Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
email-address project email-address vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2015-7686
Algorithmic complexity vulnerability in Address.pm in the Email-Address module 1.908 and previous versions for Perl allows remote malicious users to cause a denial of service (CPU consumption) via a crafted string containing a list of e-mail addresses in conjunction with parenthe...
Email-address Project Email-address
6.1
CVSSv3
CVE-2017-11503
PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of code_generator.php.
Phpmailer Project Phpmailer 5.2.23
9.8
CVSSv3
CVE-2022-3477
The tagDiv Composer WordPress plugin prior to 3.5, required by the Newspaper WordPress theme prior to 12.1 and Newsmag WordPress theme prior to 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated malicious users to login as any user by just kno...
Tagdiv Composer Project Tagdiv Composer
Newsmag Project Newsmag
Newspaper Project Newspaper
6.1
CVSSv3
CVE-2017-15612
mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such as in java\nscript:) or a crafted email address, related to the escape and autolink functions.
Mistune Project Mistune 0.7.4
5.4
CVSSv3
CVE-2021-24478
The Bookshelf WordPress plugin up to and including 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue
Bookshelf Project Bookshelf
5.9
CVSSv3
CVE-2019-13240
An issue exists in GLPI prior to 9.4.1. After a successful password reset by a user, it is possible to change that user's password again during the next 24 hours without any information except the associated email address.
Glpi-project Glpi
5.3
CVSSv3
CVE-2022-2834
The Helpful WordPress plugin prior to 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow malicious users to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plug...
Helpful Project Helpful
8.1
CVSSv3
CVE-2018-1000025
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an act...
Firebase Admin Sdk For Php Project Firebase Admin Sdk For Php
7.5
CVSSv3
CVE-2022-2379
The Easy Student Results WordPress plugin up to and including 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical addr...
Easy Student Results Project Easy Student Results
4.3
CVSSv3
CVE-2021-24824
The [field] shortcode included with the Custom Content Shortcode WordPress plugin prior to 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination wi...
Custom Content Shortcode Project Custom Content Shortcode
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
spoof
CVE-2024-34928
CVE-2024-5291
deserialization
CVE-2024-4471
CVE-2024-4956
CVE-2024-32002
CVE-2024-5227
unspecified
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »