38 matches found
CVE-2026-62328 9Router 0.4.41 - Unauthenticated Information Disclosure via API Usage Endpoints
9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to access sensitive user data by sending requests to unprotected API endpoints. Attackers can enumerate paginated request logs and retrieve complete AI conversation historie...
CVE-2026-2025 Mail Mint < 1.19.5 - Unauthenticated Emails Disclosure
The Mail Mint WordPress plugin before 1.19.5 does not have authorization in one of its REST API endpoint, allowing unauthenticated users to call it and retrieve the email addresses of users on the blog...
EUVD-2020-25280
Malware in sbrugna...
EUVD-2023-12689
Malicious code in bioql PyPI...
CVE-2024-2931
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfrontuserroleeditorassignrolesuserautocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level acces...
WordPress plugin Moving Users 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...
CVE-2024-45231
An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...
GO-2024-3158 Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer
Apache Answer: Avatar URL leaked user email addresses in github.com/apache/incubator-answer...
CVE-2024-2931
The WPFront User Role Editor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.1.11184 via the wpfrontuserroleeditorassignrolesuserautocomplete AJAX action. This makes it possible for authenticated attackers, with subscriber-level acces...
CVE-2024-2931
CVE-2024-2931 affects the WordPress plugin WPFront User Role Editor. The vulnerability enables Sensitive Information Exposure via the wpfront_user_role_editor_assign_roles_user_autocomplete AJAX action. It allows authenticated attackers with subscriber-level access and above to retrieve the list ...
PT-2024-22151 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.13 Description: GLPI is a Free Asset and IT Management Software package that includes data center management, ITIL Service Desk, licenses tracking, and software auditing. An authenticated user can obtain the email...
Unauthorized Access
gitlab:sid is vulnerable of Unauthorized Access. The vulnerability due to unauthorized user to read user email addresses through the tags feed, even if the visibility setting for the email address in the user profile is disabled. It allows an unauthorized user can get access to read sensitive...
Code injection
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog...
CVE-2023-6155
The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the aysquizauthorusersearch AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses...
WordPress Multiple Vulnerabilities (Oct 2023) - Linux
WordPress is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescripti...
The vulnerability of the XWiki platform, which involves exposing information in the wrong data area, allows a hacker to obtain the email addresses of all users.
The vulnerability of the XWiki Platform lies in the exposure of information in the error data area. Exploiting this vulnerability could allow a malicious actor to obtain the email addresses of all users...
CVE-2023-0655
SonicWall Email Security contains a vulnerability that could permit a remote unauthenticated attacker access to an error page that includes sensitive information about users email addresses...
WordPress plugin Directorist 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
Zephyr Project Manager < 3.2.5 - Unauthorised REST Calls to Stored XSS
The plugin does not have proper authorisation even when the Require Authorisation for REST API Requests is enabled in all its REST endpoints, allowing unauthenticated users to call them either directly. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform...
Authentication flaw
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users...