Lucene search
K

49876 matches found

Nuclei
Nuclei
added 16 hours ago20 views

Canon Devices - Authentication Bypass in Catwalk Server

Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For...

7.5CVSS7AI score0.04EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago63 views

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

7.5CVSS6.1AI score0.02362EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago57 views

SpeakOut Email Petitions < 2.14.15.1 - SQL Injection

The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dkspeakoutsendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users. id: CVE-2022-0846 info: name: SpeakOut Email...

9.8CVSS7.1AI score0.08785EPSS
Exploits2References5
Nuclei
Nuclei
added 16 hours ago64 views

Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash

Email Subscribers by Icegram Express = 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter. id: CVE-2024-4295 info: name: Email Subscribers by Icegram Express = 5.7.20 - Unauthenticated SQL Injection via Hash author: iamnoooob,rootxharsh,pdresearch severity:...

9.8CVSS7.1AI score0.10161EPSS
Exploits1References4
Nuclei
Nuclei
added 16 hours ago49 views

XWiki < 4.10.15 - Email Disclosure

The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email using XWiki's regular search interface. id: CVE-2023-50720 info: name: XWiki 4.10.15 - Email Disclosure author:...

5.3CVSS6.2AI score0.59119EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago108 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.5AI score0.01333EPSS
Exploits1References5
Nuclei
Nuclei
added 16 hours ago53 views

WordPress Core - Post Author Email Disclosure

WordPress Core is vulnerable to Sensitive Information Exposure in versions between 4.7.0 and 6.3.1 via the User REST endpoint. While the search results do not display user email addresses unless the requesting user has the 'listusers' capability, the search is applied to the useremail column. id:...

5.3CVSS6.5AI score0.03862EPSS
Exploits4References3
Nuclei
Nuclei
added 16 hours ago41 views

Sensei LMS < 4.24.2 - Email Template Leak

The Sensei LMS WordPress plugin before 4.24.2 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak email templates. id: CVE-2024-7786 info: name: Sensei LMS 4.24.2 - Email Template Leak author: s4e-io severity: high description: | The Sensei LMS WordPress...

7.5CVSS6.1AI score0.01635EPSS
Exploits1References3
Nuclei
Nuclei
added 16 hours ago75 views

Popup by Supsystic < 1.10.9 - Subscriber Email Addresses Disclosure

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users id: CVE-2022-0424 info: name: Popup by Supsystic 1.10.9 - Subscriber Email...

5.3CVSS6.2AI score0.02869EPSS
Exploits2References2
Nuclei
Nuclei
added 16 hours ago87 views

b2evolution CMS <6.11.6 - Open Redirect

b2evolution CMS before 6.11.6 contains an open redirect vulnerability via the redirectto parameter in emailpassthrough.php. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-22840 info:...

6.1CVSS6.4AI score0.13817EPSS
Exploits3References5
Nuclei
Nuclei
added 16 hours ago110 views

Eyou E-Mail <3.6 - Remote Code Execution

Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php via the getloginipconfigfile function. id: CVE-2014-1203 info: name: Eyou E-Mail 3.6 - Remote Code Execution author: pikpik...

9.8CVSS7.3AI score0.15647EPSS
Exploits0References5
Nuclei
Nuclei
added 16 hours ago21 views

WordPress Email Newsletter - Reflected XSS

WordPress Email Newsletter plugin through 1.1 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter before outputting it in the page, letting attackers execute malicious scripts in the context of high privilege users, exploit requires attacker to cra...

5.4CVSS7AI score0.00688EPSS
Exploits1References1
Nuclei
Nuclei
added 16 hours ago14 views

Group-Office < 26.0.5 - Remote Code Execution

Group-Office before versions 6.8.150, 25.0.82, and 26.0.5 is vulnerable to remote code execution via OS command injection. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmpfile into an exec call. By injecting shell metacharacters into...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References4
Nuclei
Nuclei
added 16 hours ago52 views

Mail Mint < 1.19.5 - Unauthenticated Email Disclosure

Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...

7.5CVSS6.1AI score0.01379EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago44 views

WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

5.3CVSS6.1AI score0.00669EPSS
Exploits0References3
Nuclei
Nuclei
added 16 hours ago9 views

SureForms <= 1.13.1 - Sensitive Information Exposure

SureForms WordPress plugin = 1.13.1 contains a sensitive information exposure caused by setting 'authcallback' to 'returntrue' in 'srfmemailnotification' post meta registration, letting unauthenticated attackers access sensitive email notification data, exploit requires no authentication. id:...

7.5CVSS6.1AI score0.01986EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago37 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7AI score0.04184EPSS
Exploits3References2
Nuclei
Nuclei
added 16 hours ago29 views

Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

Frontend File Manager Plugin WordPress plugin through 23.5 contains an open relay and unauthorized file access vulnerability caused by lack of authentication and security checks, letting unauthenticated attackers send emails and access files, exploit requires no authentication. id: CVE-2026-0829...

5.8CVSS6.1AI score0.00682EPSS
Exploits0References4
Nuclei
Nuclei
added 16 hours ago44 views

JS Help Desk <= 2.8.1 - SQL Injection

The JS Help Desk – Best Help Desk & Support Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘email' and 'trackingid' parameters in all versions up to 2.8.2 exclusive due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing S...

9.8CVSS7AI score0.02041EPSS
Exploits0References2
Nuclei
Nuclei
added 16 hours ago11 views

WordPress Qubely < 1.8.6 - Unauthenticated Email Sending

Qubely WordPress plugin 1.8.6 contains an insecure deserialization caused by unauthenticated users being able to send arbitrary emails via the qubelysendformdata AJAX action, letting attackers send spam or malicious emails, exploit requires no authentication. id: CVE-2021-24916 info: name:...

7.5CVSS7AI score0.01535EPSS
Exploits2References2
Rows per page
Query Builder