Lucene search
K

188 matches found

Snyk
Snyk
added 2024/11/27 9:59 p.m.1 views

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' due to the improper handling of user input in the email sending functionality. An attacker can send spam, phishing emails, or other malicio...

8.7CVSS7AI score0.00451EPSS
Exploits0References2
CNVD
CNVD
added 2024/11/08 12:0 a.m.8 views

Lunary Email Injection Vulnerability

lunary is lunary open source a production toolkit for LLM . An email injection vulnerability exists in lunary, which allows an unauthenticated attacker to inject data into an outgoing email by bypassing the function using different space characters. No detailed vulnerability details are provided ...

6.5CVSS7.1AI score0.00418EPSS
Exploits1References1
OSV
OSV
added 2024/10/29 1:15 p.m.22 views

CVE-2024-7472

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

6.5CVSS7.1AI score0.00418EPSS
Exploits1References2
NVD
NVD
added 2024/10/29 1:15 p.m.35 views

CVE-2024-7472

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

6.5CVSS0.00418EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/10/29 12:49 p.m.37 views

CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

5.3CVSS0.00418EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/10/29 12:49 p.m.12 views

CVE-2024-7472 Email Injection Vulnerability in lunary-ai/lunary

lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API /v1/users/send-verification and Sign up API /auth/signup. An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace...

5.3CVSS7.4AI score0.00418EPSS
Exploits1References2
CVE
CVE
added 2024/10/29 12:49 p.m.102 views

CVE-2024-7472

CVE-2024-7472 affects lunary-ai/lunary v1.2.26, exposing an email injection vulnerability in the /v1/users/send-verification and /auth/signup endpoints. The root cause is bypassing the extractFirstName function by using an alternate whitespace character (e.g., \xa0), enabling data to be injected ...

6.5CVSS5.6AI score0.00418EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2024/10/29 12:0 a.m.4 views

Lunary 安全漏洞

lunary is lunary open source a production toolkit for LLM . An email injection vulnerability exists in lunary, which allows an unauthenticated attacker to inject data into an outgoing email by bypassing the function using different space characters. No detailed vulnerability details are provided ...

6.5CVSS7.3AI score0.00418EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/10/29 12:0 a.m.4 views

PT-2024-38372 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary version 1.2.26 Description: The issue allows an unauthenticated attacker to inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character, such as xa0. This can be exploite...

6.5CVSS5.5AI score0.00418EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/09/18 12:0 a.m.4 views

PT-2024-30259 · Rws · Rws Multitrans

Name of the Vulnerable Software and Affected Versions: RWS MultiTrans versions 7.0.23324.2 and earlier Description: The issue allows attackers to alter the HTML-layout and possibly execute a phishing attack via a crafted payload injected into a sent e-mail. Recommendations: For RWS MultiTrans...

6.1CVSS7.3AI score0.00316EPSS
Exploits0References6
OSV
OSV
added 2024/08/26 3:15 p.m.3 views

CVE-2024-8167

A vulnerability was found in code-projects Job Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /forget.php. The manipulation of the argument email/mobile leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclose...

9.8CVSS5.8AI score0.00648EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/03/04 12:0 a.m.4 views

PT-2024-19085 · Gallagher · Gallagher Command Centre

Name of the Vulnerable Software and Affected Versions: Gallagher Command Centre versions 8.60 and prior Gallagher Command Centre versions 8.70 prior to vEL8.70.2526 MR6 Gallagher Command Centre versions 8.80 prior to vEL8.80.1526 MR4 Gallagher Command Centre versions 8.90 prior to vEL8.90.1751 MR...

6.8CVSS7.5AI score0.00304EPSS
Exploits0References6
Cvelist
Cvelist
added 2024/02/22 6:37 p.m.41 views

CVE-2024-26151 Potentially untrusted input is rendered as HTML in final output

The mjml PyPI package, found at the FelixSchwarz/mjml-python GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of FelixSchwarz/mjml-python who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input...

8.2CVSS8.2AI score0.00621EPSS
Exploits1References5
Veracode
Veracode
added 2024/02/19 2:4 a.m.31 views

SMTP Smuggling

sendmail is vulnerable to SMTP Smuggling. The vulnerability is due to injecting email messages with a spoofed MAIL FROM address using sendmail supports . sequence which allows malicious emails to be accepted as legitimate and leads to bypass of SPF protection mechanisms...

5.3CVSS6.6AI score0.01073EPSS
Exploits2References18Affected Software1
OSV
OSV
added 2024/01/29 10:52 a.m.5 views

USN-6611-1 exim4 vulnerability

It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism...

5.3CVSS7.3AI score0.01072EPSS
Exploits1References2
OSV
OSV
added 2023/12/24 5:15 a.m.6 views

CVE-2023-51764

Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpddatarestrictions=rejectunauthpipelining and smtpddiscardehlokeywords=chunking or certain other options that exist in recent versions. Remote attackers can use a published exploitation technique to inject e-mail messages with ...

5.3CVSS5.2AI score0.02598EPSS
Exploits4References19
CVE
CVE
added 2023/12/24 12:0 a.m.207 views

CVE-2023-51764

Postfix CVE-2023-51764 affects Postfix versions prior to fixed releases (e.g., 3.8.5 and earlier patched lines) and allows SMTP smuggling via non-standard end-of-data handling, enabling spoofed MAIL FROM and SPF bypass. Public advisories (ALMA/AMAZON/Linux distributions and Debian LTS) confirm th...

5.3CVSS5.1AI score0.02598EPSS
Exploits4References19Affected Software1
Positive Technologies
Positive Technologies
added 2023/11/05 12:0 a.m.4 views

PT-2023-10638 · Unknown · Magnesium-Php

Name of the Vulnerable Software and Affected Versions: Magnesium-PHP versions up to 0.3.0 Description: A vulnerability was found in Magnesium-PHP, classified as problematic. The issue affects the formatEmailString function of the file src/Magnesium/Message/Base.php. The manipulation of the...

9.8CVSS4.9AI score0.00692EPSS
Exploits0References10
Huntr
Huntr
added 2023/08/05 10:21 p.m.11 views

HTML Injection - real Aptabase emails

Description Due to lack of validation Name field during registration, bad actor can send emails with HTML injected code to the victims. Proof of Concept Payload example: Jameees Repro steps: Go to https://eu.aptabase.com/auth/register and for field 'Name' use payload with HTML. Open email from...

7AI score
Exploits0References2
NVD
NVD
added 2023/03/20 4:15 p.m.33 views

CVE-2023-22288

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

5.4CVSS4.9AI score0.00399EPSS
Exploits0References1
Rows per page
Query Builder