CVE-2026-6235 Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manageadminrequests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

PT-2026-34306

Name of the Vulnerable Software and Affected Versions Sendmachine for WordPress versions prior to 1.0.21 Description An authorization bypass exists via the manage admin requests function because the plugin fails to properly verify if a user is authorized to perform an action. This allows...

EUVD-2026-1872

Mailpit is vulnerable to Cross-Site WebSocket Hijacking CSWSH allowing unauthenticated access to emails...

CVE-2026-22689

Mailpit prior to v1.28.2 is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) because the WebSocket upgrader accepts connections from any origin (CheckOrigin always true). This enables a malicious site to create a WebSocket to ws://localhost:8025 and receive real-time data such as email conten...

EUVD-2024-50648

Malicious code in bioql PyPI...

CVE-2024-12174

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server...

CVE-2023-38686

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

CVE-2024-12174

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server...

CVE-2024-12174

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server...

CVE-2024-12174

CVE-2024-12174 affects Tenable Security Center and is caused by improper certificate validation when Security Center sends emails via an SMTP server. The underlying issue allows an authenticated, privileged attacker to intercept email messages sent from Security Center using a rogue SMTP server. ...

CVE-2024-12174

An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server...

GHSA-6648-6G96-MG35 phpMyFAQ User Removal Page Allows Spoofing Of User Details

Summary phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. Details phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing...

CVE-2023-38686

Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with...

GHSA-P6HW-WM59-3G5G Sydent does not verify email server certificates

Impact If configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle MITM attack. Attackers with privileged access to the network can intercept room invitations and address confirmation...

CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

Cloudflare Public Bug Bounty: Hijack all emails sent to any domain that uses Cloudflare Email Forwarding

The Email Routing feature enables Cloudflare users to create any number of custom email addresses and route all incoming messages to the user's preferred inboxes. Due to a bug in zone ownership verification, it was possible to configure Email Routing to redirect e-mail messages for an unverified...

Samsung Email application authorization issue vulnerability

Samsung Email application is a cell phone application from Samsung South Korea. It provides the function of sending and receiving e-mail. A security vulnerability exists in the Samsung Email application version, which can be exploited by an attacker to intercept the provider at the time of...

Apple macOS High Sierra and iOS Mail Drafts Email Interception Vulnerability

Apple macOS High Sierra and iOS are both products of Apple Inc. Apple macOS High Sierra is a dedicated operating system for Mac computers. iOS is an operating system for mobile devices. Mail Drafts is one of the email drafts components. A security vulnerability exists in the Mail Drafts component...

Trend Micro Hosted Email Security (HES) Interception / Insecure Direct Object Reference

Date: 24-Aug-2017 Product: Trend Micro Hosted Email Security HES Versions affected: Hosted Email Security before January 2012. Vulnerability: Two vulnerabilities were discovered. The first allowed any HES user to intercept in-transit emails through the Trend Micro Hosted Email Security cloud...

Reading Uber’s Internal Emails [Uber Bug Bounty report worth $10,000]

After recent finding about one of the Uber’s subdomain takeover was publicly disclosed, I looked into Uber to find similar bugs. One of my colleagues Abhibandu Kafle, pointed out that em.uber.com also had CNAME pointing to SendGrid and could be vulnerable to similar kind of issue. I had limited...