CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

20 matches found

OSV•added 2026/04/07 8:44 a.m.•1 views

BIT-DISCOURSE-2026-33185 Discourse: Group SMTP test endpoint susceptible to SSRF

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.3, and 2026.2.0 to before 2026.2.2, the group email settings test endpoint could be used to make the server initiate outbound connections to arbitrary hosts and ports. This could allow probing of internal...

5.3CVSS5.9AI score0.0018EPSS

Exploits0References3

RedhatCVE•added 2026/03/26 3:16 p.m.•4 views

CVE-2026-31974

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint POST /admin/settings/mailnotifications accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists a...

4.3CVSS5.9AI score0.00156EPSS

Exploits0References1

Vulnrichment•added 2026/03/11 7:39 p.m.•1 views

CVE-2026-31974 Blind SSRF on OpenProject instance via webhooks

3CVSS5.9AI score0.00156EPSS

Exploits0References1

ATTACKERKB•added 2026/03/11 7:39 p.m.•4 views

CVE-2026-31974

3CVSS5.9AI score0.00156EPSS

Exploits0References2Affected Software1

CNVD•added 2025/11/05 12:0 a.m.•3 views

D-Link DNS-343 ShareCenter Command Execution Vulnerability

The D-Link DNS-343 ShareCenter is a network storage device from China's AUO D-Link. The D-Link DNS-343 ShareCenter suffers from a command execution vulnerability that stems from insufficient input validation in the Mail Test feature, which can be exploited by an attacker to execute arbitrary...

9.8CVSS6.4AI score0.08697EPSS

Exploits1References1

RedhatCVE•added 2025/10/30 7:21 p.m.•5 views

CVE-2018-25120

D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/MailTest' and uses several form parameters directly in a call t...

9.8CVSS7.9AI score0.08697EPSS

Exploits1References1

EUVD•added 2025/10/29 9:30 p.m.•4 views

EUVD-2018-21606

9.3CVSS7.4AI score0.08697EPSS

Exploits1References6

OSV•added 2025/10/29 7:15 p.m.•4 views

CVE-2018-25120

9.8CVSS5.8AI score0.08697EPSS

Exploits1References5

NVD•added 2025/10/29 7:15 p.m.•4 views

CVE-2018-25120

9.8CVSS0.08697EPSS

Exploits1References5

Vulnrichment•added 2025/10/29 6:39 p.m.•3 views

CVE-2018-25120 D-Link DNS-343 ShareCenter <= 1.05 Command Injection via /goform/Mail_Test

9.3CVSS7.6AI score0.08697EPSS

Exploits1References5

Cvelist•added 2025/10/29 6:39 p.m.•6 views

CVE-2018-25120 D-Link DNS-343 ShareCenter <= 1.05 Command Injection via /goform/Mail_Test

9.3CVSS0.08697EPSS

Exploits1References5

CVE•added 2025/10/29 6:39 p.m.•18 views

CVE-2018-25120

The CVE-2018-25120 entry concerns D-Link DNS-343 ShareCenter devices (firmware ≤ 1.05). The vulnerability is a command injection in the Mail Test feature: the web maintenance script posts to /goform/Mail_Test and feeds multiple form parameters directly into a system email utility without input va...

9.8CVSS7.6AI score0.08697EPSS

In wildExploits1References5Affected Software1

CNNVD•added 2025/10/29 12:0 a.m.•4 views

D-Link DNS-343 ShareCenter 安全漏洞

9.8CVSS6.2AI score0.08697EPSS

Exploits1References6

VulnCheck KEV•added 2025/10/29 12:0 a.m.•7 views

VulnCheck KEV: CVE-2018-25120

9.8CVSS6AI score0.08697EPSS

In wildExploits1References128

Positive Technologies•added 2025/10/29 12:0 a.m.•5 views

PT-2025-44344

D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail Test' and uses several form parameters directly in a call ...

9.3CVSS7.9AI score0.08697EPSS

Exploits1References6

OSV•added 2024/10/10 2:15 a.m.•4 views

CVE-2024-9065

The WP Helper Premium plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'whpsmtpsendmailtest' function in all versions up to, and including, 4.6.1. This makes it possible for unauthenticated attackers to send emails containing any...

5.3CVSS5.8AI score0.00379EPSS

Exploits0References2

Positive Technologies•added 2024/10/09 12:0 a.m.•2 views

PT-2024-39400 · WordPress · Wp Helper Premium

Name of the Vulnerable Software and Affected Versions: WP Helper Premium plugin for WordPress versions up to, and including, 4.6.1 Description: The issue is related to a missing capability check on the whp smtp send mail test function, allowing unauthenticated attackers to send emails with any...

5.3CVSS6.7AI score0.00379EPSS

Exploits0References8

Citrix•added 2024/07/13 12:0 a.m.•9 views

How to Deploy Secure Mail Test Tool

This article details how to deploy Secure Mail Test Tool and also covers some of the frequently asked question about this tool...

7AI score

Exploits0

OSV•added 2021/10/27 2:15 p.m.•1 views

CVE-2021-41590

In Gradle Enterprise through 2021.3, probing of the server-side network environment can occur via an SMTP configuration test. The installation configuration user interface available to administrators allows testing the configured SMTP server settings. This test function can be used to identify th...

5.3CVSS5.8AI score0.00775EPSS

Exploits0References2

OSV•added 2018/05/31 6:29 p.m.•1 views

CVE-2018-11139

The '/common/ajaxemailconnectiontest.php' script in the Quest KACE System Management Appliance 8.0.318 is accessible by any authenticated user and can be abused to execute arbitrary commands on the system. This script is vulnerable to command injection via the unsanitized user input 'TESTSERVER'...

8.8CVSS6.1AI score0.42917EPSS

Exploits3References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by