99 matches found
EUVD-2020-0435
Malware in sbrugna...
EUVD-2014-8979
Malware in sbrugna...
EUVD-2024-47111
Malicious code in bioql PyPI...
EUVD-2022-15612
Malicious code in bioql PyPI...
EUVD-2025-31592
Malicious code in bioql PyPI...
VMware vCenter SMTP Header Injection Vulnerability
VMware vCenter is a virtualization management software from VMware. An SMTP header injection vulnerability exists in VMware vCenter, which can be exploited by an attacker to manipulate notification emails for scheduled tasks...
CVE-2025-41250
VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks...
CVE-2025-41250
VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks...
CVE-2025-41250 Header injection vulnerability
VMware vCenter contains an SMTP header injection vulnerability. A malicious actor with non-administrative privileges on vCenter who has permission to create scheduled tasks may be able to manipulate the notification emails sent for scheduled tasks...
CVE-2025-41250
CVE-2025-41250 describes an SMTP header injection vulnerability in VMware vCenter. A malicious actor with non-administrative privileges and permission to create scheduled tasks can manipulate the notification emails sent for these tasks. The cited sources (NVD/VMware advisories) assign CVSSv3.1 b...
VMware vCenter 安全漏洞
VMware vCenter is a virtualization management software from VMware. An SMTP header injection vulnerability exists in VMware vCenter, which can be exploited by an attacker to manipulate notification emails for scheduled tasks...
Linux Distros Unpatched Vulnerability : CVE-2019-6781
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It w...
CVE-2020-11056
In Sprout Forms before 3.9.0, there is a potential Server-Side Template Injection vulnerability when using custom fields in Notification Emails which could lead to the execution of Twig code. This has been fixed in 3.9.0...
CVE-2024-5996
The CVE has a rejection note in the Initial Description, but connected data provides concrete details: Soar Cloud HR Portal is affected. The PT-Security entry PT-2024-37301 reports that notification emails from Soar Cloud HR Portal include links with embedded session data and are sent without enc...
CVE-2024-5995 Soar Cloud HR Portal - Insufficient Session Expiration
The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused...
CVE-2024-5995
CVE-2024-5995 affects Soar Cloud HR Portal. The issue is insufficient session expiration: a link sent via notification emails contains an embedded session that is not properly expired and can remain valid for more than 7 days, enabling reuse. The vulnerability has a CVSSv3.1 base score of 8.8 (HI...
PT-2024-37301 · Unknown · Soar Cloud Hr Portal
Name of the Vulnerable Software and Affected Versions: Soar Cloud HR Portal affected versions not specified Description: The issue concerns notification emails sent by Soar Cloud HR Portal, which contain a link with embedded session data. These emails are sent without using an encrypted...
Exposure Of Sensitive Information To An Unauthorized Actor
silverstripe/userforms is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor. This vulnerability is due to insufficient authorization checks in submission notification emails, potentially enabling an attacker to access sensitive files uploaded through the forms without prope...
CVE-2024-25151
The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote...
PT-2024-20785 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.4.2 Liferay DXP 7.3 before service pack 3 Liferay DXP 7.2 before fix pack 15 Description: The Calendar module in the affected software does not escape user-supplied data in the default notification emai...