Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

51 matches found

RedhatCVE
RedhatCVEadded 3 days ago6 views

CVE-2026-45344

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS6AI score0.0021EPSS
Exploits0References1
NVD
NVDadded 2026/05/28 10:17 p.m.8 views

CVE-2026-45344

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS0.0021EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/28 8:41 p.m.6 views

CVE-2026-45344

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

6AI score0.0021EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/05/28 8:41 p.m.9 views

EUVD-2026-33054

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS6AI score0.0021EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/05/28 12:0 a.m.6 views

PT-2026-44544

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, the setup database configuration flow on uninitialized LinkAce instances accepts attacker-controlled database credential fields and writes them back into .env without escaping. A remote attacker who can reach the setup...

8.1CVSS6AI score0.0021EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/05 12:0 a.m.3 views

PT-2026-37296

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 29.0 Description An issue exists in the 'objects/sendEmail.json.php' endpoint where the absence of the contactForm parameter allows unauthenticated users to send emails to arbitrary recipients. When this parameter is...

5.3CVSS5.9AI score0.00071EPSS
Exploits0References6
EUVD
EUVDadded 2026/04/22 9:31 a.m.0 views

EUVD-2026-24700

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manageadminrequests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

9.8CVSS5.6AI score0.00047EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/09 10:35 a.m.2 views

CVE-2017-18466

cPanel before 62.0.17 does not properly recognize domain ownership during addition of parked domains to a mail configuration SEC-228...

4CVSS6.8AI score0.00244EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/12/01 1:18 p.m.2 views

CVE-2025-66224

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into the system’s sendmail command. Because these...

9CVSS6.9AI score0.00132EPSS
Exploits1References1
OSV
OSVadded 2025/11/29 3:4 a.m.3 views

CVE-2025-66224 OrangeHRM is Vulnerable to Code Execution Through Arbitrary File Write from Sendmail Parameter Injection

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into the system’s sendmail command. Because these...

9CVSS6.9AI score0.00132EPSS
Exploits1References3
EUVD
EUVDadded 2025/11/29 3:4 a.m.1 views

EUVD-2025-199907

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into the system’s sendmail command. Because these...

9CVSS6.5AI score0.00132EPSS
Exploits1References1
Cvelist
Cvelistadded 2025/11/29 3:4 a.m.5 views

CVE-2025-66224 OrangeHRM is Vulnerable to Code Execution Through Arbitrary File Write from Sendmail Parameter Injection

OrangeHRM is a comprehensive human resource management HRM system. From version 5.0 to 5.7, the application contains an input-neutralization flaw in its mail configuration and delivery workflow that allows user-controlled values to flow directly into the system’s sendmail command. Because these...

9CVSS0.00132EPSS
Exploits1References1
Vulnrichment
Vulnrichmentadded 2025/10/30 9:19 p.m.1 views

CVE-2023-7312 Nagios Fusion < 4.2.0 Email Settings Stored XSS via SMTP/sendmail

Nagios Fusion versions prior to 4.2.0 contain a stored cross-site scripting XSS vulnerability when adding or configuring Email Settings. Unsanitized user input can be stored and later rendered in the administrative UI, causing JavaScript to execute in the browser of any user who views the affecte...

6.2CVSS5.3AI score0.00476EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/10/27 4:34 p.m.3 views

CVE-2025-12275

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS7.1AI score0.00206EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/26 6:30 p.m.1 views

EUVD-2025-35947

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS6.6AI score0.00206EPSS
Exploits0References2
NVD
NVDadded 2025/10/26 5:15 p.m.2 views

CVE-2025-12275

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS0.00206EPSS
Exploits0References1
OSV
OSVadded 2025/10/26 5:15 p.m.0 views

CVE-2025-12275

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

9.8CVSS5.8AI score0.00206EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/10/26 4:15 p.m.6 views

CVE-2025-12275 Mail Configuration File Manipulation + Command Execution

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/10/26 4:15 p.m.1 views

CVE-2025-12275 Mail Configuration File Manipulation + Command Execution

Mail Configuration File Manipulation + Command Execution.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

10CVSS6.8AI score0.00206EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/10/26 12:0 a.m.1 views

PT-2025-43752

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software contains a flaw related to mail configuration file manipulation that can lead to command execution. The issue affects the handling of configuration files,...

10CVSS6.7AI score0.00206EPSS
Exploits0References8
Rows per page
Query Builder