Lucene search
K

318 matches found

NVD
NVD
added 5 days ago10 views

CVE-2026-15026

The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...

4.3CVSS0.00223EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42851

The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...

4.3CVSS6.2AI score0.00223EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-15026

The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...

4.3CVSS6.2AI score0.00223EPSS
Exploits0References9
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-15026 Import and export users and customers <= 2.4.0 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via email_template_selected AJAX Action

The Import and export users and customers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.0 via the emailtemplateselected. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract the...

4.3CVSS0.00223EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 6 days ago3 views

CVE-2026-61343

LibreBooking's email template editor save action passes the submitted template name directly into the destination file path, allowing a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. Fixed in 5.1.0...

8.6CVSS6.2AI score0.0084EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 6 days ago7 views

PT-2026-56903

Name of the Vulnerable Software and Affected Versions LibreBooking versions prior to 5.1.0 Description The email template editor save action allows a remote attacker with administrator credentials to write an arbitrary file outside the template directory and execute code. This occurs because the...

8.6CVSS6.2AI score0.0084EPSS
Exploits1References11
OSV
OSV
added 2026/06/12 9:5 a.m.7 views

BIT-GITLAB-2026-9694 Improper Neutralization of Substitution Characters in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References4
NVD
NVD
added 2026/06/11 12:16 p.m.17 views

CVE-2026-9694

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially...

4.3CVSS0.00211EPSS
Exploits0References3
OSV
OSV
added 2026/06/11 12:16 p.m.4 views

UBUNTU-CVE-2026-9694

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially...

4.3CVSS5.5AI score0.00211EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/11 10:19 a.m.12 views

EUVD-2026-36224

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.9 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions, could have allowed an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially...

4.3CVSS5.6AI score0.00211EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 10:19 a.m.58 views

CVE-2026-9694

GitLab CE/EE (all supported lines affected) had a vulnerability allowing an unauthenticated user to impersonate the GitLab Support Bot and inject arbitrary content via a specially crafted Service Desk email reply. Root cause: improper neutralization in email template processing. Remediation: patc...

4.3CVSS5.6AI score0.00211EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.18 views

PT-2026-48657

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.9 through 18.10.7 GitLab CE/EE versions 18.11 through 18.11.4 GitLab CE/EE versions 19.0 through 19.0.1 Description An issue in email template processing allows an unauthenticated user to impersonate the GitLab Support...

4.3CVSS5.3AI score0.00211EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:23 p.m.13 views

CVE-2026-35460

Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, transactional email templates in Papra interpolate user.name directly into HTML without escaping or sanitization. An attacker who registers with a display name containing HTML tags will have those tags injected...

5.4CVSS5.5AI score0.00192EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/05/28 4:25 p.m.12 views

CVE-2026-41141 EspoCRM: IDOR in EmailTemplate Prepare Endpoint Leaks Entity Data via Email Address Lookup

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/28 4:25 p.m.22 views

EUVD-2026-32947

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.18 views

PT-2026-44407

EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity Contact, Lead, Account, or User without performing an ACL check. An authenticated user with...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.13 views

EspoCRM 安全漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Versions of EspoCRM prior to 9.3.5 contained security vulnerabilities. These vulnerabilities...

6.5CVSS5.8AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/26 2:12 a.m.10 views

CVE-2026-22678

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary JavaScript in the browser context of administrators by injecting...

5.4CVSS5.9AI score0.00168EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 10:16 p.m.28 views

CVE-2026-22678

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary JavaScript in the browser context of administrators by injecting...

5.4CVSS0.00168EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/21 8:59 p.m.8 views

CVE-2026-22678

Webmin before 2.641 contains a stored cross-site scripting vulnerability in the email template description field of the System and Server Status module that allows low-privileged authenticated attackers to execute arbitrary JavaScript in the browser context of administrators by injecting...

5.4CVSS5.9AI score0.00168EPSS
Exploits0References3
Rows per page
Query Builder