Lucene search
K

175 matches found

CVE
CVE
added 2026/02/21 10:16 a.m.13 views

CVE-2026-27492

Lettermint Node.js SDK (npm package lettermint) is vulnerable in versions ≤ 1.5.0 where email properties (to, subject, html, text, attachments) are not reset between sends when a single client instance is reused across multiple .send() calls. This state leakage can cause content or recipient addr...

4.7CVSS5.4AI score0.00166EPSS
Exploits0References3Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/18 2:26 a.m.19 views

CVE-2025-12718

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

5.8CVSS5.9AI score0.00206EPSS
Exploits0References1
OSV
OSV
added 2026/01/17 9:30 a.m.3 views

OPENSUSE-SU-2026:20058-1 Security update for go-sendxmpp

This update for go-sendxmpp fixes the following issues: Changes in go-sendxmpp: - Update to 0.15.1: Added Add XEP-0359 Origin-ID to messages requires go-xmpp = v0.2.18. Changed HTTP upload: Ignore timeouts on disco IQs as some components do not reply. - Upgrades the embedded golang.org/x/net to...

6.5CVSS6.8AI score0.00502EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/01/17 2:22 a.m.4 views

CVE-2025-12718

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

5.8CVSS5.5AI score0.00206EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 11:23 a.m.7 views

CVE-2021-31987

A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients...

7.5CVSS6.8AI score0.00865EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2025/12/15 1:41 p.m.9 views

PayPal closes loophole that let scammers send real emails with fake purchase notices

After an investigation by BleepingComputer, PayPal closed a loophole that allowed scammers to send emails from the legitimate [email protected] email address. Following reports from people who received emails claiming an automatic payment had been cancelled, BleepingComputer found that...

6.8AI score
Exploits0
CNVD
CNVD
added 2025/12/12 12:0 a.m.9 views

MailEnable Failed Parameter Cross-Site Scripting Vulnerability

MailEnable is a commercial email server software designed for Windows operating systems that provides end-to-end email hosting and collaboration solutions. MailEnable suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-suppli...

6.1CVSS6AI score0.00418EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/10 6:13 p.m.5 views

CVE-2025-34409

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...

6.1CVSS5.8AI score0.00418EPSS
Exploits0References1
OSV
OSV
added 2025/12/09 6:15 p.m.4 views

CVE-2025-34408

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...

6.1CVSS6AI score0.00418EPSS
Exploits0References3
CVE
CVE
added 2025/12/09 6:10 p.m.15 views

CVE-2025-34408

MailEnable prior to 10.54 is affected by a reflected XSS in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized for GET requests and is reflected in the response, allowing an attacker to break out of markup and inject script, potent...

6.1CVSS5.4AI score0.00418EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2025/12/09 6:10 p.m.3 views

CVE-2025-34408 MailEnable < 10.54 Reflected XSS in Added Parameter of MAI/AddRecipientsResult.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Added parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Added value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...

5.3CVSS5.4AI score0.00418EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/09 6:9 p.m.2 views

CVE-2025-34409 MailEnable < 10.54 Reflected XSS in Failed Parameter of MAI/AddRecipientsResult.aspx

MailEnable versions prior to 10.54 contain a reflected cross-site scripting XSS vulnerability in the Failed parameter of /Mondo/lang/sys/Forms/MAI/AddRecipientsResult.aspx. The Failed value is not properly sanitized when processed via a GET request and is reflected in the response, allowing an...

5.3CVSS5.4AI score0.00418EPSS
Exploits0References3
Nextcloud
Nextcloud
added 2025/12/05 7:52 a.m.12 views

Deck app allowed user with "Can share" permission to modify permissions of other non-owners

None...

5.4CVSS5.2AI score0.00242EPSS
Exploits0References2Affected Software1
Malwarebytes
Malwarebytes
added 2025/11/17 3:44 p.m.7 views

Your coworker is tired of AI &#8220;workslop&#8221; (Lock and Code S06E23)

This week on the Lock and Code podcast … Everything's easier with AI… except having to correct it. In just the three years since OpenAI released ChatGPT, not only has onlife life changed at home—it's also changed at work. Some of the biggest software companies today, like Microsoft and Google, ar...

6.8AI score
Exploits0
OSV
OSV
added 2025/11/14 8:15 p.m.5 views

UBUNTU-CVE-2025-13033

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the emai...

7.5CVSS5.8AI score0.00544EPSS
Exploits0References6
Cvelist
Cvelist
added 2025/11/14 7:37 p.m.14 views

CVE-2025-13033 Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the emai...

7.5CVSS0.00544EPSS
Exploits0References7
NVD
NVD
added 2025/11/12 10:15 p.m.4 views

CVE-2025-63645

A stored cross-site scripting XSS vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Unsanitized message content submitted by one user is persisted by the server and later rendered in another user's Inbox view without appropriate context-aware...

5.4CVSS0.00197EPSS
Exploits1References2
OSV
OSV
added 2025/10/15 4:15 p.m.7 views

UBUNTU-CVE-2025-59419

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

6.9CVSS7.4AI score0.01594EPSS
Exploits0References6
Snyk
Snyk
added 2025/10/07 1:42 p.m.1 views

Interpretation Conflict

Overview org.webjars.npm:nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to Interpretation Conflict due to improper handling of quoted local-parts containing @. An attacker can cause emails to be sent to unintended...

7.5CVSS6.7AI score0.00544EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2002-2386

Malware in sbrugna...

7.5CVSS6.4AI score0.01427EPSS
Exploits0References5
Rows per page
Query Builder