CVE-2026-40570

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, the loadcustomerinfo action in POST /conversation/ajax returns complete customer profile data to any authenticated user without verifying mailbox access. An attacker only needs a valid email address to retriev...

CVE-2026-32629

phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example ""@evil.com. PHP's FILTERVALIDATEEMAIL accepts this email...

PT-2026-29423

Summary An unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 quoted local part yet contains raw HTML — for example "alert1"@evil.com. PHP's FILTER VALIDATE EMAIL accepts this email as valid. The email is stored in the database without...

CVE-2026-27593

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

GHSA-JXQ9-79VJ-RGVW Statamic is vulnerable to account takeover via password reset link injection

Impact An attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid account on the site, and the actual user must blindly click the link in their email even though they...

EUVD-2004-2218

Malware in sbrugna...

CVE-2025-24391

A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....

CVE-2025-24391 Possible user enumeration

A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....

answer user enumeration vulnerability

answer is an open source knowledge-based community software. A user enumeration vulnerability exists in versions of answer prior to 1.0.6, which stems from brute-force breaking of a valid email account in the login portal, where the time for a valid account is significantly higher than the time f...

Razer: Expired reCAPTCHA site key leads to Rate Limit Bypass and Email Enumeration

The tester discovered a configuration issue involving Google reCAPTCHA that would allow adversaries to enumerate valid email addresses for users. While minor, Razer appreciates the report and clear PoC...

Unspecified Vulnerability in NiceHash Miner

NiceHash Miner is a mining software for Bitcoin. A security vulnerability exists in NiceHash Miner versions prior to 2.0.3.0. The vulnerability can be exploited by an attacker to obtain user information with a valid email address...

CVE-2019-6120

An issue was discovered in NiceHash Miner before 2.0.3.0. A missing rate limit while adding a wallet via Email address allows remote attackers to submit a large number of email addresses to identify valid ones. By exploiting this vulnerability with CVE-2019-6122 Username Enumeration an adversary...

Deserialization of untrusted data

misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action...

CVE-2009-4467

misc.php in DeluxeBB 1.3 allows remote attackers to register accounts without a valid email address via a valemail action with the valmem set to a pre-assigned user ID, which is visible from a memberlist action...

Qwik SMTP 0.3 Remote Root Format String Exploit

No description provided by source. / qwik-smtp Remote Root Exploit ------------------------------- Bug found by: Dark Eagle darkeagle at list d0t ru Exploit coded by: Carlos Barros barros at barrossecurity d0t com Home Page: http://www.barrossecurity.com Exploitation techinique: This bug is a...