Lucene search
K

44 matches found

CNNVD
CNNVD
added 2026/04/21 12:0 a.m.12 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.213 contained security vulnerabilities. These vulnerabilities stemmed from the Helper::stripDangerousTags function used in the...

8.5CVSS5.9AI score0.00238EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/06 8:11 p.m.9 views

EUVD-2026-19478

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME signature verification did not validate the certificate trust chain checkChain: false. Any email signed with a self-signed or untrusted certificate was displayed as having a valid signature. This...

8.7CVSS5.9AI score0.00177EPSS
Exploits0References1
CVE
CVE
added 2026/04/06 8:11 p.m.16 views

CVE-2026-35389

CVE-2026-35389 affects Bulwark Webmail (self-hosted client for Stalwart Mail Server). Before version 1.4.11, S/MIME signature verification did not validate the certificate trust chain (checkChain: false), causing emails signed with self-signed or untrusted certificates to appear as having a valid...

8.7CVSS5.9AI score0.00177EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-5707

Malware in sbrugna...

5.4CVSS5.5AI score0.01089EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2012-4593

Malware in sbrugna...

4.3CVSS6.2AI score0.03716EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-5895

Malware in sbrugna...

6.1CVSS6.3AI score0.01387EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-16449

Malicious code in bioql PyPI...

6.3CVSS6.4AI score0.00134EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-39943

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00538EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-31061

Malicious code in bioql PyPI...

5.4CVSS5.7AI score0.00654EPSS
Exploits2References3
Cvelist
Cvelist
added 2025/05/30 4:58 a.m.12 views

CVE-2025-48483 FreeScout Stored XSS leads to CSRF

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, the application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitization. An attacker can inject arbitrary HTML...

6.3CVSS0.00134EPSS
Exploits1References1
CVE
CVE
added 2025/05/30 4:58 a.m.52 views

CVE-2025-48483

CVE-2025-48483 affects FreeScout (PHP/Laravel) prior to 1.8.180. The issue is an XSS vulnerability caused by insufficient input validation/sanitization of user-supplied data in mail signatures, enabling injection of HTML/JS into pages viewed by the user. A modified signature could also enable a s...

6.3CVSS6.2AI score0.00134EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/05/30 12:0 a.m.4 views

FreeScout 跨站脚本漏洞

FreeScout is an ultra-lightweight free open source helpdesk and shared inbox built using PHP Laravel framework by FreeScout. FreeScout suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by email signatures. No detailed vulnerability...

6.3CVSS6.2AI score0.00134EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/05/22 10:31 a.m.10 views

CVE-2019-14546

An issue was discovered in EspoCRM before 5.6.9. Stored XSS was executed on the Preference page as well as while sending an email when a malicious payload was inserted inside the Email Signature in the Preference page. The attacker could insert malicious JavaScript inside his email signature, whi...

5.4CVSS5.8AI score0.01089EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2025/04/11 9:54 a.m.6 views

SUSE CVE-2012-4912

Cross-site scripting XSS vulnerability in the WebAccess component in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to inject arbitrary web script or HTML via a crafted signature in an HTML e-mail message...

4.3CVSS5.9AI score0.01479EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2024/01/02 9:4 a.m.4 views

Mozilla: S/MIME signature accepted despite mismatching message date

The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...

4.3CVSS7.3AI score0.00633EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2024/01/02 8:14 a.m.3 views

Mozilla: S/MIME signature accepted despite mismatching message date

The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...

4.3CVSS7.3AI score0.00633EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2023/12/20 1:33 p.m.31 views

CVE-2023-50761

The Mozilla Foundation Security Advisory: The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despi...

7.5CVSS6.8AI score0.00633EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/19 1:38 p.m.18 views

CVE-2023-50761

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be...

6.2AI score0.00633EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2023/12/19 1:38 p.m.38 views

CVE-2023-50761

The signature of a digitally signed S/MIME email message may optionally specify the signature creation date and time. If present, Thunderbird did not compare the signature creation date with the message date and time, and displayed a valid signature despite a date or time mismatch. This could be...

4.3CVSS5.3AI score0.00633EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:44 a.m.4 views

SUSE CVE-2012-4668

Cross-site scripting XSS vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email...

4.3CVSS5.7AI score0.03716EPSS
Exploits0References3
Rows per page
Query Builder