Lucene search
K

73 matches found

Cvelist
Cvelist
added 2026/04/08 10:27 p.m.17 views

CVE-2025-9484 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab EE affecting all versions from 16.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that under certain circumstances could have allowed an authenticated user to have access to other users' email addresses via certain GraphQL queries...

4.3CVSS0.00264EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/08 5:33 p.m.4 views

EUVD-2026-20536

Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, the requestEmailChange mutation was revealing the existence of user-provided email addresses in error messages. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118...

5.3CVSS5.9AI score0.00243EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/04/07 9:44 p.m.4 views

CVE-2026-39937 Global vanishing does not completely remove user email

Improper removal of sensitive information before storage or transfer vulnerability in The Wikimedia Foundation Mediawiki - CentralAuth Extension allows Resource Leak Exposure. The issue has been remediated on the master branch, and in the release branches for MediaWiki versions 1.43, 1.44, and 1....

8.8CVSS5.8AI score0.00263EPSS
Exploits0References2
OSV
OSV
added 2026/03/11 7:23 p.m.5 views

GHSA-GQC5-XV7M-GCJQ Shopware has user enumeration via distinct error codes on Store API login endpoint

Summary The Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUTCUSTOMERAUTHBADCREDENTIALS or is unknown CHECKOUTCUSTOMERNOTFOUND. The "not found" response also echoes the...

5.3CVSS5.8AI score0.00218EPSS
Exploits0References3
NVD
NVD
added 2026/03/07 6:16 a.m.6 views

CVE-2026-30841

Wallos is an open-source, self-hostable personal subscription tracker. Prior to version 4.6.2, passwordreset.php outputs $GET"token" and $GET"email" directly into HTML input value attributes using and without calling htmlspecialchars. This allows reflected XSS by breaking out of the attribute...

6.9CVSS0.00283EPSS
Exploits1References3
NVD
NVD
added 2026/02/21 11:15 a.m.28 views

CVE-2026-27492

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...

4.7CVSS0.00166EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/02/21 10:16 a.m.2 views

CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...

4.7CVSS5.3AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2026/02/21 10:16 a.m.9 views

CVE-2026-27492 Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...

4.7CVSS5.5AI score0.00166EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2020-21454

Malware in sbrugna...

6.1CVSS6.3AI score0.007EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-0647

Malware in sbrugna...

5.3CVSS5.4AI score0.01112EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.12 views

EUVD-2023-23489

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.0051EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-24123

Malicious code in bioql PyPI...

4.3CVSS4.7AI score0.00581EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2019-10740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The...

4.3CVSS6.4AI score0.00771EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/23 10:35 a.m.10 views

CVE-2024-40761

Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.3.5. Using the MD5 value of a user's email to access Gravatar is insecure and can lead to the leakage of user email. The official recommendation is to use SHA256 instead. Users are recommend...

5.3CVSS6.8AI score0.00749EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.9 views

CVE-2023-6155

The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the aysquizauthorusersearch AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses...

5.3CVSS6.9AI score0.00565EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 12:58 a.m.10 views

CVE-2022-31185

mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the Hide Email Address checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if...

5.3CVSS7AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:42 p.m.8 views

CVE-2021-36436

An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint...

5.3CVSS6.5AI score0.00523EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:36 p.m.13 views

CVE-2020-29072

A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side attack requires user interaction opening a link and successful exploitation could lead to encrypted e-mail content leakage via messages/sent?format=js and popup?format=js...

6.1CVSS6.7AI score0.007EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2025/01/16 7:25 p.m.13 views

CVE-2024-56136 /api/v1/jwt/fetch_api_key endpoint can leak if an email address has an account in Zulip server

Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an emai...

6.9CVSS6.3AI score0.0055EPSS
Exploits0References2
Veracode
Veracode
added 2024/09/26 5:41 a.m.13 views

Inadequate Encryption Strength

github.com/apache/incubator-answer is vulnerable to Inadequate Encryption Strength. The vulnerability is due to the use of MD5 hashing for a user's email when accessing Gravatar, which is insecure and can lead to the leakage of user emails. The recommended fix is to upgrade to version 1.4.0, whic...

5.3CVSS6.7AI score0.00749EPSS
Exploits0References14Affected Software1
Rows per page
Query Builder