Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users

Summary The unauthenticated resend-verification endpoint returns different responses for registered and unregistered email addresses. A malicious third party can submit candidate addresses to /api/v4/account/auth/resendverificationemail and distinguish accounts from misses. Details...

CVE-2026-35460 Papra has an HTML Injection in Transactional Emails via Unescaped User Display Name

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. An attacker who registers with a display name containing HTML tags will have those tags injected...

Information Exposure

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Information Exposure in the /verificationEmailRequest endpoint. An attacker can determine whether specific email addresses a...

PT-2025-48087

Name of the Vulnerable Software and Affected Versions Veal98 Echo Open-Source Community System versions 2.2 through 2.3 Description An unauthenticated attacker can cause the server to send email verification messages to arbitrary users via the /sendEmailCodeForResetPwd endpoint. This could lead t...

lemlist: Authentication Token Theft via Open Redirect in Callback URL Parameter

A vulnerability was identified in the email signup flow of a website that enabled authentication token theft through manipulation of the callback URL parameter. The vulnerability occurred when an attacker modified the callbackUrl parameter during the email signup process to point to an...

CVE-2025-35436

CISA Thorium uses '.unwrap' to handle errors related to account verification email messages. An unauthenticated remote attacker could cause a crash by providing a specially crafted email address or response. Fixed in commit 6a65a27...

GHSA-XHPR-465J-7P9Q Keycloak phishing attack via email verification step in first login flow

There is a flaw with the first login flow where, during a IdP login, an attacker with a registered account can initiate the process to merge accounts with an existing victim's account. The attacker will subsequently be prompted to "review profile" information, which allows the the attacker to...

keycloak: Phishing attack via email verification step in first login flow

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email...

keycloak: Phishing attack via email verification step in first login flow

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email...

Keycloak < 26.3.0 Phishing Vulnerability

The version of Keycloak installed on the remote host is prior to 26.3.0. It is, therefore, affected by a phishing vulnerability. A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacke...

Origin Validation Error

Overview org.keycloak:keycloak-server-spi-private is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Origin Validation Error via the review profile process. An attacker can gain unauthorized access to...

CVE-2025-7365

A flaw was found in Keycloak. When an authenticated attacker attempts to merge accounts with another existing account during an identity provider IdP login, the attacker will subsequently be prompted to "review profile" information. This vulnerability allows the attacker to modify their email...

CVE-2023-2781

The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication bypass via authenticateuserbyemail in versions up to, and including, 3.5.0. This is due to a random token generation weakness in the resendverificationemail function. This allows unauthenticated...

GHSA-F38P-C2GQ-4PMR Regular Expression Denial-of-Service in npm schema-inspector

Impact What kind of vulnerability is it? Who is impacted? Email address validation is vulnerable to a denial-of-service attack where some input for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. will freeze the program or web browser page...

Regular Expression Denial-of-Service in npm schema-inspector

Impact What kind of vulnerability is it? Who is impacted? Email address validation is vulnerable to a denial-of-service attack where some input for example a@0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0. will freeze the program or web browser page...

U.S. Dept Of Defense: Access to all █████████ files, including CAC authentication bypass

Summary: Due to an Insecure Direct Object Reference IDOR in adding recipients to a shared package on ██████████, an unauthenticated attacker can access all files uploaded to ████. As described on ██████████ website, this includes documents with classifications up to FOUO, including PII / PHI...

Liberapay: Liberapay Non Verified Account Takeover with signup feature

Hi, So i saw a strange behaviour of your web on signup feature when that can be escalated to Account Takeover but for limited timeline, Issue: When a New user signup for an account on https://en.liberapay.com/ he have to enter his email address only and it doesn't say anything about sending a...

Vanilla: Making further registrations difficult on Vanilla forum

Summary: After registering the account, user gets a verification email. There is a number assigned in that mail and it is incremented for next user. Trying to verify the next number with same code shows user not found but will create problem for next person registering the account. Description:...

itBit Exchange: Email Length Verification

Hello ItBit Security Team! I am Simone, a sixteen years old Italian Security research, and I just want to share with you one of my finding on your website. NOTE:I reccomend you to read all this report with attwntion because it's a really particular vulnerability.. at first impact, this issue will...