CVE-2026-32538

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through = 1.1.24...

EUVD-2026-15912

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through = 1.1.24...

CVE-2026-32538 WordPress SMTP Mailer plugin <= 1.1.24 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through = 1.1.24...

CVE-2026-32538

Insertion of Sensitive Information Into Sent Data vulnerability in Noor Alam SMTP Mailer smtp-mailer allows Retrieve Embedded Sensitive Data.This issue affects SMTP Mailer: from n/a through = 1.1.24...

CVE-2026-32538

CVE-2026-32538 : WordPress SMTP Mailer plugin

VulnCheck KEV: CVE-2023-27032

Prestashop advancedpopupcreator v1.1.21 to v1.1.24 was discovered to contain a SQL injection vulnerability via the component AdvancedPopup::getPopups...

CVE-2025-10348

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

EUVD-2025-37001

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

CVE-2025-10348

CVE-2025-10348 affects URVE Smart Office. The issue is a stored XSS in the report problem functionality: an attacker with low privileges can upload an SVG containing a payload, which executes when a victim visits the uploaded resource’s URL. The resource is publicly accessible without authenticat...

CVE-2025-10348 Stored Cross-Site Scripting in URVE Smart Office

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

CVE-2025-10348 Stored Cross-Site Scripting in URVE Smart Office

URVE Smart Office is vulnerable to Stored XSS in report problem functionality. An attacker with a low-privileged account can upload an SVG file containing a malicious payload, which will be executed when a victim visits the URL of the uploaded resource. The resource is available to anyone without...

URVE Smart Office 跨站脚本漏洞

URVE Smart Office is a smart office resource management system from URVE Smart Office, Poland. A cross-site scripting vulnerability exists in URVE Smart Office versions prior to 1.1.24, which stems from the presence of stored cross-site scripting in the function reporting the issue, which could...

PT-2025-44401

Name of the Vulnerable Software and Affected Versions URVE Smart Office versions prior to 1.1.24 Description URVE Smart Office is susceptible to a Stored Cross-Site Scripting XSS issue within the report problem functionality. An attacker possessing a low-privileged account can upload a Scalable...

EUVD-2025-26960

Malicious code in bioql PyPI...

EUVD-2025-28566

Malicious code in bioql PyPI...

CVE-2025-58817

CVE-2025-58817 describes a Missing Authorization (Broken Access Control) vulnerability in DesertThemes SoftMe WordPress Theme, affecting versions up to 1.1.24. Root cause is incorrectly configured access control; impact is limited to exposure due to authorization gaps (CVSSv3.1/3.1 base 4.3, Medi...

CVE-2025-58817 WordPress SoftMe Theme <= 1.1.27 - Broken Access Control Vulnerability

Missing Authorization vulnerability in desertthemes SoftMe softme allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoftMe: from n/a through = 1.1.27...

PT-2025-36156

Name of the Vulnerable Software and Affected Versions: SoftMe versions through 1.1.24 Description: A missing authorization flaw exists in DesertThemes SoftMe, allowing exploitation due to incorrectly configured access control security levels. Recommendations: Update SoftMe to a version beyond...

WordPress SoftMe Theme <= 1.1.24 is vulnerable to Broken Access Control

Software SoftMe Type Theme Vulnerable versions = 1.1.24 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2025-58817 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 73da99fa2c92 Credits Martino Spagnuolo r3verii Required...

WordPress plugin SoftMe 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...