Lucene search
K

15016 matches found

Nuclei
Nuclei
added 12 hours ago27 views

Axigen Mail Server Filename Directory Traversal

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName parameter in an edi...

6.4CVSS6.1AI score0.83632EPSS
Exploits3References4
Nuclei
Nuclei
added 12 hours ago103 views

RaidenMAILD Mail Server v.4.9.4 - Path Traversal

Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component. id: CVE-2024-32399 info: name: RaidenMAILD Mail Server v.4.9.4 - Path Traversal author: DhiyaneshDK severity: high description: |...

7.6CVSS7.2AI score0.0316EPSS
Exploits0References5
Nuclei
Nuclei
added 12 hours ago43 views

IceWarp Mail Server <11.1.1 - Directory Traversal

IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability. id: CVE-2015-1503 info: name: IceWarp Mail Server 11.1.1 - Directory Traversal author: 0xAkoko severity: high description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal...

7.8CVSS7.1AI score0.58722EPSS
Exploits5References5
Nuclei
Nuclei
added 12 hours ago139 views

WordPress Mail Masta 1.0 - Local File Inclusion

WordPress Mail Masta 1.0 is susceptible to local file inclusion in countofsend.php and csvexport.php. id: CVE-2016-10956 info: name: WordPress Mail Masta 1.0 - Local File Inclusion author: daffainfo,0x240x23elu severity: high description: WordPress Mail Masta 1.0 is susceptible to local file...

7.5CVSS7.1AI score0.10582EPSS
Exploits2References5
Nuclei
Nuclei
added 12 hours ago16 views

Mail Mint < 1.19.5 - Unauthenticated Email Disclosure

Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...

7.5CVSS5.9AI score0.01379EPSS
Exploits0References3
Nuclei
Nuclei
added 12 hours ago40 views

IceWarp Mail Server v10.4.5 - Cross-Site Scripting

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting XSS vulnerability via the color parameter. id: CVE-2023-39700 info: name: IceWarp Mail Server v10.4.5 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | IceWarp Mail Server v10.4.5 was...

6.1CVSS6.3AI score0.01376EPSS
Exploits1References4
NVD
NVD
added 3 days ago7 views

CVE-2026-12472

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.11. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00283EPSS
Exploits0References6
CVE
CVE
added 3 days ago10 views

CVE-2026-12472

The CVE-2026-12472 entry concerns the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin. It states an authorization bypass in all versions up to 6.0.11, enabling unauthenticated attackers to send arbitrary HTML-injected emails via the site’s mail server, potentially phi...

5.3CVSS5.9AI score0.00283EPSS
Exploits0References6
EUVD
EUVD
added 3 days ago5 views

EUVD-2026-41267

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.11. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS5.9AI score0.00283EPSS
Exploits0References6
NVD
NVD
added 3 days ago9 views

CVE-2026-11592

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS0.00272EPSS
Exploits0References12
EUVD
EUVD
added 3 days ago7 views

EUVD-2026-41248

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References12
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-11592 Email Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX Action

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS0.00272EPSS
Exploits0References12
CVE
CVE
added 3 days ago11 views

CVE-2026-11592

The CVE-2026-11592 entry concerns the WordPress plugin Email Subscribers & Newsletters (formerly “Email Marketing, Post Notifications & Newsletter”). It describes an authorization bypass vulnerability affecting all versions up to and including 5.9.27. The root cause is that the plugin fails to ve...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-11592

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References13
Patchstack
Patchstack
added 4 days ago4 views

WordPress Kirki – Freeform Page Builder, Website Builder & Customizer plugin <= 6.0.11 - Missing Authorization to Unauthenticated Arbitrary Email Content Injection (Mail Relay / Phishing) vulnerability

Missing Authorization to Unauthenticated Arbitrary Email Content Injection Mail Relay / Phishing vulnerability discovered by ? in WordPress Plugin Kirki versions = 6.0.11...

5.3CVSS5.8AI score0.00283EPSS
Exploits0References1Affected Software1
Rockylinux
Rockylinux
added 4 days ago5 views

ruby:4.0 security update

An update is available for module.ruby, module.rubygem-mysql2, module.rubygem-pg, rubygem-mysql2, ruby, rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE li...

7.6CVSS5.8AI score0.00813EPSS
Exploits0
RedHat Linux
RedHat Linux
added 5 days ago5 views

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.6CVSS5.8AI score0.00813EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago5 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 5 days ago10 views

RockyLinux 8 : ruby:2.5 (RLSA-2026:33514)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:33514 advisory. ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments CVE-2026-42258 net-imap: ruby: Net::IMAP: Information disclosure via...

7.6CVSS6AI score0.00813EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 6 days ago10 views

Important: Red Hat Security Advisory: Red Hat OpenShift Service Mesh 3.3.5

Red Hat OpenShift Service Mesh 3.3.5 This update has a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References section. Red Hat OpenShift Service Mesh 3.3....

7.5CVSS6.8AI score0.00813EPSS
Exploits0References5
Rows per page
Query Builder