Lucene search
K

441 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-39894

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00464EPSS
Exploits1References2
Information Security Automation
Information Security Automation
added 2025/06/21 1:39 p.m.13 views

June “In the Trend of VM” (#16): vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver

June "In the Trend of VM" 16: vulnerabilities in Microsoft Windows, Apache HTTP Server, the web interfaces of MDaemon and Zimbra, and the 7-Zip archiver. A traditional monthly vulnerability roundup. Post on Habr rus Digest on the PT website rus A total of 7 trending vulnerabilities: Elevation of...

9.1CVSS6.9AI score0.99957EPSS
Exploits4
Information Security Automation
Information Security Automation
added 2025/05/29 9:46 p.m.15 views

About Cross Site Scripting – MDaemon Email Server (CVE-2024-11182)

About Cross Site Scripting - MDaemon Email Server CVE-2024-11182. An attacker can send an HTML-formatted email containing malicious JavaScript code embedded in an img tag. If the user opens the email in the MDaemon Email Server's web interface, the malicious JavaScript code will execute in the...

6.1CVSS7.3AI score0.58483EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/05/23 7:33 a.m.9 views

CVE-2024-22208

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

6.5CVSS7.1AI score0.0074EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:33 a.m.11 views

CVE-2024-11182

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window...

6.1CVSS6.1AI score0.17105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:14 a.m.6 views

CVE-2023-25171

Kiwi TCMS, an open source test management system, does not impose rate limits in versions prior to 12.0. This makes it easier to attempt denial-of-service attacks against the Password reset page. An attacker could potentially send a large number of emails if they know the email addresses of users...

7.5CVSS6.5AI score0.00908EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/05/23 12:0 a.m.4 views

MDaemon Email Server Installed (Windows)

Binary data mdaemonemailserverwininstalled.nbin...

7.3AI score
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:56 p.m.8 views

CVE-2022-24732

Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing...

8.8CVSS6.9AI score0.00403EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:43 p.m.11 views

CVE-2020-14064

IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts...

6.5CVSS7AI score0.00969EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 p.m.9 views

CVE-2020-14065

IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space...

6.5CVSS7.1AI score0.01462EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:48 p.m.10 views

CVE-2020-14066

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access...

8.8CVSS7.1AI score0.01774EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:54 a.m.6 views

CVE-2019-19497

MDaemon Email Server 17.5.1 allows XSS via the filename of an attachment to an email message...

5.4CVSS5.8AI score0.00602EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:27 a.m.9 views

CVE-2019-13612

MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by default for e-mail messages larger than 2 MB and limits checks to 10 MB even with special configuration, which is arguably inconsistent with currently popular message sizes. This might interfere with risk management for malicious...

7.5CVSS6.9AI score0.01321EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/20 12:0 a.m.4 views

PT-2025-30037 · Ао'Сбк' · Communigate Pro

Уязвимость почтового сервера CommuniGate Pro связана с отсутствием аутентификации для критичной функции. Эксплуатация уязвимости, может позволить нарушителю, действующему удаленно, отправлять электронные письма с произвольным содержанием на любой почтовый адрес...

7.8CVSS7.3AI score
Exploits0References2
CISA KEV Catalog
CISA KEV Catalog
added 2025/05/19 12:0 a.m.22 views

MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability

MDaemon Email Server contains a cross-site scripting XSS vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message...

6.1CVSS5.9AI score0.17105EPSS
In wildExploits0
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.6 views

IceWarp Mail Server 输入验证错误漏洞

IceWarp Mail Server is a mail server product from the Czech company IceWarp IceWarp. The product supports email archiving, SmartAttach attachments, automatic migration and more. An input validation error vulnerability exists in IceWarp Mail Server, which can be exploited to cause users to be...

6.1CVSS6.8AI score0.00425EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2025/05/15 12:0 a.m.6 views

VulnCheck KEV: CVE-2024-11182

MDaemon Email Server contains a cross-site scripting XSS vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message...

6.1CVSS5.9AI score0.17105EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/01 12:0 p.m.9 views

CVE-2025-3929

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...

6.1CVSS6.2AI score0.00474EPSS
Exploits0References1
OSV
OSV
added 2025/04/29 12:15 p.m.4 views

CVE-2025-3929

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...

6.1CVSS6AI score0.00474EPSS
Exploits0References1
NVD
NVD
added 2025/04/29 12:15 p.m.31 views

CVE-2025-3929

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...

6.1CVSS0.00474EPSS
Exploits0References1
Rows per page
Query Builder