Lucene search
K

13 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-46507

Malicious code in bioql PyPI...

4.3CVSS4.8AI score0.00274EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:6 a.m.5 views

CVE-2024-5270

Mattermost versions 9.5.x = 9.5.3, 9.7.x = 9.7.1, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentication mail from SAML to email and possibly edit...

4.3CVSS7.1AI score0.00274EPSS
Exploits0References1
Veracode
Veracode
added 2024/05/28 10:17 a.m.12 views

Improper Access Control

Mattermost is vulnerable to Improper Access Control. The vulnerability is due to a failure to verify if the email signup configuration option is enabled when a user requests to switch from SAML to email, allowing users to switch their authentication method and potentially edit personal details...

4.3CVSS7.2AI score0.00274EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/05/26 2:15 p.m.22 views

CVE-2024-5270

Mattermost versions 9.5.x = 9.5.3, 9.7.x = 9.7.1, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentication mail from SAML to email and possibly edit...

4.3CVSS4.8AI score0.00274EPSS
Exploits0References1
OSV
OSV
added 2024/05/26 1:30 p.m.4 views

CVE-2024-5270 SAML to email switch possible when email signin is disabled

Mattermost versions 9.5.x = 9.5.3, 9.7.x = 9.7.1, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentication mail from SAML to email and possibly edit...

4.3CVSS6AI score0.00274EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/26 1:30 p.m.15 views

CVE-2024-5270 SAML to email switch possible when email signin is disabled

Mattermost versions 9.5.x = 9.5.3, 9.7.x = 9.7.1, 9.6.x = 9.6.1 and 8.1.x = 8.1.12 fail to check if the email signup configuration option is enabled when a user requests to switch from SAML to Email. This allows the user to switch their authentication mail from SAML to email and possibly edit...

4.3CVSS7.1AI score0.00274EPSS
Exploits0References1
CVE
CVE
added 2024/05/26 1:30 p.m.74 views

CVE-2024-5270

Mattermost vulnerable in multiple tracked versions (8.1.x <= 8.1.12; 9.5.x <= 9.5.3; 9.6.x <= 9.6.1; 9.7.x email switch. Impact: improper access control for authentication method and related data. Mitigation: upgrade to versions later than the listed fixed versions (as documented in PT-2...

4.3CVSS4.8AI score0.00274EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/04/19 12:15 a.m.2 views

ALPINE-CVE-2023-27043

The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is...

5.3CVSS6.8AI score0.02527EPSS
Exploits1References1
Hacker One
Hacker One
added 2020/03/28 4:20 p.m.45 views

Rocket.Chat: [Security Vulnerability Rocket.chat] HTML Injection into Email via Signup

Description Due to a lack of sanitization and validation in parameter affected, we can input HTML Tag and system will render it into Email victim. Affected Endpoint https://chat.oas.greenhost.net/home Parameter : Name Step to produce In textbox name, input HTML code like "\”@x.y " And in Email,...

0.6AI score
Exploits0
CNVD
CNVD
added 2019/08/26 12:0 a.m.2 views

WordPress GoDaddy godaddy-email-marketing-sign-up-forms plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress GoDaddy godaddy-email-marketing-sign-up-for...

8.8CVSS6.8AI score0.0068EPSS
Exploits0References1
wpexploit
wpexploit
added 2019/05/20 12:0 a.m.19 views

FV Flowplayer Video Player <= 7.3.13.727 - Unauthenticated Stored XSS

The vulnerable function is exposed to unauthenticated users over wpajaxnoprivfvwpflowplayeremailsignup ajax hook. It saves anything that user provides in email POST parameter. Send POST request to wp-admin/admin-ajax.php with body content: "action=fvwpflowplayeremailsignup&list=1&[email protected]"...

4.3CVSS1AI score0.02022EPSS
Exploits2References2
Openbugbounty
Openbugbounty
added 2018/04/07 7:53 p.m.8 views

hermitageart.com XSS vulnerability

Open Bug Bounty ID: OBB-598465 Description| Value ---|--- Affected Website:| hermitageart.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Hacker One
Hacker One
added 2017/09/18 11:28 a.m.31 views

Hiro: Cross site request forgery

An e-mail signup form does not check CSRF tokens. This would allow the creation of click-able links which perform an e-mail signup. Because the e-mail signup form does not pass any sensitive information, nor perform any state changes on behalf of a user, this is not a vector for attack...

6.9AI score
Exploits0
Rows per page
Query Builder