CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2026/05/19 9:36 a.m.•3 views

CVE-2026-35086

5.8AI score0.00187EPSS

Cvelist•added 2026/05/19 9:36 a.m.•33 views

CVE-2026-35086 Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

0.00187EPSS

Vulnrichment•added 2026/05/19 9:36 a.m.•7 views

CVE-2026-35086 Apache OFBiz: Authenticated Remote Code Execution via Unsafe Template Expansion in email services

5.8AI score0.00187EPSS

EUVD•added 2026/05/19 9:36 a.m.•8 views

EUVD-2026-30872

6.5CVSS5.8AI score0.00187EPSS

Positive Technologies•added 2026/05/19 12:0 a.m.•7 views

PT-2026-41856

5.8AI score0.00187EPSS

The Hacker News•added 2026/05/05 6:35 a.m.•6 views

Microsoft Details Phishing Campaign Targeting 35,000 Users Across 26 Countries

Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens. The multi-stage campaign, observed between Apri...

5.8AI score

CNVD•added 2026/03/19 12:0 a.m.•0 views

IBM Aspera Console Denial of Service Vulnerability

IBM Aspera Console is a Web-based application from International Business Machines IBM. Allows users to centrally manage, monitor and control Aspera servers nodes and transports. A denial of service vulnerability exists in IBM Aspera Console, which can be exploited by an attacker to cause a denia...

5.3CVSS5.7AI score0.00061EPSS

CNNVD•added 2026/03/16 12:0 a.m.•2 views

IBM Aspera Console 安全漏洞

5.3CVSS5.8AI score0.00061EPSS

HackRead•added 2026/02/10 12:19 p.m.•2 views

Pride Month Phishing Targets Employees via Trusted Email Services

Attackers are using Pride Month themed phishing emails to target employees worldwide, abusing trusted email platforms like SendGrid to harvest credentials...

5.5AI score

CNVD•added 2025/12/18 12:0 a.m.•2 views

IBM Aspera Orchestrator Denial of Service Vulnerability

IBM Aspera Orchestrator is an automated workflow engine focused on managing file transfers and processing tasks. A denial of service vulnerability exists in IBM Aspera Orchestrator that stems from improper interaction frequency control, which can be exploited by an attacker to cause a denial of...

6.5CVSS6.7AI score0.00045EPSS

CNNVD•added 2025/12/11 12:0 a.m.•2 views

IBM Aspera Orchestrator 安全漏洞

6.5CVSS6.3AI score0.00045EPSS

CNVD•added 2025/08/15 12:0 a.m.•4 views

WordPress WPExperts Post SMTP plugin authentication bypass vulnerability

WordPress WPExperts Post SMTP plugin is a plugin for optimizing the WordPress email sending process. The main features include custom email services, email logging, DNS authentication and OAuth authorization. An authentication bypass vulnerability exists in the WordPress WPExperts Post SMTP plugi...

8.8CVSS7AI score0.00222EPSS

Exploits1References1

NVD•added 2024/11/14 7:15 p.m.•14 views

CVE-2024-3760

In lunary-ai/lunary version 1.2.7, there is a lack of rate limiting on the forgot password page, leading to an email bombing vulnerability. Attackers can exploit this by automating forgot password requests to flood targeted user accounts with a high volume of password reset emails. This not only...

7.5CVSS0.00175EPSS

CVE•added 2024/11/14 6:26 p.m.•57 views

CVE-2024-3760

CVE-2024-3760 concerns lunary-ai/lunary v1.2.7, where the forgot-password page lacks rate limiting, enabling an email bombing vulnerability. The root cause is an unauthenticated, high-volume request path that can flood target user mailboxes and strain mail servers, potentially degrading service a...

7.5CVSS7.5AI score0.00175EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2024/11/14 6:26 p.m.•21 views

CVE-2024-3760 Email Bombing Vulnerability in lunary-ai/lunary

7.5CVSS7.2AI score0.00175EPSS

Krebs on Security•added 2024/02/14 4:45 p.m.•20 views

U.S. Internet Leaked Years of Internal, Customer Emails

The Minnesota-based Internet provider U.S. Internet Corp. has a business unit called Securence, which specializes in providing filtered, secure email services to businesses, educational institutions and government agencies worldwide. But until it was notified last week, U.S. Internet was publishi...

7AI score

The Hacker News•added 2023/08/02 12:55 p.m.•37 views

Phishers Exploit Salesforce's Email Services Zero-Day in Targeted Facebook Campaign

A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure. "Those phishing campaigns cleverly evade conventional detection methods...

6.9AI score