CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO fiel...

9.8CVSS7.3AI score0.00248EPSS

Exploits1References2

Tenable Nessus•added 2025/08/24 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2014-2957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The dmarcprocess function in dmarc.c in Exim before 4.82.1, when EXPERIMENTALDMARC is enabled, allows remote attackers to execute arbitrary code via the From...

6.8CVSS7.5AI score0.01821EPSS

Exploits1References2

Malwarebytes•added 2025/06/27 3:30 p.m.•6 views

Fake DocuSign email hides tricky phishing attempt

On my daily rounds, I encountered a phishing attempt that used a not completely unusual, yet clever delivery method. What began as a seemingly routine DocuSign notification turned into a multi-layered deception involving Webflow, a shady redirect, and a legitimate Google login page. Webflow is a...

7.2AI score

Exploits0

RedhatCVE•added 2025/05/23 10:21 a.m.•4 views

CVE-2024-7208

A vulnerability in multi-tenant hosting allows an authenticated sender to spoof the identity of a shared, hosted domain, thus bypass security measures provided by DMARC or SPF or DKIM policies...

6.5CVSS6.8AI score0.00098EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 5:37 p.m.•5 views

CVE-2020-36519

Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs...

4.9CVSS6.8AI score0.00232EPSS

Exploits1

RedhatCVE•added 2025/05/22 8:41 a.m.•4 views

CVE-2019-19702

The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to perform a denial of service against the DMARC reporting functionality, such as by referencing the /dev/random file within XML...

7.5CVSS7.2AI score0.00823EPSS

Exploits1References1

The Hacker News•added 2025/02/20 11:30 a.m.•5 views

DMARC for PCI DSS 4.0: A Good Practice for Securing Emails

PCI DSS 4.0 encourages the implementation of anti-phishing controls like DMARC! This highlights and reinforces the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. While not a mandate or a requirement for PCI DSS compliance, DMARC and...

7.3AI score

Exploits0

The Hacker News•added 2025/02/20 11:21 a.m.•17 views

PCI DSS 4.0 Mandates DMARC By 31st March 2025

The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing i...

7.4AI score

Exploits0

HackRead•added 2024/11/25 2:19 p.m.•7 views

99% of UAE’s .ae Domains Exposed to Phishing and Spoofing

Only 1.11% of UAE's 37,926 .ae domains have implemented DMARC, leaving most vulnerable to phishing and and spoofing attacks...

7.3AI score

Exploits0

Fedora•added 2024/11/11 5:9 a.m.•8 views

[SECURITY] Fedora 40 Update: opendmarc-1.4.2-21.fc40

OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that supports the...

7.5CVSS7.5AI score0.00078EPSS

Exploits1

Fedora•added 2024/11/11 2:20 a.m.•14 views

[SECURITY] Fedora 41 Update: opendmarc-1.4.2-21.fc41

7.5CVSS7.5AI score0.00078EPSS

Exploits1

CERT•added 2024/07/30 12:0 a.m.•22 views

Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement

Overview Multiple hosted, outbound SMTP servers are vulnerable to email impersonation. This allows authenticated users and certain trusted networks to send emails containing spoofed sender information. Two vulnerabilities were identified that reduce the authentication and verification of the...

6.5CVSS6.6AI score0.00238EPSS

Exploits0References8

The Hacker News•added 2024/05/03 9:37 a.m.•17 views

NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources

The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties. The joint bulletin was published by the National Security Agency NSA, the...

7AI score

Exploits0

The Hacker News•added 2024/04/22 7:12 a.m.•21 views

Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage

Microsoft has revealed that North Korea-linked state-sponsored cyber actors have begun to use artificial intelligence AI to make its operations more effective and efficient. "They are learning to use tools powered by AI large language models LLM to make their operations more efficient and...

7.2AI score

Exploits0