CVE-2026-32700 Devise has a confirmable "change email" race condition that permits user to confirm email they have no access to

Devise is an authentication solution for Rails based on Warden. Prior to version 5.0.3, a race condition in Devise's Confirmable module allows an attacker to confirm an email address they do not own. This affects any Devise application using the reconfirmable option the default when using...

CVE-2019-20061

The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5.4 may leak the system-picked password if this email is sent in cleartext. In other words, the user is not allowed to choose their own initial password...

EUVD-2018-4355

Malware in sbrugna...

CVE-2025-48481 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, an attacker with an unactivated email invitation containing invitehash, can exploit this vulnerability to self-activate their account, despite it being blocked or deleted, by leveraging the invitation link fro...

CVE-2018-1000803

Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email...

CVE-2025-26696

CVE-2025-26696 affects Mozilla Thunderbird and is triggered by certain crafted MIME messages that claim to contain an encrypted OpenPGP message but actually contain an OpenPGP signed message, causing the UI to mis-display the content as encrypted. Public references in connected documents corrobor...

ALPINE-CVE-2019-16056

An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To header...

Notification Emails From Veeam Backup for Microsoft 365 Are Sent in an Unexpected Language

Challenge Email notifications sent by Veeam Backup for Microsoft 365 unexpectedly contain Chinese characters. Cause The issue is caused by an encoding conflict. By default, Veeam Backup for Microsoft 365 uses UTF-16 character encoding, and the problem appears under the following circumstances: Us...

SecureMail: Unable to send emails "You cannot send the mail"

Only one user couldn't send mails, it failed with error message "You cannot send the mail" unable to send mails or reply to mails with or without attachment. The user is able to receive emails successfully...

CVE-2004-1617

Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service infinite loop via a web page or HTML email that contains invalid HTML including 1 a TEXTAREA tag with a large COLS value and 2 a large tag name in an element that is not terminated, as demonstrated ...

Netscape 4.x/6.x / Mozilla 0.9.x - Malformed Email POP3 Denial of Service

// source: https://www.securityfocus.com/bid/5002/info The Netscape Communicator and Mozilla browsers include support for email, and the ability to fetch mail through a POP3 server. Both products are available for a range of platforms, including Microsoft Windows and Linux. Under some...