134 matches found
mailcow: dockerized 安全漏洞
mailcow: dockerized is a Dockerized version of the mailcow open-source application. Versions before 2026-03b of mailcow have security vulnerabilities; these vulnerabilities stem from a second-level SQL injection in the quarantinecategory field, which may allow arbitrary SQL executions and the...
PT-2026-34055
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, no administrator verification takes place when deleting Forwarding Hosts with /api/v1/delete/fwdhost. Any authenticated user can call this API. Checks are only applied for edit/add actions,...
PT-2026-34053
Name of the Vulnerable Software and Affected Versions mailcow: dockerized versions prior to 2026-03b Description The admin dashboard Autodiscover logs fail to perform HTML escaping on the EMailAddress value, which is logged as the user field. An unauthenticated attacker can submit a crafted...
mailcow: dockerized 跨站脚本漏洞
mailcow: dockerized is a Dockerized version of the mailcow open-source application. Versions before 2026-03b of mailcow had a cross-site scripting vulnerability. This vulnerability stemmed from the Web interface passing the original $SERVERREQUESTURI as a global template variable to Twig, and...
mailcow: dockerized 安全漏洞
mailcow: dockerized is a dockerized version of the mailcow open-source application. Versions of mailcow before dockerized 2026-03b contained security vulnerabilities. These vulnerabilities stemmed from the lack of HTML encoding for client IP addresses in the user dashboard login history, and the...
mailcow: dockerized 跨站脚本漏洞
mailcow: dockerized is a dockerized version of the mailcow open-source application. Versions of mailcow before 2026-03b contained a cross-site scripting vulnerability. This vulnerability stemmed from the fact that the isolated details modal boxes did not escape the attachment file names, allowing...
mailcow: dockerized 访问控制错误漏洞
mailcow: dockerized is a dockerized version of the mailcow open-source application. Versions of mailcow before 2026-03b contained an access control vulnerability. This vulnerability stemmed from the lack of administrator verification when deleting forwarding hosts, allowing any authenticated user...
PT-2026-33640
Name of the Vulnerable Software and Affected Versions mailcow: dockerized versions prior to 2026-03b Description A second-order SQL injection exists in the Mailcow API. The endpoint '/api/v1/add/mailbox' stores the quarantine category variable without proper validation or sanitization. This value...
Metasploit-Project
MSF Cloud — Security Exploitation & Education Platform SSEP...
Exploit for Path Traversal in Zenml
zenml-CVE-2024-2083-POC Dockeriz...
mailcow: Dockerized Host Header Password Reset Poisoning Scanner
This Metasploit module adds a scanner for a Host header poisoning vulnerability in mailcow:dockerized versions prior to 2025-01a. The vulnerability occurs because the application improperly trusts the HTTP Host header when generating password reset links. By supplying a crafted Host header during...
Exploit for CVE-2025-55182
React2Shell — Vulnerable Lab CVE-2025-55182 React2Shell is...
Exploit for Open Redirect in Mailcow Mailcow\:_Dockerized
HTTPS File Server A secure HTTPS file server implemented in G...
Exploit for Open Redirect in Mailcow Mailcow\:_Dockerized
CVE-2024-25198 mailcow: dockerized is an open source groupwar...
EUVD-2017-17868
Malware in sbrugna...
EUVD-2023-53096
Malicious code in bioql PyPI...
EUVD-2024-39294
Malicious code in bioql PyPI...
EUVD-2024-21271
Malicious code in bioql PyPI...
Training Language Model Agents to Find Vulnerabilities with CTF-Dojo
Large language models LLMs have demonstrated exceptional capabilities when trained within executable runtime environments, notably excelling at software engineering tasks through verified feedback loops. Yet, scalable and generalizable execution-grounded environments remain scarce, limiting...
Exploit for CVE-2024-53900
CVE-2024-53900 - Mongoose populate.match $where RCE This r...