457 matches found
CVE-2026-44194
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...
On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-42897 CVSS score: 8.1, has been described as a spoofing bug stemming from a cross-site scriptin...
CVE-2026-44194
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...
CVE-2026-44194
OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.8, an authenticated Remote Code Execution RCE vulnerability in the OPNsense core allows a user with user-management privileges to execute arbitrary system commands as root. An attacker can bypass input validation by formatti...
CVE-2026-44194
The CVE-2026-44194 entry describes an authenticated RCE in OPNsense prior to version 26.1.8. The vulnerability arises in the local user synchronization flow (core/src/opnsense/scripts/auth/sync_user.php), where input validation can be bypassed by crafting a payload that looks like a valid email a...
Astra Linux - уязвимость в thunderbird
If a MIME email combines OpenPGP and OpenPGP MIME data in a certain way, Thunderbird repeatedly attempts to process and display the message. This could cause Thunderbird’s user interface to lock up and no longer respond to the user’s actions. An attacker could send a crafted message with this...
Astra Linux - уязвимость в mutt
Null pointer dereferencing when viewing a specially crafted email in Mutt 1.5.2 2.2.12...
VulnCheck KEV: CVE-2025-48700
An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0 and 10.0 and 10.1. A Cross-Site Scripting XSS vulnerability in the Zimbra Classic UI allows attackers to execute arbitrary JavaScript within the user's session, potentially leading to unauthorized access to sensitive information...
EUVD-2026-23231
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...
CVE-2026-30459
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...
CVE-2026-30459
An issue in the Forgot Password feature of Daylight Studio FuelCMS v1.5.2 allows unauthenticated attackers to obtain the password reset token of a victim user via a crafted link placed in a valid e-mail message...
CVE-2026-29138
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...
CVE-2026-29131
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...
CVE-2026-35542
CVE-2026-35542 affects Roundcube Webmail prior to 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed by a crafted background attribute of a BODY element in an email, potentially leading to information disclosure or an access-control bypass. No exploitation details are provided i...
CVE-2026-29131
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...
CVE-2026-29138 PGP Decryption Sender LDAP Injection
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...
CVE-2026-29138
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...
PT-2026-29702
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own...
PT-2026-29699
SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...
CVE-2026-4021
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...