Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

455 matches found

Vulnrichment
Vulnrichmentadded 2025/05/14 4:56 p.m.9 views

CVE-2025-3877

...

6.4AI score
Exploits0
Cvelist
Cvelistadded 2025/05/14 4:56 p.m.12 views

CVE-2025-3877

...

Exploits0
Debian CVE
Debian CVEadded 2025/05/14 4:56 p.m.8 views

CVE-2025-3877

Removed by vendor...

6.6AI score
Exploits0
Mozilla
Mozillaadded 2025/05/13 12:0 a.m.25 views

Security Vulnerabilities fixed in Thunderbird 128.10.1 — Mozilla

Thunderbird parses addresses in a way that can allow sender spoofing in case the server allows an invalid From address to be used. For example, if the From header contains an invalid value "Spoofed Name [email protected] [email protected]", Thunderbird treats [email protected] as the...

8.1CVSS6.6AI score0.00422EPSS
Exploits0References5Affected Software1
OSV
OSVadded 2025/04/29 12:15 p.m.1 views

CVE-2025-3929

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...

6.1CVSS6AI score
Exploits0References1
VulnCheck KEV
VulnCheck KEVadded 2025/04/29 12:0 a.m.1 views

VulnCheck KEV: CVE-2025-3929

An XSS issue was discovered in MDaemon Email Server version 25.0.1 and below. An attacker can send a specially crafted HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user's browser window, and...

6.1CVSS6AI score0.00155EPSS
Exploits0References1
OSV
OSVadded 2025/03/21 5:15 p.m.1 views

DEBIAN-CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

7.2CVSS5.1AI score0.40309EPSS
Exploits0References1
OSV
OSVadded 2025/03/21 5:15 p.m.0 views

UBUNTU-CVE-2025-30349

Horde IMP through 6.2.27, as used with Horde Application Framework through 5.2.23, allows XSS that leads to account takeover via a crafted text/html e-mail message with an onerror attribute that may use base64-encoded JavaScript code, as exploited in the wild in March 2025...

7.2CVSS5.8AI score0.40309EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2025/03/06 6:56 p.m.4 views

CVE-2025-27156

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail...

5.4CVSS6.8AI score0.00705EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2024/11/15 12:0 a.m.4 views

CVE-2024-11182

An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load arbitrary JavaScript code in the context of a webmail user’s browser window. Recent assessments: Assess...

6.1CVSS6.3AI score0.13521EPSS
In wildExploits0References2
Tenable Nessus
Tenable Nessusadded 2024/10/09 12:0 a.m.13 views

CentOS 7 : thunderbird (RHSA-2022:9079)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:9079 advisory. - If a Thunderbird user quoted from an HTML email, for example by replying to the email, and the email contained either a VIDEO tag with the POSTER...

9.8CVSS8.3AI score0.00431EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2024/07/31 4:42 p.m.13 views

CVE-2024-41953 Zitadel improperly sanitizes HTML in emails and Console UI

Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may...

4.3CVSS6.5AI score0.02604EPSS
Exploits0References15
OSV
OSVadded 2024/03/06 11:4 a.m.16 views

BIT-ROUNDCUBE-2021-26925

Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets CSS token sequences during HTML email rendering...

5.4CVSS5AI score0.00259EPSS
Exploits0References4
OSV
OSVadded 2024/01/23 5:22 p.m.0 views

CVE-2024-23330 Tuta loads images from external resources

Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...

5.3CVSS6.7AI score0.00139EPSS
Exploits1References3
OSV
OSVadded 2023/10/18 3:15 p.m.0 views

UBUNTU-CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...

6.1CVSS6.3AI score0.83235EPSS
Exploits2References9
Debian CVE
Debian CVEadded 2023/10/18 2:51 p.m.58 views

CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...

6.1CVSS5.6AI score0.83235EPSS
Exploits2
Vulnrichment
Vulnrichmentadded 2023/10/18 2:51 p.m.4 views

CVE-2023-5631 Stored XSS vulnerability in Roundcube

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code...

6.1CVSS5.6AI score0.83235EPSS
Exploits2References15
ATTACKERKB
ATTACKERKBadded 2023/10/18 12:0 a.m.31 views

CVE-2023-5631

Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of program/lib/Roundcube/rcubewashtml.php behavior. This could allow a remote attacker to load arbitrary JavaScript code. Recent assessments: Assess...

6.1CVSS5.9AI score0.83235EPSS
In wildExploits2References16
Prion
Prionadded 2023/03/20 4:15 p.m.16 views

Hardcoded credentials

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

4.9CVSS5.5AI score0.00629EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichmentadded 2023/03/20 3:33 p.m.7 views

CVE-2023-22288 Email HTML Injection

HTML Email Injection in Tribe29 Checkmk =2.1.0p23; =2.0.0p34, and all versions of Checkmk 1.6.0 allows an authenticated attacker to inject malicious HTML into Emails...

4.1CVSS5.5AI score0.00629EPSS
Exploits0References1
Rows per page
Query Builder