383 matches found
Astra Linux - уязвимость в emacs
In Emacs versions before 29.3, LaTeX preview is enabled by default for e-mail attachments...
CVE-2026-6344 Fluent Forms <= 6.2.1 - Authenticated (Administrator+) Arbitrary File Read via Path Traversal in Email Attachment
The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...
EUVD-2026-27536
The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...
CVE-2026-6320
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...
CVE-2026-6320
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...
CVE-2026-6320
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...
EUVD-2026-26784
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...
CVE-2026-6320 Salon Booking System – Free Version <= 10.30.25 - Unauthenticated Arbitrary File Read via Booking File Field Path Traversal
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...
PT-2026-36611
The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...
CVE-2026-25512
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...
CVE-2022-50908
Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the email attachments due to the missing verification for API requests to localhost. An attacker can execute arbitrary scripts in the context of the user's browser by sending specially crafted emails...
CVE-2022-50908
Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...
CVE-2022-50908
Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...
CVE-2022-50908
MailHog 1.0.1 is affected by a stored XSS vulnerability in attachments that allows execution of arbitrary API calls (e.g., message deletion, browser manipulation) when a crafted email is processed. Technical details from multiple sources indicate the issue stems from improper handling of attachme...
CVE-2022-50908 Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)
Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...
PT-2026-2384
Name of the Vulnerable Software and Affected Versions Mailhog version 1.0.1 Description Mailhog version 1.0.1 has a stored cross-site scripting issue. Attackers can inject malicious scripts through email attachments. By sending crafted emails with XSS payloads, attackers can execute arbitrary API...
MailHog 跨站脚本漏洞
MailHog is MailHog open source a SMTP protocol testing tool . Mailhog version 1.0.1 suffers from a cross-site scripting vulnerability that stems from stored cross-site scripting , which could lead to an attacker injecting malicious scripts and executing arbitrary API calls via email attachments...
CVE-2023-49243
Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2022-35487
Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files...