CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5190 matches found

ATTACKERKB•added 2026/05/20 10:54 a.m.•8 views

CVE-2026-25602

Insufficient Verification of Data Authenticity vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component makes it possible to send messages to any email address. This issue affects Meona Client Launcher Component: through 19.06.2020 15:11:49; Meona Server Component:...

4.4CVSS5.8AI score0.00089EPSS

Exploits0References2

Vulnrichment•added 2026/05/20 10:54 a.m.•9 views

CVE-2026-25602

4.4CVSS5.8AI score0.00089EPSS

Exploits0References1

Github Security Blog•added 2026/04/03 6:31 a.m.•5 views

Roundcube Webmail: Remote image blocking feature can be bypassed via SVG content in an e-mail message

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke...

8.2CVSS5.9AI score0.00329EPSS

Exploits0References9Affected Software1

OSV•added 2026/04/03 5:16 a.m.•2 views

UBUNTU-CVE-2026-35544

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets CSS sanitization in HTML e-mail messages may lead to a fixed-position mitigation bypass via the use of !important...

5.3CVSS5.8AI score0.00366EPSS

Exploits0References10

Vulnrichment•added 2026/04/03 3:59 a.m.•6 views

CVE-2026-35544

5.3CVSS5.9AI score0.00366EPSS

Exploits0References7

CVE•added 2026/04/03 3:54 a.m.•10 views

CVE-2026-35542

CVE-2026-35542 affects Roundcube Webmail prior to 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed by a crafted background attribute of a BODY element in an email, potentially leading to information disclosure or an access-control bypass. No exploitation details are provided i...

5.3CVSS5.9AI score0.00402EPSS

Exploits0References7Affected Software1

OSV•added 2026/04/02 3:16 p.m.•5 views

DEBIAN-CVE-2026-31934

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

7.5CVSS5.1AI score0.00272EPSS

Exploits0References1

OSV•added 2026/03/26 6:6 p.m.•2 views

GHSA-J724-5C6C-68G5 AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User Mappings

Summary Three list.json.php endpoints in the Scheduler plugin lack any authentication check, while every other endpoint in the same plugin directories add.json.php, delete.json.php, index.php requires User::isAdmin. An unauthenticated attacker can retrieve all scheduled tasks including internal...

5.3CVSS6.2AI score0.00382EPSS

Exploits1References4

Vulnrichment•added 2025/10/17 12:0 a.m.•2 views

CVE-2025-62643

The Restaurant Brands International RBI assistant platform through 2025-09-06 transmits passwords of user accounts in cleartext e-mail messages...

3.4CVSS6.6AI score0.00291EPSS

Exploits1References5