EUVD-2016-7730

Malware in sbrugna...

EUVD-2022-37606

Malicious code in bioql PyPI...

CVE-2023-6496

The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the cardfamneexportsettings function. This makes it possible for unauthenticated attackers to obtain plugin settings...

CVE-2024-27999

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Digamber Pradhan Preview E-mails for WooCommerce allows Reflected XSS.This issue affects Preview E-mails for WooCommerce: from n/a through 2.2.1...

aiosmtpd vulnerable to SMTP smuggling

Summary aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing...

CVE-2024-27305

aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send...

CVE-2024-27938 SMTP Smuggling in Postal

Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from ...

BIT-MAGENTO-2021-28585 Magento Commerce improper input validation in customer customer webapi

Magento versions 2.4.2 and earlier, 2.4.1 and earlier and 2.3.6 and earlier are affected by an Improper input validation vulnerability in the New customer WebAPI.Successful exploitation could allow an attacker to send unsolicited spam e-mails...

Authorization

The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the cardfamneexportsettings function. This makes it possible for unauthenticated attackers to obtain plugin settings...

CVE-2023-6496

CVE-2023-6496 affects the WordPress plugin Manage Notification E-mails (up to and including version 1.8.5). The root cause is Missing Authorization in the function card_famne_export_settings, allowing unauthenticated attackers to retrieve plugin settings. Public sources confirm the issue and that...

CVE-2023-6496 Manage Notification E-mails <= 1.8.5 - Missing Authorization

The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the cardfamneexportsettings function. This makes it possible for unauthenticated attackers to obtain plugin settings...

CVE-2023-6496

The Manage Notification E-mails plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.8.5 via the cardfamneexportsettings function. This makes it possible for unauthenticated attackers to obtain plugin settings...

Exim < 4.97.1 SMTP Smuggling Vulnerability (Dec 2023)

Exim is prone to a SMTP smuggling vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:exim:exim"; if description...

CVE-2023-33558

An information disclosure vulnerability in the component users-grid-data.php of Ocomon before v4.0.1 allows attackers to obtain sensitive information such as e-mails and usernames...

CVE-2023-43770

Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcubestringreplacer.php behavior...

CVE-2021-24916

The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubelysendformdata AJAX action...

Design/Logic Flaw

The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubelysendformdata AJAX action...

CVE-2021-24916

CVE-2021-24916 affects the Qubely WordPress plugin prior to 1.8.6. An unauthenticated attacker can use the qubely_send_form_data AJAX action to send arbitrary emails to arbitrary recipients. Root cause described as broken access control on the AJAX endpoint. CVSS v3.1 base score 7.5 HIGH (Network...

Qubely < 1.8.6 - Unauthenticated Arbitrary E-mail Sending

Description The plugin allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubelysendformdata AJAX action. PoC Execute the below command in the web developer console, on the blog homepage as an unauthenticated user, replacing domain by the domain of the blog:...

Debian: Security Advisory (DLA-537-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...