PT-2026-44124

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send test email function in all versions up to, and including, 3.4.7. This makes it possible for authenticat...

BIT-GITLAB-2026-0595 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test...

CVE-2026-0595

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test...

GitLab 13.9 < 18.6.6 / 18.7 < 18.7.4 / 18.8 < 18.8.4 (CVE-2026-0595)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an...

Linux Distros Unpatched Vulnerability : CVE-2026-0595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain...

CVE-2026-0595

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test...

UBUNTU-CVE-2026-0595

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test...

CVE-2026-0595

Removed by vendor...

CVE-2026-0595 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test...

CVE-2026-0595

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test...

CVE-2026-0595

Technical details are not publicly available in the provided documents. Monitor for updates to see affected products, impact, vector, and remediation.

CVE-2026-0595 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test...

PT-2026-7524

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.9 through 18.6.6 GitLab CE/EE versions 18.7 through 18.7.4 GitLab CE/EE versions 18.8 through 18.8.4 Description An issue exists in GitLab CE/EE where an authenticated user could potentially add unauthorized email...

CVE-2026-0595

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test...

GitLab 跨站脚本漏洞

GitLab is an end-to-end software development platform provided by the American company GitLab. It includes built-in features such as version control, issue tracking, code review, and CI/CD Continuous Integration and Delivery. Versions of GitLab before 18.6.6, 18.7.4, and 18.8.4 contained a...

CVE-2025-12842

The Booking Plugin for WordPress Appointments – Time Slot plugin for WordPress is vulnerable to unauthorized email sending in versions up to, and including, 1.4.7 due to missing validation on the tslotapptemail AJAX action. This makes it possible for unauthenticated attackers to send appointment...

WordPress plugin FunnelKit Automations 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plug-in. A security...

PT-2022-13005 · WordPress · Wp Maintenance Mode & Coming Soon

Name of the Vulnerable Software and Affected Versions: Coming soon and Maintenance mode WordPress plugin version 3.5.2 and earlier Description: The issue concerns a lack of authorization and CSRF checks in the coming soon send mail AJAX action. This allows any authenticated users, even those with...

Malicious users could abuse Sydent to control the content of invitation emails

Impact A malicious user could abuse Sydent to send out arbitrary emails from the Sydent email address. This could be used to construct plausible phishing emails, for example. Patches Fixed in 4469d1d, 6b405a8, 65a6e91. Note that these patches include changes to the default email templates. If the...

Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection

This newly discovered bugs in Java and Python is a big deal today. The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses. And since both the flaws remain unpatched, hackers can take...