28 matches found
CVE-2026-35400
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...
CVE-2026-35400 LORIS incorrectly trusts user input in publication module
LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...
LORIS Neuroimaging Platform 后置链接漏洞
LORIS Neuroimaging Platform is a neuroimaging platform open sourced by ACElab. Versions of LORIS Neuroimaging Platform from 20.0.0 to 27.0.3, as well as versions before 28.0.1, had a postback link vulnerability. This vulnerability stemmed from an error in the endpoint of the publication module,...
CVE-2026-2746
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails...
EUVD-2026-9383
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails...
CVE-2026-2746
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails...
CVE-2026-2746
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails...
CVE-2026-2746 Missing PGP Signature Tag
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails...
CVE-2026-2746
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails...
CVE-2026-2746 Missing PGP Signature Tag
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails...
CVE-2026-2746
SEPPmail Secure Email Gateway (pre-15.0.1) has a flaw in how it communicates PGP signature verification results, preventing detection of forged emails. Affected product: SEPPmail Secure Email Gateway prior to version 15.0.1. Root cause: incomplete/incorrect reporting of PGP verification outcomes....
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.1 contained security vulnerabilities. These vulnerabilities stemmed from incorrect transmission of PGP signature verification result...
PT-2026-22893
SEPPmail Secure Email Gateway before version 15.0.1 does not properly communicate PGP signature verification results, leaving users unable to detect forged emails...
SUSE CVE-2025-59419
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...
PT-2025-42370
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.128.Final and 4.2.7.Final Description Netty is an asynchronous, event-driven network application framework. A SMTP command injection vulnerability exists in the SMTP codec due to insufficient input validation for...
Zendesk 安全漏洞
Zendesk is a complete customer service solution from Zendesk USA. A security vulnerability exists in versions of Zendesk prior to 2024-07-02, which stems from insufficient processing of emails in a way that extracts the cc field from incoming email messages to grant additional ticket viewing...
Cross site request forgery (csrf)
The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.0. This is due to missing or incorrect nonce validation on the sendbackupcodesemail function. This makes it possible for unauthenticated...
PT-2023-9292 · Opendkim +1 · Opendkim +1
Name of the Vulnerable Software and Affected Versions: OpenDKIM versions 2.10.3 and earlier OpenDKIM versions 2.11.x through 2.11.0-Beta2 Description: An issue in OpenDKIM allows a remote attacker to craft an e-mail message with a fake sender address, making programs that rely on...
motor-admin 安全漏洞
motor-admin is a code-free management panel and business intelligence tool from Motor Admin open source. A security vulnerability exists in motor-admin versions 0.0.1 through 0.2.56, which stems from the vulnerability of the host header in the password reset function. An attacker could use this...
CVE-2022-25355
EC-CUBE 3.0.0 to 3.0.18-p3 and EC-CUBE 4.0.0 to 4.1.1 improperly handle HTTP Host header values, which may lead a remote unauthenticated attacker to direct the vulnerable version of EC-CUBE to send an Email with some forged reissue-password URL to EC-CUBE users...