EUVD-2026-36209

When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...

CVE-2026-40999 Spring WS SSRF via unvalidated WS-Addressing reply destinations

When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...

CVE-2026-40999 Spring WS SSRF via unvalidated WS-Addressing reply destinations

When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...

CVE-1999-0207

Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command...

EUVD-1999-0207

Malware in sbrugna...

CVE-2024-6224

The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-49394

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender...

CVE-2024-49394

CVE-2024-49394 affects mutt and neomutt: the In-Reply-To header is not cryptographically signed, enabling an attacker to impersonate the sender by reusing an unencrypted but signed email. Public references in the connected documents show multiple advisories addressing this issue and releasing fix...

CVE-2024-49394 Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing

In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender...

Mutt 安全漏洞

Mutt is a text-based e-mail client for Unix-like systems developed by Michael Elkins. A security vulnerability exists in Mutt that stems from the In-Reply-To email header field not being protected by a cryptographic signature, which allows an attacker to reuse unencrypted but signed email message...

CVE-2024-6223

The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2024-6223 Send email only on Reply to My Comment <= 1.0.6 - Reflected XSS

The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

WordPress Send email only on Reply to My Comment Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software Send email only on Reply to My Comment Type Plugin Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6224 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 251d7c486476 Credi...

CVE-2021-24543

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue...

Cross site scripting

The jQuery Reply to Comment WordPress plugin through 1.31 does not have any CSRF check when saving its settings, nor sanitise or escape its 'Quote String' and 'Reply String' settings before outputting them in Comments, leading to a Stored Cross-Site Scripting issue...

CVE-2021-24543

CVE-2021-24543 corresponds to the WordPress plugin jQuery Reply to Comment (versions

CVE-2019-13950

index.php?c=admin&a=index in SyGuestBook A5 Version 1.2 has stored XSS via a reply to a comment...

[SECURITY] Fedora 28 Update: perl-Email-Address-List-0.06-1.fc28

Parser for From, To, Cc, Bcc, Reply-To, Sender and previous prefixed with Resent- e.g. Resent-From headers...

Stored Cross-Site Scripting Vulnerability in the "Reply to Post" Section of the StartBBS Lightweight Micro-Community System

StartBBS Lightweight Micro Community System is an elegant, open source, lightweight community system based on Thinkphp 5.15 & Layui, with its own article system. A stored cross-site scripting vulnerability exists in the "Reply to Post" section of StartBBS. An attacker can insert malicious js code...

Google Android N Preview — 6 Cool Features That You Should Know

Android N Developer Preview, an early beta of Google’s new mobile operating system that was expected to launch on Google I/O in mid-May, is unexpectedly launching right now. Android N Developer Preview for the Nexus 6P, Nexus 5X, Nexus 6, Pixel C Nexus 9, the Nexus Player and the General Mobile 4...