385 matches found
EUVD-2025-14935
Malicious code in bioql PyPI...
EUVD-2023-44083
Malicious code in bioql PyPI...
EUVD-2023-1681
Malicious code in bioql PyPI...
EUVD-2022-24818
Malicious code in bioql PyPI...
EUVD-2024-47206
Malicious code in bioql PyPI...
EUVD-2022-42579
Malicious code in bioql PyPI...
CVE-2025-9762 Post By Email <= 1.0.4b - Unauthenticated Arbitrary File Upload via Email Attachments
The Post By Email plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the saveattachments function in all versions up to, and including, 1.0.4b. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's...
CVE-2025-9762
CVE-2025-9762 affects the WordPress plugin Post By Email (versions ≤ 1.0.4b). The vulnerability arises from missing file type validation in save_attachments, allowing unauthenticated arbitrary file uploads to the server, with potential for remote code execution. Wordfence’s vulnerability report q...
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
...
USN-7729-1 kdepim vulnerabilities
Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that the KMail application of KDE PIM could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Und...
CLSA-2025-1752750189 emacs: Fix of CVE-2024-30204
CVE-2024-30204: disable LaTeX preview for e-mail attachments to protection when untrusted-content is non-nil...
CVE-2024-27448
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...
CVE-2024-23188
Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the users browser session. Common user interaction is required for the vulnerability to trigger. Attackers could perform malicious API requests or extract information from the users...
CVE-2021-25375
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment...
CVE-2009-1286
The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service daemon crash via a MIME e-mail message with RFC822 attachments aka blobs containing malformed root entities...
CVE-2001-1542
NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments...
CVE-2025-3932
It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web...
CVE-2025-3909 JavaScript Execution via Spoofed PDF Attachment and file:/// Link
Thunderbird's handling of the X-Mozilla-External-Attachment-URL header can be exploited to execute JavaScript in the file:/// context. By crafting a nested email attachment message/rfc822 and setting its content type to application/pdf, Thunderbird may incorrectly render it as HTML when opened,...
Sematell ReplyOne 安全漏洞
Sematell ReplyOne is an artificial intelligence-based reply management software from Sematell. A security vulnerability exists in Sematell ReplyOne version 7.4.3.0 that stems from the presence of cross-site scripting via ReplyDesk email attachment names...
CVE-2025-3523
When an email contains multiple attachments with external links via the X-Mozilla-External-Attachment-URL header, only the last link is shown when hovering over any attachment. Although the correct link is used on click, the misleading hover text could trick users into downloading content from...