PT-2026-44935

Name of the Vulnerable Software and Affected Versions Dokploy versions 0.27.0 through 0.29.2 Description A hardcoded fallback for the BETTER AUTH SECRET variable allows an unauthenticated attacker to forge email verification JSON Web Tokens JWTs, which are compact and self-contained ways for...

CVE-2026-30941

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 8.6.14 and 9.5.2-alpha.1, NoSQL injection vulnerability allows an unauthenticated attacker to inject MongoDB query operators via the token field in the password reset and email...

CVE-2026-1916

The CVE concerns the WPGSI: Spreadsheet Integration WordPress plugin (up to version 3.8.3). The vulnerability arises from missing authorization on two REST API functions (wpgsi_callBackFuncAccept and wpgsi_callBackFuncUpdate), where permission_callback => '__return_true' allows unauthenticated...

EUVD-2011-3626

Malware in sbrugna...

EUVD-2022-3907

Malicious code in bioql PyPI...

EUVD-2022-48998

Malicious code in bioql PyPI...

CVE-2021-37693

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email...

CVE-2019-11514

User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens...

CVE-2023-33291

In ebankIT 6, the public endpoints /public/token/Email/generate and /public/token/SMS/generate allow generation of OTP messages to any e-mail address or phone number without validation. It cannot be exploited with e-mail addresses or phone numbers that are registered in the application...

SUSE CVE-2011-3667

The User.offeraccountbyemail WebService method in Bugzilla 2.x and 3.x before 3.4.13, 3.5.x and 3.6.x before 3.6.7, 3.7.x and 4.0.x before 4.0.3, and 4.1.x through 4.1.3, when createemailregexp is not empty, does not properly handle usercancreateaccount settings, which allows remote attackers to...

CVE-2022-46177

Discourse vulnerability CVE-2022-46177 affects Discourse versions prior to 2.8.14 (stable) and prior to 3.0.0.beta15 (beta/tests-passed). If a user requests a password-reset link and then changes the primary email, the old reset email can remain valid; using it to reset the password re-links the ...

PT-2022-4953

Name of the Vulnerable Software and Affected Versions: @next-auth/upstash-redis-adapter versions prior to 3.0.2 Description: The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checked for the identifier when verifying the token in the emai...

UBUNTU-CVE-2021-39919

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure...

CVE-2021-39919

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure...

CVE-2021-39919

In all versions of GitLab CE/EE starting version 14.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, the reset password token and new user email token are accidentally logged which may lead to information disclosure...

Discourse 2.8.0.beta5 Security Update

Discourse is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:discourse:discourse"; ifdescripti...

CVE-2021-37693

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email...

Design/Logic Flaw

Discourse is an open-source platform for community discussion. In Discourse before versions 2.7.8 and 2.8.0.beta4, when adding additional email addresses to an existing account on a Discourse site an email token is generated as part of the email verification process. Deleting the additional email...

DEBIAN-CVE-2019-19844

Django before 1.11.27, 2.x before 2.2.9, and 3.x before 3.0.1 allows account takeover. A suitably crafted email address that is equal to an existing user's email address after case transformation of Unicode characters would allow an attacker to be sent a password reset token for the matched user...

CVE-2019-11514

User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mishandles invalidation of user email tokens...