40 matches found
CVE-2026-40020
A flaw was found in dovecot. A remote attacker can exploit the Internet Message Access Protocol IMAP SETACL command to inject "anyone" permissions into a user's dovecot-acl file, even when the imapaclallowanyone setting is disabled. This vulnerability allows an attacker to spam folders to all...
SUSE CVE-2026-40020
Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...
EUVD-2026-29471
Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...
CVE-2026-40020
Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...
CVE-2026-40020
Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...
CVE-2026-40020
Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...
PT-2026-40028
Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can use the IMAP SETACL command to inject the anyone permission into a user's dovecot-acl file, bypassing the imap acl allow anyone=no configuration. This allows folders to be spammed...
CVE-2017-18545
The invite-anyone plugin before 1.3.16 for WordPress has incorrect escaping of untrusted Dashboard and front-end input...
EUVD-2017-9661
Malware in sbrugna...
EUVD-2024-40219
Malicious code in bioql PyPI...
CVE-2017-18543
The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based invitations...
CVE-2024-43327
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7...
CVE-2024-43327
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7...
CVE-2024-43327
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7...
CVE-2024-43327
CVE-2024-43327 refers to an issue in the WordPress plugin Invite Anyone where input is improperly neutralized during web page generation, enabling a reflected XSS. Affected: Invite Anyone (WordPress plugin) and versions up to 1.4.7. The vulnerability could allow an attacker to inject and execute ...
CVE-2024-43327 WordPress Invite Anyone plugin <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7...
CVE-2024-43327 WordPress Invite Anyone plugin <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Boone Gorges Invite Anyone allows Reflected XSS.This issue affects Invite Anyone: from n/a through 1.4.7...
WordPress plugin Invite Anyone 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
WordPress Invite Anyone plugin <= 1.4.7 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Invite Anyone versions = 1.4.7...
WordPress Invite Anyone Plugin <= 1.4.7 is vulnerable to Cross Site Scripting (XSS)
Software Invite Anyone Type Plugin Vulnerable versions = 1.4.7 Fixed in 1.4.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43327 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e990de812727 Credits Dimas Maulana Required privilege...