X509 VERIFY PARAM set1 email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so...

5.6AI score0.0019EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/06/08 12:26 p.m.10 views

WordPress Email Address Encoder plugin < 1.0.25 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Matthew Rollings in WordPress Plugin Email Address Encoder versions 1.0.25...

5.4AI score0.00301EPSS
Exploits0References1Affected Software1
Amazon
Amazon
added 2026/06/08 12:0 a.m.16 views

Important: ecs-init

Issue Overview: When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. CVE-2026-33811 When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a...

7.5CVSS7.8AI score0.00813EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.14 views

CVE-2026-42499

Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322...

7.5CVSS5.4AI score0.00798EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.9 views

CVE-2026-25602

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

4.4CVSS5.4AI score0.00089EPSS
Exploits0References1
Rows per page
Query Builder