Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
email-address project email-address vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2018-1000025
Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 contains a Incorrect Access Control vulnerability in src/Firebase/Auth/IdTokenVerifier.php does not verify for token signature that can result in JWT with any email address and user ID could be forged from an act...
Firebase Admin Sdk For Php Project Firebase Admin Sdk For Php
7.5
CVSSv3
CVE-2022-2379
The Easy Student Results WordPress plugin up to and including 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical addr...
Easy Student Results Project Easy Student Results
6.5
CVSSv3
CVE-2022-1761
The Peter’s Collaboration E-mails WordPress plugin up to and including 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more.
Peter's Collaboration E-mails Project Peter's Collaboration E-mails
4.3
CVSSv3
CVE-2021-24824
The [field] shortcode included with the Custom Content Shortcode WordPress plugin prior to 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination wi...
Custom Content Shortcode Project Custom Content Shortcode
6.1
CVSSv3
CVE-2018-19924
An issue exists in Sales & Company Management System (SCMS) through 2018-06-06. An email address can be modified in between the request for a validation code and the entry of the validation code, leading to storage of an XSS payload contained in the modified address.
Sales & Company Management System Project Sales & Company Management System
8.8
CVSSv3
CVE-2021-24892
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) prior to 1.6.9 allows authenticated remote malicious user to change arbitrary user's email address and request for reset password, which could lead to take over of WordPress's administr...
Advanced Forms Project Advanced Forms
7.5
CVSSv3
CVE-2022-3119
The OAuth client Single Sign On WordPress plugin prior to 3.0.4 does not have authorisation and CSRF when updating its settings, which could allow unauthenticated malicious users to update them and change the OAuth endpoints to ones they controls, allowing them to then be authent...
Oauth Client Single Sign On Project Oauth Client Single Sign On
5.3
CVSSv3
CVE-2020-8792
The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an information-exposure issue. In the mobile app, an attempt to add an already-bound lock by its barcode reveals the email address of the account to which the lock is bound, as well as the nam...
Oklok Project Oklok 3.1.1
5.9
CVSSv3
CVE-2019-8338
The signature verification routine in the Airmail GPG-PGP Plugin, versions 1.0 (9) and previous versions, does not verify the status of the signature at all, which allows remote malicious users to spoof arbitrary email signatures by crafting a signed email with an invalid signatu...
Gpg-pgp Project Gpg-pgp
7.7
CVSSv3
CVE-2020-26254
omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (RubyGem omniauth-apple). In omniauth-apple before version 1.0.1 attackers can fake their email address during authentication. This vulnerability impacts applications using the omniauth-apple strategy of O...
Omniauth-apple Project Omniauth-apple
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »