Lucene search
K

749 matches found

CVE
CVE
added 2025/06/13 5:4 p.m.59 views

CVE-2025-49583

XWiki (platform) vulnerability CVE-2025-49583 involves a user without script-right creating a document containing an XWiki.Notifications.Code.NotificationEmailRendererClass object. When an admin later edits and saves that document, the email templates in this object are used for notifications. Th...

5.1CVSS6.7AI score0.00228EPSS
Exploits1References3Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 6:59 a.m.12 views

CVE-2024-25151

The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote...

5.4CVSS5.3AI score0.00471EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:29 a.m.9 views

CVE-2023-50456

An issue was discovered in Zammad before 6.2.0. An attacker can trigger phishing links in generated notification emails via a crafted first or last name...

5.3CVSS6.8AI score0.00441EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 2:49 a.m.5 views

CVE-2023-32659

SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications...

6.5CVSS6.4AI score0.00386EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:58 p.m.7 views

CVE-2021-36403

In Moodle, in some circumstances, email notifications of messages could have the link back to the original message hidden by HTML, which may pose a phishing risk...

5.3CVSS6.6AI score0.00526EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 7:54 a.m.9 views

CVE-2019-11544

An issue was discovered in GitLab Community and Enterprise Edition 8.x, 9.x, 10.x, and 11.x before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2. It allows Information Disclosure. Non-member users who subscribe to notifications of an internal project with issue and repository...

4.3CVSS6.4AI score0.01044EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/07 12:0 a.m.6 views

q2apro-on-site-notifications 代码注入漏洞

q2apro-on-site-notifications is a plugin for q2apro individual developers that replaces all email notifications for forums. A code injection vulnerability exists in q2apro-on-site-notifications version 1.4.6 and earlier, which stems from improper handling of the processrequest function in the fil...

5.1CVSS4.8AI score0.0028EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/04/17 1:27 p.m.13 views

CVE-2025-26741

Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through = 1.1.6...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2025/04/15 12:15 p.m.9 views

CVE-2025-26741

Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through = 1.1.6...

8.8CVSS0.0033EPSS
Exploits0References1
CVE
CVE
added 2025/04/15 11:59 a.m.46 views

CVE-2025-26741

CVE-2025-26741 concerns the WordPress plugin Email Notifications for Updates (also reflected as AWEOS GmbH Email Notifications for Updates) page up to version 1.1.6. The connected documents confirm a Missing Authorization vulnerability that allows privilege escalation, with CVSSv3.1 baseline metr...

8.8CVSS5.9AI score0.0033EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/15 11:59 a.m.7 views

CVE-2025-26741 WordPress Email Notifications for Updates <= 1.1.6 - Privilege Escalation Vulnerability

Missing Authorization vulnerability in AWEOS GmbH Email Notifications for Updates wp-update-mail-notification allows Privilege Escalation.This issue affects Email Notifications for Updates: from n/a through = 1.1.6...

8.8CVSS5.2AI score0.0033EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/15 12:0 a.m.5 views

PT-2025-16312 · Aweos Gmbh · Aweos Gmbh Email Notifications For Updates

Name of the Vulnerable Software and Affected Versions: AWEOS GmbH Email Notifications for Updates versions 1.1.6 and earlier Description: The issue is related to a Missing Authorization vulnerability that allows Privilege Escalation in AWEOS GmbH Email Notifications for Updates. Recommendations:...

8.8CVSS8.4AI score0.0033EPSS
Exploits0References8
NVD
NVD
added 2025/04/11 2:15 p.m.24 views

CVE-2025-32426

Formie is a Craft CMS plugin for creating forms. Prior to version 2.1.44, it is possible to inject malicious code into the HTML content of an email notification, which is then rendered on the preview. There is no issue when rendering the email via normal means a delivered email. This would requir...

5.4CVSS0.00198EPSS
Exploits0References1
CVE
CVE
added 2025/04/11 1:42 p.m.64 views

CVE-2025-32426

CVE-2025-32426 affects the Formie Craft CMS form plugin. The issue is an HTML injection (XSS) vulnerability in the HTML content of email notification previews, exploitable only if an attacker can modify the form’s email notification settings. The root cause is insufficient sanitization in the ema...

5.4CVSS4.8AI score0.00198EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/05 1:44 a.m.12 views

CVE-2025-2933 Email Notifications for Updates <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awunimportsettings function in all versions up to, and including, 1.1.6. This makes it possible for...

8.8CVSS0.00366EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/05 1:44 a.m.3 views

CVE-2025-2933 Email Notifications for Updates <= 1.1.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

The Email Notifications for Updates plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the awunimportsettings function in all versions up to, and including, 1.1.6. This makes it possible for...

8.8CVSS7.2AI score0.00366EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/05 12:0 a.m.3 views

PT-2025-15051 · WordPress · Email Notifications For Updates

Name of the Vulnerable Software and Affected Versions: Email Notifications for Updates plugin for WordPress versions up to, and including, 1.1.6 Description: The issue allows unauthorized modification of data, potentially leading to privilege escalation, due to a missing capability check on the...

8.8CVSS9.4AI score0.00366EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/02/22 4:22 a.m.14 views

CVE-2024-49782

IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification...

8.2CVSS6.5AI score0.00344EPSS
Exploits0References1
NVD
NVD
added 2025/02/20 12:15 p.m.15 views

CVE-2024-49337

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...

5.4CVSS0.00245EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/02/20 12:9 p.m.16 views

CVE-2024-49337 IBM OpenPages HTML injection

IBM OpenPages with Watson 8.3 and 9.0 IBM OpenPages is vulnerable to HTML injection, caused by improper validation of user-supplied input of text fields used to construct workflow email notifications. A remote authenticated attacker could exploit this vulnerability using HTML tags in a text field...

5.4CVSS0.00245EPSS
Exploits0References1
Rows per page
Query Builder