Lucene search
K

26 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

3.7CVSS0.00225EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/24 12:0 a.m.5 views

PT-2026-27432

Name of the Vulnerable Software and Affected Versions NGINX Plus and NGINX Open Source affected versions not specified Description The software contains a flaw in the ngx mail smtp module module related to how it processes Carriage Return Line Feed CRLF sequences within DNS responses. An attacker...

8.5CVSS5.8AI score0.00918EPSS
Exploits0References45
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-43891

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00429EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-17173

Malicious code in bioql PyPI...

7.1CVSS7AI score0.00135EPSS
Exploits0References2
OSV
OSV
added 2025/08/15 12:0 a.m.3 views

UBUNTU-CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

6.3CVSS5.9AI score0.00371EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/07/21 6:32 p.m.5 views

Jakarta Mail vulnerable to SMTP Injection

In Jakarta Mail 2.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages...

7.5CVSS6.3AI score0.00756EPSS
Exploits0References9Affected Software2
Vulnrichment
Vulnrichment
added 2025/07/21 5:22 p.m.2 views

CVE-2025-7962

In Jakarta Mail versions prior to 2.0.2 it is possible to perform an SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages...

6CVSS6.6AI score0.00756EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/06/08 1:19 p.m.5 views

CVE-2025-28974

Cross-Site Request Forgery CSRF vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through = 1.0...

7.1CVSS5.9AI score0.00135EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 1:15 p.m.7 views

CVE-2025-28974

Cross-Site Request Forgery CSRF vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through = 1.0...

7.1CVSS0.00135EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 12:54 p.m.38 views

CVE-2025-28974

CVE-2025-28974 is a CSRF-to-Stored XSS vulnerability in the Free WP Mail SMTP (mail250) WordPress plugin. The issue affects Free WP Mail SMTP versions from n/a through 1.0, with a CVSSv3.1 base score of 7.1 (High). The connected documentation confirms the vulnerability class (CSRF leading to Stor...

7.1CVSS5.9AI score0.00135EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 12:54 p.m.18 views

CVE-2025-28974 WordPress Free WP Mail SMTP plugin <= 1.0 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in mail250 Free WP Mail SMTP free-wp-mail-smtp allows Stored XSS.This issue affects Free WP Mail SMTP: from n/a through = 1.0...

7.1CVSS0.00135EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.3 views

PT-2025-24129 · WordPress · Free Wp Mail Smtp

Name of the Vulnerable Software and Affected Versions: Free WP Mail SMTP versions 1.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and...

7.1CVSS6.8AI score0.00135EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.4 views

WordPress plugin Free WP Mail SMTP 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

7.1CVSS6.5AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:11 a.m.5 views

CVE-2023-3213

The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...

5.3CVSS6.5AI score0.00429EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/07/22 12:0 a.m.25 views

WordPress WP Mail SMTP by WPForms Plugin <= 4.0.1 is vulnerable to Sensitive Data Exposure

Software WP Mail SMTP by WPForms Type Plugin Vulnerable versions = 4.0.1 Fixed in 4.1.0 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-6694 Patch priority Low CVSS severity Low 2.7 Developer Claim ownership PSID 45f83918c270 Credits Guus Verbeek...

2.7CVSS6.5AI score0.00574EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2024/07/20 3:20 a.m.125 views

CVE-2024-6694

CVE-2024-6694 affects the WP Mail SMTP plugin for WordPress up to version 4.0.1. An authenticated admin can view the SMTP password in the SMTP Password field when viewing settings, leading to information exposure of the configured mail server credentials. The documented impact is limited to infor...

2.7CVSS3.4AI score0.00574EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/20 12:0 a.m.17 views

PT-2024-37803 · WordPress · Wp Mail Smtp

Name of the Vulnerable Software and Affected Versions: WP Mail SMTP plugin for WordPress versions up to, and including, 4.0.1 Description: The issue allows authenticated attackers with administrative-level access and above to view the SMTP password for the supplied server when viewing the setting...

2.7CVSS6.5AI score0.00574EPSS
Exploits0References5
OSV
OSV
added 2023/10/04 2:15 a.m.4 views

CVE-2023-3213

The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...

5.3CVSS7.3AI score0.00429EPSS
Exploits0References2
Prion
Prion
added 2023/10/04 2:15 a.m.20 views

Design/Logic Flaw

The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...

5CVSS5.3AI score0.00429EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/04 1:52 a.m.27 views

CVE-2023-3213 WP Mail SMTP Pro <= 3.8.0 - Missing Authorization to Information Dislcosure via is_print_page

The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the isprintpage function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information...

5.3CVSS5.3AI score0.00429EPSS
Exploits0References2
Rows per page
Query Builder