Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...

CVE-2026-23478 Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback

Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...

CVE-2026-23478 Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback

Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...

CVE-2026-23478 Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback

Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...

CVE-2026-23478

Cal.com CVE-2026-23478 affects versions 3.1.6–6.0.6. Root cause: improper server-side validation in a custom NextAuth JWT callback that trusts client-supplied data during session.update(), enabling an unauthenticated attacker to fully impersonate any user. Impact: total account takeover with acce...

CVE-2025-55155 MantisBT: Authentication bypass for some passwords due to PHP type juggling

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing...

CVE-2025-55155 MantisBT: Authentication bypass for some passwords due to PHP type juggling

Mantis Bug Tracker MantisBT is an open source issue tracker. In versions 2.27.1 and below, when a user edits their profile to change their e-mail address, the system saves it without validating that it actually belongs to the user. This could result in storing an invalid email address, preventing...

Python Social Auth 安全漏洞

Python Social Auth is an easy to set up social authentication/registration mechanism from Python Social Auth open source. Multiple frameworks and authentication providers are supported. A security vulnerability exists in Python Social Auth versions prior to 5.6.0, which stems from an unvalidated...

PHPGurukul Directory Management System 注入漏洞

Directory Management System is a directory management system. Directory Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /admin/forget-password.php. An attacker can exploi...

Omniauth::MicrosoftGraph License Issues Vulnerability

Omniauth::MicrosoftGraph is an Omniauth policy for the Microsoft Graph Api from the individual developer Peter Philips. An authorization issue vulnerability exists in versions of Omniauth::MicrosoftGraph prior to 2.0.0, which stems from a failure to validate the legitimacy of a user's email...

Debian DSA-5542-1 : request-tracker4 - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5542 advisory. - Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface...

Debian DSA-5541-1 : request-tracker5 - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5541 advisory. - Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email headers in incoming email and the mail-gateway REST interface...

FreeBSD : Request Tracker -- multiple vulnerabilities (e14b9870-62a4-11ee-897b-000bab9f87f1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the e14b9870-62a4-11ee-897b-000bab9f87f1 advisory. - Request Tracker reports: CVE-2023-41259 SECURITY: RT is vulnerable to unvalidated email...

Rdiffweb 安全漏洞

Rdiffweb is a web application by Patrik Dufresne, an individual developer in the USA. Provides quick access to your archives through an efficient web interface. A denial of service vulnerability exists in Rdiffweb versions prior to 2.4.8, which stems from not validating email length in...

ILIAS 安全漏洞

ILIAS is an open source learning management system. A security vulnerability exists in ILIAS version 7.10 and earlier versions, which stems from a lack of validation when changing an email address on the profile page. An attacker exploited the vulnerability to remotely take over an account...