Lucene search
K

5 matches found

CVE
CVE
added 2026/03/20 1:2 p.m.6 views

CVE-2026-31381

CVE-2026-31381 and related entries describe a Gainsight Assist plugin information-disclosure vulnerability. The core issue is that user email addresses (PII) are exposed in base64-encoded form via the OAuth callback URL’s state parameter. This can allow an attacker to recover emails if the OAuth ...

5.3CVSS5.8AI score0.00303EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/26 4:3 p.m.4 views

CVE-2025-59843 FlagForgeCTF Exposes User Emails via Public /api/user/[username] API

Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/username returns user email addresses in its JSON response. The fix, intended for release in 2.3.1 but only available starting in version 2.3.2, removes email addresses from public AP...

6.9CVSS5.9AI score0.00389EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.5 views

CVE-2024-1289

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. This makes it possible for authenticated attackers to...

6.5CVSS5.5AI score0.00391EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.6 views

PT-2023-12442 · WordPress · Ulisting

Name of the Vulnerable Software and Affected Versions: uListing plugin for WordPress versions up to, and including, 1.6.6 Description: The issue is related to authorization bypass due to a missing capability check in the "ulisting/includes/route.php" file. This affects the...

7.5CVSS5.2AI score0.00946EPSS
Exploits1References5
OSV
OSV
added 2022/01/26 4:15 p.m.4 views

CVE-2021-44692

BuddyBoss Platform through 1.8.0 allows remote attackers to obtain the email address of each user. When creating a new user, it generates a Unique ID for their profile. This UID is their private email address with symbols removed and periods replaced with hyphens. For example. [email protected]...

5.3CVSS6.1AI score0.01117EPSS
Exploits0References2
Rows per page
Query Builder