CVE-2025-32426 Formie has a XSS vulnerability for email notification content for preview

Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would requir...

Session Recording Notification Emails are Not Received After Upgrading to 2203CU6

When a user logs onto a VDA with Session Recording Agent 2203 CU6 installed and e-mail notifications enabled. The End user sees the notification banner, the session is recorded, but the Session recording Notification emails are no longer received from the VDA...

The vulnerability of the email notification sending function in Netgear WNR854T router software allows a hacker to execute arbitrary commands.

The vulnerability of the email notification sending function in Netgear WNR854T router microprogramming software is related to the failure to take measures to neutralize special elements used in the operating system’s processing of the emailaddress parameter. Exploiting this vulnerability allows ...

CVE-2025-30816

Cross-Site Request Forgery CSRF vulnerability in Nks publish post email notification publish-post-email-notification allows Cross Site Request Forgery.This issue affects publish post email notification: from n/a through = 1.0.2.3...

CVE-2025-30816

Cross-Site Request Forgery CSRF vulnerability in Nks publish post email notification publish-post-email-notification allows Cross Site Request Forgery.This issue affects publish post email notification: from n/a through = 1.0.2.3...

WordPress publish post email notification plugin <= 1.0.2.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin publish post email notification versions = 1.0.2.3...

CVE-2025-30816

CVE-2025-30816 refers to a CSRF in the WordPress plugin “publish post email notification.” Public data in connected docs indicates this affects versions from 1.0.0? through 1.0.2.3 (i.e.,

WordPress plugin publish post email notification 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2020-13276

User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1...

CVE-2024-11479 Authenticated HTML Injection in Issuetrak Ticket Comment Function

A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket...

CVE-2024-8979

The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.9 via the 'initcontentlostpassworduseremailcontrols' function. This makes it...

CVE-2024-52292

Craft is a content management system CMS. The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function...

CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files

Craft is a content management system CMS. The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function...

CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files

Craft is a content management system CMS. The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function...

CVE-2024-46988

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.40, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, users might receive email notification with information they should not have access to...

Repeat Email Notification: "License update interrupted: Paid license is not installed."

Challenge After installing or upgrading to Veeam Backup for Microsoft 365 version 8 using Community Edition or an NFR Not-For-Resale license, email notifications are sent daily that state that state: Veeam Backup for Microsoft 365 Failed to update license License updated interrupted: Paid license...

Mozilla: Information disclosure on password cancel endpoint

The password reset cancellation process disclosed the user's IP address in the email sent to the user upon cancellation. This information disclosure vulnerability was exploited to obtain the IP address of a user by tricking them into submitting the password reset cancellation request...

CVE-2024-43386

A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAILNOTIFICATION.TO in mGuard devices...

PT-2024-30546 · Mguard · Mguard

Name of the Vulnerable Software and Affected Versions: mGuard devices affected versions not specified Description: A low privileged remote attacker can trigger the execution of arbitrary OS commands as root due to improper neutralization of special elements in the variable EMAIL NOTIFICATION.TO...

CVE-2024-41953 Zitadel improperly sanitizes HTML in emails and Console UI

Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may...