Lucene search
+L

8 matches found

Cvelist
Cvelist
added 2026/06/17 10:7 p.m.23 views

CVE-2024-24769 Vantage6: No limit on emails sent for password/MFA reset

vantage6 is an open-source infrastructure for privacy preserving analysis. Prior to version 5.0.0, users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a l...

2.1CVSS0.00278EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/06/05 3:21 p.m.15 views

Vantage6: No limit on emails sent for password/MFA reset

Impact Users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam...

2.1CVSS5.5AI score0.00278EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/06/05 3:21 p.m.7 views

GHSA-5549-C5Q7-FJ65 Vantage6: No limit on emails sent for password/MFA reset

Impact Users can reset their MFA token via API routes that send them an email. Currently the number of emails that is sent is not limited. This gives attackers the option to flood someones mailbox with a lot of emails, and would have adverse effects on the SMTP server which may be seen as spam...

2.1CVSS5.5AI score0.00278EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/08/26 12:0 a.m.5 views

The vulnerability of the “password reset” function in the CircuitVerse software for digital logic circuit design and simulation allows a hacker to send an unlimited number of emails to any email address using the “password reset” email address.

The vulnerability of the “password reset” function in the CircuitVerse software for digital logic circuit design and simulation arises from a situation where there is a race between different contexts. Exploiting this vulnerability allows an attacker to send an unlimited number of emails to any...

7.5CVSS5.5AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/08/24 12:0 a.m.4 views

PT-2022-4432 · Unknown · Circuitverse

Name of the Vulnerable Software and Affected Versions: CircuitVerse affected versions not specified Description: The issue is related to a race condition in the password recovery function of CircuitVerse, a digital logic circuit development and simulation tool. This could allow a remote attacker ...

7.5CVSS7.1AI score
Exploits0References3
CNNVD
CNNVD
added 2022/03/01 12:0 a.m.6 views

Microweber 授权问题漏洞

Microweber is a drag-and-drop online store management system from the Microweber community in the United States. The system includes modules for adding products, images, etc. An email bombing vulnerability exists in versions of Microweber prior to 1.3. The vulnerability stems from a failure to ra...

7.5CVSS7.3AI score0.01221EPSS
Exploits1References3
Huntr
Huntr
added 2021/09/29 7:27 p.m.5 views

in khodakhah/nodcms

Description There is no rate limit sent unlimited email victim or any email address Proof of Concept There is no rate limit return-password , attacker to send unlimited email to victim or any email address. POST /en/return-password HTTP/1.1 Host: demo.nodcms.com User-Agent: Mozilla/5.0 Windows NT...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2016/06/29 1:36 a.m.20 views

Trello: Sending Unlimited Mails To Anybody With Easy Social Share Buttons Plugin

Hi, I want to talk about your ESSB plugin.When I was doing a research about it I saw that link " http://blog.trello.com/wp-content/plugins/easy-social-share-buttons3/public/essb-mail.php " When you navigate that link it says "message":"Error sending message!" But when you put the right parameters...

6.9AI score
Exploits0
Rows per page
Query Builder