CVE-2026-53868

Capgo before 12.128.2 contains a denial of service vulnerability allowing attackers to register accounts using arbitrary email addresses without verification, then initiate deletion to lock emails in pending deletion state. Attackers can permanently lock legitimate users out of the platform for 3...

PT-2026-49045

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description A denial of service issue exists where attackers can register accounts using arbitrary email addresses without verification. By initiating the deletion process for these accounts, attackers can lock...

CVE-2026-25222

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

CVE-2026-25222

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By measuring the response time of the login endpoint...

Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of email ownership verification during profile updates, which allows an attacker to register an unauthorized email address and potentially cause information disclosure by redirecting notifications...

EUVD-2009-4434

Malware in sbrugna...

EUVD-2024-37251

Malicious code in bioql PyPI...

EUVD-2025-5658

Malicious code in bioql PyPI...

EUVD-2025-23863

Malicious code in bioql PyPI...

EUVD-2025-32303

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password...

CVE-2025-59943 phpMyFAQ duplicate email registration allows multiple accounts with the same email

phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password...

org.keycloak/keycloak-services: Keycloak SMTP Inject Vulnerability

A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters limited local part of the email, so the attack is limited to very shorts emails subject...

CRLF Injection

Keycloak-services is vulnerable to CRLF Injection. The vulnerability is due to improper input validation due to special characters in email registration being improperly handled, allowing attackers to inject SMTP commands and send unsolicited emails...

Keycloak <= 26.3.2 SMTP Inject (GHSA-qj5r-2r5p-phc7)

The version of Keycloak installed on the remote host is prior or equal to 26.3.2. It is, therefore, affected by SMTP inject vulnerability as reference in GHSA-qj5r-2r5p-phc7 advisory. - A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform...

CRLF Injection

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to CRLF Injection during the e-mail registration. An attacker can cause the system to send unsolicited emails...

CRLF Injection

Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to CRLF Injection during the e-mail registration. An attacker can cause the system to send unsolicited...

GHSA-QJ5R-2R5P-PHC7 Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP...

Duplicate Advisory: Keycloak-services SMTP Inject Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m4j5-5x4r-2xp9. This link is maintained to preserve external references. Original Description A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP...

CVE-2025-8419

A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters limited local part of the email, so the attack is limited to very shorts emails subject...

CVE-2025-8419 Org.keycloak/keycloak-services: keycloak smtp inject vulnerability

A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters limited local part of the email, so the attack is limited to very shorts emails subject...