CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

185 matches found

Positive Technologies•added yesterday•4 views

PT-2026-46986

Impact If an attacker hacks into a vantage6 user's email account, they can 1 reset the password via email and then 2 reset the 2FA token via email. This way they reduce 2FA to 1FA email access. Note that most email providers require 2FA to access email, so this issue is not very likely to cause...

5.9CVSS5.5AI score

Exploits0References5

OSV•added 2026/05/09 8:16 p.m.•1 views

DEBIAN-CVE-2026-42258

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0.6.4, symbol arguments to commands are vulnerable to a CRLF Injection / IMAP Command injection via Symbol arguments passed to IMAP commands. This issue has been patched ...

9.8CVSS5.7AI score0.00092EPSS

Exploits0References1

CNNVD•added 2026/04/27 12:0 a.m.•4 views

SmarterTools SmarterMail 安全特征问题漏洞

SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Prior versions of SmarterTools SmarterMail up to version 9610 had...

8.2CVSS5.9AI score0.00035EPSS

Exploits0References1

HackRead•added 2026/02/26 2:34 p.m.•3 views

Entra ID OAuth Consent Can Grant ChatGPT Access to Emails

OAuth consent in Entra ID can grant apps like ChatGPT email access after approval, exposing hidden risks that may bypass MFA and enable persistent access...

5.4AI score

Exploits0

Github Security Blog•added 2026/02/14 6:30 a.m.•5 views

ImapEngine affected by command injection via the ID command parameters

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

7.6CVSS5.6AI score0.00023EPSS

Exploits0References6Affected Software1

Vulnrichment•added 2026/02/14 5:0 a.m.•2 views

CVE-2026-2469

7.6CVSS5.6AI score0.00023EPSS

Exploits0References4

CVE•added 2026/02/14 5:0 a.m.•9 views

CVE-2026-2469

CVE-2026-2469 affects directorytree/imapengine prior to 1.22.3. The root cause is improper escaping in ImapConnection.php when constructing IMAP ID commands, allowing injection via id() inputs (quotes or CRLF). Impact includes reading/deleting emails, terminating sessions, or issuing any IMAP com...

7.6CVSS5.7AI score0.00023EPSS

Exploits0References4

Positive Technologies•added 2026/02/14 12:0 a.m.•4 views

PT-2026-8056

Name of the Vulnerable Software and Affected Versions directorytree/imapengine versions prior to 1.22.3 Description The software contains a flaw due to improper handling of user-supplied data before it is used in IMAP ID commands within the ImapConnection.php file. Specifically, the id function...

7.6CVSS5.8AI score0.00023EPSS

Exploits0References9

CNNVD•added 2026/02/14 12:0 a.m.•2 views

ImapEngine 安全漏洞

ImapEngine is an email management interface developed by DirectoryTree. Versions of ImapEngine prior to 1.22.3 contained security vulnerabilities. These vulnerabilities stemmed from the id function in ImapConnection.php, which had improper handling of user input. This could allow attackers to rea...

7.6CVSS5.9AI score0.00023EPSS

Exploits0References4

OSV•added 2026/01/13 3:11 p.m.•3 views

GHSA-524M-Q5M7-79MM Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails

Summary The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking CSWSH vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally,...

6.5CVSS6.5AI score0.00012EPSS

Exploits2References4

Cvelist•added 2025/12/13 4:31 a.m.•21 views

CVE-2025-11707 Login Lockdown & Protection <= 2.14 - IP Block Bypass

The Login Lockdown & Protection plugin for WordPress is vulnerable to IP Block Bypass in all versions up to, and including, 2.14. This is due to $unblockkey key being insufficiently random allowing unauthenticated users, with access to an administrative user email, to generate valid unblock keys...

5.3CVSS0.00142EPSS

Exploits0References3

RedhatCVE•added 2025/11/28 4:57 a.m.•5 views

CVE-2025-13539

The FindAll Membership plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.4. This is due to the plugin not properly logging in a user with the data that was previously verified through the 'findallmembershipcheckfacebookuser' and the...

9.8CVSS5.9AI score0.00461EPSS

Exploits0References1

Securelist•added 2025/11/21 10:0 a.m.•5 views

ToddyCat: your hidden email assistant. Part 1

Introduction Email remains the main means of business correspondence at organizations. It can be set up either using on-premises infrastructure for example, by deploying Microsoft Exchange Server or through cloud mail services such as Microsoft 365 or Gmail. However, some organizations do not...

6.6AI score

Exploits0