Lucene search
K

5667 matches found

Patchstack
Patchstack
added 2026/07/06 1:41 p.m.3 views

WordPress AcyMailing SMTP Newsletter plugin <= 10.11.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by daroo in WordPress Plugin AcyMailing SMTP Newsletter versions = 10.11.0...

7.1CVSS5.9AI score
Exploits0Affected Software1
NVD
NVD
added 2026/07/06 9:16 a.m.8 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

3.7CVSS0.00378EPSS
Exploits0References2
NVD
NVD
added 2026/07/06 9:16 a.m.10 views

CVE-2026-1433

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS0.00217EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 8:12 a.m.16 views

CVE-2026-1433

The CVE-2026-1433 issue affects uniFLOW Universal Login Manager (ULM) Standalone. An information disclosure vulnerability allows an authenticated administrator to access sensitive configuration data via the ULM Remote User Interface (RUI). The exposure can reveal SMTP/LDAP integration configurati...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 8:2 a.m.13 views

CVE-2026-46584

CVE-2026-46584 affects Apache Camel’s Mail component. The MailProducer.getSender could read headers from the mail.smtp/mail.smtps namespace and apply them as JavaMail session properties, overriding endpoint config. This allows attacker-controlled inputs to influence SMTP parameters if untrusted i...

3.7CVSS6AI score0.00378EPSS
Exploits0References2Affected Software1
Nuclei
Nuclei
added 2026/07/01 3:36 a.m.137 views

WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass

The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a type juggling issue on the connect-app REST endpoint in all versions up to, and including, 2.8.7. i...

9.8CVSS7.3AI score0.90339EPSS
Exploits6References5
Nuclei
Nuclei
added 2026/06/26 6:13 p.m.27 views

Majordomo2 - SMTP/HTTP Directory Traversal

A directory traversal vulnerability in the listfileget function in lib/Majordomo.pm in Majordomo 2 before 20110131 allows remote attackers to read arbitrary files via .. dot dot sequences in the help command, as demonstrated using 1 a crafted email and 2 cgi-bin/mjwwwusr in the web interface. id:...

5CVSS7.8AI score0.95388EPSS
Exploits10References5
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57657

Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...

4.3CVSS0.00098EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.14 views

CVE-2026-57657

The connected sources confirm an unauthenticated Cross Site Request Forgery (CSRF) vulnerability in the WordPress Gmail SMTP plugin, affecting versions up to 1.2.3.19. The issue is documented across CVE entries and third-party listings as CVE-2026-57657 and specifies the affected product as the W...

4.3CVSS5.8AI score0.00098EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.32 views

CVE-2026-57657 WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...

4.3CVSS0.00098EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:18 p.m.6 views

WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Gmail SMTP versions = 1.2.3.19...

4.3CVSS5.8AI score0.00098EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:1 p.m.5 views

CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.01325EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.13 views

PT-2026-52540

Name of the Vulnerable Software and Affected Versions Hydra versions prior to 9.7 commit 9cc84c2 Description A stack buffer overflow exists in the NTLM authentication process across the SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules. The issue occurs when the software...

8.8CVSS6.6AI score0.01325EPSS
Exploits2References6
NVD
NVD
added 2026/06/24 10:16 p.m.8 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/24 9:38 p.m.22 views

CVE-2026-49979 Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
CVE
CVE
added 2026/06/24 9:38 p.m.24 views

CVE-2026-49979

Appsmith prior to version 1.99 exposes a vulnerability in the POST /api/v1/admin/send-test-email endpoint. An attacker can supply smtpHost and smtpPort values to establish a raw JavaMail TCP connection, bypassing WebClientUtils.IP_CHECK_FILTER (which only applies to Spring WebClient HTTP requests...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.10 views

PT-2026-52131

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.99 Description The 'POST /api/v1/admin/send-test-email' endpoint allows the use of attacker-controlled smtpHost and smtpPort values to establish a raw JavaMail TCP connection. This process bypasses the...

5.1CVSS5.8AI score0.00218EPSS
Exploits1References6
The Hacker News
The Hacker News
added 2026/06/20 9:56 a.m.16 views

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 CVSS score: 5.3, is a medium-severity information disclosure flaw that can allow unauthenticated attackers ...

7.5CVSS5.9AI score0.39704EPSS
Exploits2
OSV
OSV
added 2026/06/18 3:3 p.m.10 views

ROOT-APP-MAVEN-CVE-2025-7962 CVE-2025-7962 in io.root.org.eclipse.angus:smtp - Patched by Root

Root has patched CVE-2025-7962 in the io.root.org.eclipse.angus:smtp package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00756EPSS
Exploits0
OSV
OSV
added 2026/06/16 12:37 p.m.6 views

BIT-DISCOURSE-2026-44784 Discourse: Non-staff group owners can see email password in plaintext through group history

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext via the group history...

6.5CVSS5.4AI score0.00231EPSS
Exploits0References2
Rows per page
Query Builder