Lucene search
K

91 matches found

RedhatCVE
RedhatCVE
added 2026/04/22 7:22 p.m.5 views

CVE-2026-40872

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References1
NVD
NVD
added 2026/04/21 8:17 p.m.14 views

CVE-2026-40872

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

9.3CVSS0.0028EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/21 7:14 p.m.4 views

CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/21 7:14 p.m.38 views

CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

9.3CVSS0.0028EPSS
Exploits0References1
CVE
CVE
added 2026/04/21 7:14 p.m.18 views

CVE-2026-40872

Affected product/variant: mailcow: dockerized (open source groupware/email suite). Issue: Stored XSS in Autodiscover logs via unescaped EMailAddress. Root cause (per description): Admin dashboard Autodiscover logs render the EMailAddress value (logged as the “user” field) without HTML escaping, e...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/21 7:14 p.m.11 views

EUVD-2026-24254

mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover logs render the EMailAddress value logged as the "user" field without HTML escaping. By submitting an unauthenticated Autodiscover request with a crafted...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/21 12:0 a.m.10 views

mailcow: dockerized 跨站脚本漏洞

mailcow: dockerized is a dockerized version of the mailcow open-source application. Versions of mailcow before 2026-03b contained a cross-site scripting vulnerability. This vulnerability stemmed from the Autodiscover logs used for managing the dashboard, which did not escape the EMailAddress valu...

9.3CVSS5.6AI score0.0028EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/21 12:0 a.m.11 views

PT-2026-34053

Name of the Vulnerable Software and Affected Versions mailcow: dockerized versions prior to 2026-03b Description The admin dashboard Autodiscover logs fail to perform HTML escaping on the EMailAddress value, which is logged as the user field. An unauthenticated attacker can submit a crafted...

9.3CVSS5.8AI score0.0028EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2017-9786

Malware in sbrugna...

6.5CVSS6.6AI score0.00329EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2017-16126

Malware in sbrugna...

7.1CVSS7.6AI score0.01876EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/23 7:46 a.m.10 views

CVE-2024-33775

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet...

9.8CVSS7.1AI score0.01602EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:57 a.m.9 views

CVE-2017-18695

An issue was discovered on Samsung mobile devices with KK4.4, L5.0/5.1, M6.0, and N7.0 software. Attackers who control a certain subdomain can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 January 2017...

6.5CVSS7.1AI score0.00329EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2025/05/16 1:8 p.m.136 views

Exploit for Deserialization of Untrusted Data in Microsoft

LetsDefend-CVE-2022-41082-Exploitation-Attempt 🛡️ Incident...

8.8CVSS8.9AI score0.9997EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2025/01/31 12:0 a.m.18 views

Microsoft Exchange Autodiscover V2 User Enumeration

On-Premise installation of Microsoft Exchange is prone to a user enumeration through the ActiveSync protocol using the AutodiscoverV2 endpoint. No source data...

7.2AI score
Exploits0References2
NVD
NVD
added 2024/05/01 1:15 p.m.13 views

CVE-2024-33775

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet...

9.8CVSS6.7AI score0.01602EPSS
Exploits2References2
OSV
OSV
added 2024/05/01 1:15 p.m.5 views

CVE-2024-33775

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet...

9.8CVSS5.8AI score0.01602EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/05/01 12:0 a.m.16 views

CVE-2024-33775

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet...

7.1AI score0.01602EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/05/01 12:0 a.m.5 views

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI version 2024R1.01, which stems from a problem with the component...

9.8CVSS7AI score0.01602EPSS
Exploits2References3
Cvelist
Cvelist
added 2024/05/01 12:0 a.m.18 views

CVE-2024-33775

An issue with the Autodiscover component in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted Dashlet...

6.9AI score0.01602EPSS
Exploits2References2
CVE
CVE
added 2024/05/01 12:0 a.m.78 views

CVE-2024-33775

CVE-2024-33775 concerns Nagios XI 2024R1.01 where the Autodiscover component is vulnerable to privilege escalation via a crafted Dashlet. Red Hat and CVE listings describe a remote attacker gaining high-privilege/root access through manipulation of the Dashlet (e.g., RSS dashlet) in Nagios XI. Pu...

9.8CVSS6.9AI score0.01602EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder