Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

330 matches found

RedhatCVE
RedhatCVEadded 2026/05/04 8:21 p.m.21 views

CVE-2026-6320

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

7.5CVSS5.9AI score0.00143EPSS
Exploits0References1
NVD
NVDadded 2026/05/02 12:16 p.m.0 views

CVE-2026-6320

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

7.5CVSS0.00143EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/02 11:16 a.m.0 views

CVE-2026-6320

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

7.5CVSS5.9AI score0.00143EPSS
Exploits0References3
EUVD
EUVDadded 2026/05/02 11:16 a.m.10 views

EUVD-2026-26784

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

7.5CVSS5.9AI score0.00143EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/05/02 12:0 a.m.10 views

PT-2026-36611

The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email...

7.5CVSS5.9AI score0.00143EPSS
Exploits0References3
NVD
NVDadded 2026/02/04 9:16 p.m.5 views

CVE-2026-25512

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.150, 25.0.82, and 26.0.5, there is a remote code execution RCE vulnerability in Group-Office. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled...

9.4CVSS0.22609EPSS
Exploits2References2
RedhatCVE
RedhatCVEadded 2026/01/14 11:19 p.m.4 views

CVE-2022-50908

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...

7.2CVSS6AI score0.00055EPSS
Exploits0References1
Snyk
Snykadded 2026/01/13 11:52 p.m.3 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the email attachments due to the missing verification for API requests to localhost. An attacker can execute arbitrary scripts in the context of the user's browser by sending specially crafted emails...

7.2CVSS5.4AI score0.00055EPSS
Exploits0References2
NVD
NVDadded 2026/01/13 11:15 p.m.1 views

CVE-2022-50908

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...

7.2CVSS0.00055EPSS
Exploits0References4
OSV
OSVadded 2026/01/13 11:15 p.m.2 views

CVE-2022-50908

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...

7.2CVSS5.9AI score0.00055EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/01/13 10:51 p.m.20 views

CVE-2022-50908 Mailhog 1.0.1 - Stored Cross-Site Scripting (XSS)

Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation...

7.2CVSS0.00055EPSS
Exploits0References4
CVE
CVEadded 2026/01/13 10:51 p.m.11 views

CVE-2022-50908

MailHog 1.0.1 is affected by a stored XSS vulnerability in attachments that allows execution of arbitrary API calls (e.g., message deletion, browser manipulation) when a crafted email is processed. Technical details from multiple sources indicate the issue stems from improper handling of attachme...

7.2CVSS5.6AI score0.00055EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2026/01/13 12:0 a.m.3 views

PT-2026-2384

Name of the Vulnerable Software and Affected Versions Mailhog version 1.0.1 Description Mailhog version 1.0.1 has a stored cross-site scripting issue. Attackers can inject malicious scripts through email attachments. By sending crafted emails with XSS payloads, attackers can execute arbitrary API...

7.2CVSS5.8AI score0.00055EPSS
Exploits0References6
CNNVD
CNNVDadded 2026/01/13 12:0 a.m.6 views

MailHog 跨站脚本漏洞

MailHog is MailHog open source a SMTP protocol testing tool . Mailhog version 1.0.1 suffers from a cross-site scripting vulnerability that stems from stored cross-site scripting , which could lead to an attacker injecting malicious scripts and executing arbitrary API calls via email attachments...

7.2CVSS5.8AI score0.00055EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/01/09 12:36 p.m.5 views

CVE-2023-49243

Vulnerability of unauthorized access to email attachments in the email module. Successful exploitation of this vulnerability may affect service confidentiality...

7.5CVSS6.8AI score0.00111EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/01/09 10:40 a.m.7 views

CVE-2022-35487

Zammad 5.2.0 suffers from Incorrect Access Control. Zammad did not correctly perform authorization on certain attachment endpoints. This could be abused by an unauthenticated attacker to gain access to attachments, such as emails or attached files...

7.5CVSS7.2AI score0.00805EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2025/12/02 12:0 a.m.6 views

PT-2025-48654

The SureMail – SMTP and Email Logs Plugin for WordPress is vulnerable to Unrestricted Upload of File with Dangerous Type in versions up to and including 1.9.0. This is due to the plugin's save file function in inc/emails/handler/uploads.php which duplicates all email attachments to a web-accessib...

8.1CVSS7.4AI score0.0018EPSS
Exploits0References7
Debian
Debianadded 2025/11/20 5:53 p.m.6 views

[SECURITY] [DLA 4375-1] webkit2gtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4375-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 20, 2025 https://wiki.debian.org/LTS -...

9.8CVSS7AI score0.00554EPSS
Exploits0
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2010-4518

Malware in sbrugna...

5CVSS6.4AI score0.00645EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2002-1976

Malware in sbrugna...

7.5CVSS6.4AI score0.00913EPSS
Exploits0References4
Rows per page
Query Builder