WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

EUVD-2002-2181

Malware in sbrugna...

EUVD-2021-19503

Malware in sbrugna...

EUVD-2002-1492

Malware in sbrugna...

EUVD-2005-0150

Malware in sbrugna...

EUVD-2014-8669

Malware in sbrugna...

EUVD-2022-15525

Malicious code in bioql PyPI...

CVE-2022-31185

mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the Hide Email Address checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if...

CVE-2024-52589 Moderators can view Screened emails even when the “moderators view emails” option is disabled in Discourse

Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from...

Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy

Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services...

Mutt 安全漏洞

Mutt is a text-based e-mail client for Unix-like systems by Michael Elkins, a personal developer. A security vulnerability exists in Mutt, which stems from PGP encryption that does not use the --hive-recipient mode, thereby disclosing the header field of a cc'd e-mail message...

BIT-DISCOURSE-2024-36122 Discourse doesn't limit reviewable user serializer payload

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

CVE-2024-36122

Discourse is an open-source discussion platform. Prior to version 3.2.3 on the stable branch and version 3.3.0.beta4 on the beta and tests-passed branches, moderators using the review queue to review users may see a users email address even when the Allow moderators to view email addresses settin...

BIT-GITLAB-2021-22249

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...

BIT-MOODLE-2020-25703

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10...

CVE-2023-27266

Mattermost vulnerability CVE-2023-27266 arises from the API response construction for /api/v4/users/me/teams not honoring ShowEmailAddress. This allows a user with team admin privileges to learn the team owner's email address from the response. Affected software: Mattermost (web/API level). Root ...

CVE-2022-31185

mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the Hide Email Address checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if...

Design/Logic Flaw

mprweb is a hosting platform for the makedeb Package Repository. Email addresses were found to not have been hidden, even if a user had clicked the Hide Email Address checkbox on their account page, or during signup. This could lead to an account's email being leaked, which may be problematic if...

CVE-2022-0371

CVE-2022-0371 affects GitLab CE/EE. Affected versions include all 11.4.x before 14.5.4, all 14.6.x before 14.6.4, and all 14.7.x before 14.7.1. The vulnerability allows authenticated users to search other users by their private emails even when emails are set to private, representing an informati...

[ASA-202107-41] nextcloud-app-mail: information disclosure

Arch Linux Security Advisory ASA-202107-41 ========================================== Severity: Low Date : 2021-07-20 CVE-ID : CVE-2021-32707 Package : nextcloud-app-mail Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-2145 Summary ======= The package...