CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

234 matches found

Positive Technologies•added 2026/05/12 12:0 a.m.•6 views

PT-2026-40334

Name of the Vulnerable Software and Affected Versions Exim versions 4.97 through 4.99.2 Description A use-after-free issue exists in the BDAT body parsing path of Exim when compiled with GnuTLS. The flaw is triggered when an unauthenticated remote attacker establishes a TLS connection, begins a...

10CVSS6.3AI score0.00087EPSS

Exploits2References110

Github Security Blog•added 2026/03/25 5:3 p.m.•3 views

Modoboa has OS Command Injection

Summary execcmd in modoboa/lib/sysutils.py always runs subprocess calls with shell=True. Since domain names flow directly into shell command strings without any sanitization, a Reseller or SuperAdmin can include shell metacharacters in a domain name to run arbitrary OS commands on the server...

7.2CVSS6.1AI score0.00036EPSS

Exploits1References5Affected Software1

RedhatCVE•added 2026/01/07 9:43 a.m.•1 views

CVE-2026-21439

badkeys is a tool and library for checking cryptographic public keys for known vulnerabilities. In versions 0.0.15 and below, an attacker may inject content with ASCII control characters like vertical tabs, ANSI escape sequences, etc., that can create misleading output of the badkeys command-line...

5.1CVSS6.8AI score0.00014EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2011-1414

Malware in sbrugna...

7.5CVSS6.6AI score0.00554EPSS

Exploits0References8

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2011-1763

Malware in sbrugna...

7.5CVSS7.9AI score0.04718EPSS

Exploits0References10

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-20516

Malware in sbrugna...

7.5CVSS7.8AI score0.01407EPSS

Exploits1References7

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-4192

Malware in sbrugna...

9CVSS8.7AI score0.00423EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2016-10748

Malware in sbrugna...

5.9CVSS6AI score0.01884EPSS

Exploits0References12

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2009-0770

Malware in sbrugna...

5CVSS6.2AI score0.01461EPSS

Exploits1References9

Malwarebytes•added 2025/06/27 3:30 p.m.•6 views

Fake DocuSign email hides tricky phishing attempt

On my daily rounds, I encountered a phishing attempt that used a not completely unusual, yet clever delivery method. What began as a seemingly routine DocuSign notification turned into a multi-layered deception involving Webflow, a shady redirect, and a legitimate Google login page. Webflow is a...

7.2AI score

Exploits0

RedhatCVE•added 2025/05/23 10:21 a.m.•3 views

CVE-2024-7208

A vulnerability in multi-tenant hosting allows an authenticated sender to spoof the identity of a shared, hosted domain, thus bypass security measures provided by DMARC or SPF or DKIM policies...

6.5CVSS6.8AI score0.00098EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:9 p.m.•4 views

CVE-2020-28025

Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkimfinishbodyhash does not validate the relationship between sig-bodyhash.len and b-bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory...

7.5CVSS6.4AI score0.01407EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:11 p.m.•6 views

CVE-2020-11852

DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway SMG. Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM syst...

9CVSS6.7AI score0.00423EPSS

Exploits0References1

The Hacker News•added 2025/04/22 10:50 a.m.•46 views

Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials

In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google's infrastructure and redirect message recipients to fraudulent sites that harvest their credentials. "The first thing to no...

7.3AI score

Exploits0

Redos•added 2024/08/06 12:0 a.m.•17 views

ROS-20240806-07

A vulnerability in the Fake Authentication Result Handler component of OpenDKIM DKIM filter software is related to the lack of sequence number verification when deleting fake fields. Exploitation of the vulnerability could allow an attacker acting remotely to impact the confidentiality, integrity...

5.3CVSS6.8AI score0.00167EPSS

Exploits0

CERT•added 2024/07/30 12:0 a.m.•21 views

Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement

Overview Multiple hosted, outbound SMTP servers are vulnerable to email impersonation. This allows authenticated users and certain trusted networks to send emails containing spoofed sender information. Two vulnerabilities were identified that reduce the authentication and verification of the...

6.5CVSS6.6AI score0.00238EPSS

Exploits0References8

The Hacker News•added 2024/07/29 1:19 p.m.•23 views

Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails

An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various popular companies like Best Buy, IBM, Nike, and Walt Disney, among others. "These emails...

7.2AI score

Exploits0

The Hacker News•added 2024/02/26 2:10 p.m.•39 views

8,000+ Domains of Trusted Brands Hijacked for Massive Spam Operation

More than 8,000 domains and 13,000 subdomains belonging to legitimate brands and institutions have been hijacked as part of a sophisticated distribution architecture for spam proliferation and click monetization. Guardio Labs is tracking the coordinated malicious activity, which has been ongoing...

7.4AI score

Exploits0