CVE-2026-27949

Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling e.g., when an invalid magic code is submitted. Transmitting personally...

CVE-2026-27949 Plane Exposes User Email (PII and part of credential) in GET Parameter

Plane is an an open-source project management tool. Prior to 1.3.0, a vulnerability was identified in Plane's authentication flow where a user's email address is included as a query parameter in the URL during error handling e.g., when an invalid magic code is submitted. Transmitting personally...

CVE-2026-24932

The CVE-2026-24932 issue is an improper TLS/SSL certificate hostname validation in ADM’s DDNS update function. The vulnerability allows a remote attacker to perform a Man‑in‑the‑Middle (MitM) attack over HTTPS, potentially exposing sensitive DDNS updating data such as the user’s email, MD5‑hashed...

CVE-2025-10694

The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybeloadonboardingwizard function in all versions up to, and including, 1.8.0. This makes it possibl...

UBUNTU-CVE-2021-39911

An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers...