CVE-2026-45559

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, getldapemail app/modules/roxywi/user.py:120-157 builds the LDAP search filter via f-string concatenation. The username URL path parameter is taken verbatim — no checkAjaxInput, no...

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

JLSEC-2026-225 Read buffer overruns processing ASN.1 strings

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

Siemens RUGGEDCOM, SCALANCE and SIMATIC Out-of-bounds Read (CVE-2021-3712)

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

EUVD-2000-0058

Malware in sbrugna...

EUVD-2023-1738

Malicious code in bioql PyPI...

CVE-2024-0235

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog...

CVE-2023-23566

A 2-Step Verification problem in Axigen 10.3.3.52 allows an attacker to access a mailbox by bypassing 2-Step Verification when they try to add an account to any third-party webmail service or add an account to Outlook or Gmail, etc. with IMAP or POP3 without any verification code...

Growatt Cloud Applications Authorization Bypass Vulnerability (CNVD-2025-14960)

Growatt Cloud Applications is a monitoring platform from Growatt in China. An authorization bypass vulnerability exists in Growatt Cloud Applications 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to obtain a user's email by knowing the username, resulting in a...

CVE-2025-1404 Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayssccpreportsusersearch function in all versions up to, and including, 4.4.7. This makes it possible for unauthenticated attackers to...

CVE-2025-1404 Secure Copy Content Protection and Content Locking <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ayssccpreportsusersearch function in all versions up to, and including, 4.4.7. This makes it possible for unauthenticated attackers to...

WordPress Secure Copy Content Protection and Content Locking plugin <= 4.4.7 - Missing Authorization to Unauthenticated User Email Retrieval via ays_sccp_reports_user_search Function vulnerability

Missing Authorization to Unauthenticated User Email Retrieval via ayssccpreportsusersearch Function vulnerability discovered by Krzysztof Zając in WordPress Plugin Secure Copy Content Protection and Content Locking versions = 4.4.7...

CVE-2024-13447 WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval

The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotelbookingloadorderuser AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2024-13447 WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval

The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hotelbookingloadorderuser AJAX action in all versions up to, and including, 2.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress WP Hotel Booking plugin <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval vulnerability

Missing Authorization to Authenticated Subscriber+ User Email Retrieval vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Hotel Booking versions = 2.1.6...

WordPress Admin Notices Manager plugin <= 1.4.0 - Missing Authorization to Authenticated User Email Retrieval vulnerability

Missing Authorization to Authenticated User Email Retrieval vulnerability discovered by Lucio Sá in WordPress Plugin Admin Notices Manager versions = 1.4.0...

SUSE CVE-2023-5422

The functions to fetch e-mail via POP3 or IMAP as well as sending e-mail via SMTP use OpenSSL for static SSL or TLS based communication. As the SSLgetverifyresult function is not used the certificated is trusted always and it can not be ensured that the certificate satisfies all necessary securit...

InfoHound - An OSINT To Extract A Large Amount Of Data Given A Web Domain Name

During the reconnaissance phase, an attacker searches for any information about his target to create a profile that will later help him to identify possible ways to get in an organization. InfoHound performs passive analysis techniques which do not interact directly with the target using OSINT to...

PT-2023-12274 · Unknown · Mobicint Backend For Credit Unions

Name of the Vulnerable Software and Affected Versions: Mobicint Backend for Credit Unions version 3 Description: An issue in the software allows attackers to retrieve partial email addresses and user-entered information via submission to the "forgotten-password endpoint". Recommendations: For...

Improper access control

Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2...