147 matches found
Canon Devices - Authentication Bypass in Catwalk Server
Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For...
CVE-2026-4024
Technical details about CVE-2026-4024 are not provided in the connected documents. Public specifics (affected versions, impact, fixes) require additional sources; monitor for updates.
CVE-2026-6235 Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests
The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manageadminrequests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...
EUVD-2026-17571
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the group email settings test endpoint could be used to make the server initiate outbound connections to arbitrary hosts a...
PT-2026-29317
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, the group email settings test endpoint could be used to make the server initiate outbound connections to arbitrary hosts a...
CI4MS 跨站脚本漏洞
CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.31.0.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper handling of user input related to email settings in system configurations, which could lead to...
WordPress plugin Post SMTP 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2023-7312
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affecte...
CVE-2023-7312
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affecte...
CVE-2023-7312
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affecte...
CVE-2023-7312
Nagios Fusion is affected by a stored XSS in Email Settings for versions prior to 4.2.0. The vulnerability arises from insufficient input sanitization, allowing unsanitized input to be stored and later rendered in the administrative UI, enabling JavaScript execution in the browsers of users viewi...
CVE-2023-7312 Nagios Fusion < 4.2.0 Email Settings Stored XSS via SMTP/sendmail
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affecte...
CVE-2023-7312 Nagios Fusion < 4.2.0 Email Settings Stored XSS via SMTP/sendmail
Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affecte...
PT-2025-44489
Name of the Vulnerable Software and Affected Versions Nagios Fusion versions prior to 4.2.0 Description Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS issue when adding or configuring Email Settings. Insufficient input sanitization allows malicious code to be stor...
Nagios Fusion 安全漏洞
Nagios Fusion is a centralized monitoring and visualization platform from the US-based Nagios, Inc. A security vulnerability exists in Nagios Fusion versions prior to 4.2.0, which stems from a failure to clear user input when adding or configuring Email Settings, and could lead to a stored...
EUVD-2021-11229
Malware in sbrugna...
EUVD-2021-11619
Malware in sbrugna...
EUVD-2021-24625
Malware in sbrugna...
EUVD-2019-18445
Malware in sbrugna...
EUVD-2025-16393
Malicious code in bioql PyPI...