CVE-2026-3794

A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and...

CVE-2026-3794 doramart DoraCMS Email API send improper authentication

A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and...

CVE-2026-3794 doramart DoraCMS Email API send improper authentication

A vulnerability was identified in doramart DoraCMS 3.0.x. This issue affects some unknown processing of the file /api/v1/mail/send of the component Email API. Such manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit is publicly available and...

PT-2026-23999

Name of the Vulnerable Software and Affected Versions doramart DoraCMS versions 3.0.x Description A flaw exists in the processing of the /api/v1/mail/send file within the Email API component. This improper handling results in insufficient authentication. Remote attackers can exploit this issue. T...

CVE-2026-22239

The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the...

CVE-2026-22239

The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the...

CVE-2026-22239 Email Sending Vulnerability in BLUVOYIX

The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the...

Bluspark BLUVOYIX 安全漏洞

Bluspark BLUVOYIX is a digital supply chain management platform from US-based Bluspark, Inc. Bluspark BLUVOYIX suffers from a security vulnerability that stems from a flaw in the design of the email sending API, which could lead to an attacker sending unsolicited emails to anyone on behalf of the...

PT-2026-2862

The vulnerability exists in BLUVOYIX due to design flaws in the email sending API. An unauthenticated remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable email sending API. Successful exploitation of this vulnerability could allow the...

Exploit for Code Injection in Orangehrm

OrangeHRM RCE Exploit - CVE-2025-66224 📋 Description This...

PT-2025-41239

Name of the Vulnerable Software and Affected Versions JhumanJ OpnForm versions up to 1.9.3 Description A weakness exists in JhumanJ OpnForm, potentially leading to information exposure. The issue stems from a discrepancy within the Forgotten Password Handler component, specifically related to the...

EUVD-2019-14001

Malware in sbrugna...

EUVD-2012-3428

Malware in sbrugna...

EUVD-2019-7583

Malware in sbrugna...

EUVD-2022-52242

Malicious code in bioql PyPI...

CVE-2019-17123

The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields to /system/ws/v11/ss/email are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. Also, the message parameter can have initial HTML comment characters...

CVE-2012-3472

The email API in application/libraries/api/MYEmailApiObject.php in the Ushahidi Platform before 2.5 does not require authentication, which allows remote attackers to list, delete, or organize messages via a GET request...

CVE-2023-32996

A missing permission check in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...

CVE-2023-32995

A cross-site request forgery CSRF vulnerability in Jenkins SAML Single Sign OnSSO Plugin 2.0.0 and earlier allows attackers to send an HTTP POST request with JSON body containing attacker-specified content, to miniOrange's API for sending emails...

Sql injection

A vulnerability has been found in IBOS up to 4.5.4 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=email/api/mark&op=delFromSend. The manipulation of the argument emailids leads to sql injection. The attack can be launched remotely. The explo...