21 matches found
CVE-2026-33740
EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...
GHSA-4F9R-X588-PP2H Fleet's user account creation via invite does not enforce invited email address
Summary Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token could create an account under an arbitrary email address whi...
CVE-2026-34389 Fleet's user account creation via invite does not enforce invited email address
Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token...
EUVD-2021-20351
Malware in sbrugna...
CVE-2023-5054
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attacker...
Cross-site Scripting (XSS)
Overview froxlor/froxlor is a server administration software. Affected versions of this package are vulnerable to Cross-site Scripting XSS through the domain field in the email creation form by redirecting users to malicious external websites. Details Cross-site scripting or XSS is a code...
WordPress Ultimate Auction plugin <= 4.2.7 - Missing Authorization to Unauthenticated Email Creation vulnerability
Missing Authorization to Unauthenticated Email Creation vulnerability discovered by Lucio Sá in WordPress Plugin Ultimate Auction versions = 4.2.7...
CVE-2024-6591 Ultimate WordPress Auction Plugin <= 4.2.7 - Missing Authorization to Unauthenticated Email Creation
The Ultimate WordPress Auction Plugin plugin for WordPress is vulnerable to unauthorized email creation and sending due to a missing capability check on the 'sendauctionemailcallback' and 'resendauctionemailcallback' functions in all versions up to, and including, 4.2.7. This makes it possible fo...
Super Store Finder < 6.9.4 - Unauthenticated Email Creation/Sending
Description The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content...
CVE-2023-5054
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attacker...
CVE-2023-5054
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation/relay due to insufficient restrictions on the sendMail.php file, affecting versions up to 6.9.3. This allows unauthenticated attackers to send emails via the vulnerable site’s server with arbitra...
CVE-2023-5054 Super Store Finder <= 6.9.3 - Unauthenticated Email Creation/Sending
The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.3. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attacker...
Fedora: Security Advisory for php-phpmailer6 (FEDORA-2023-e51479556c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 37 Update: php-phpmailer6-6.8.1-1.fc37
PHPMailer - A full-featured email creation and transfer class for PHP Class Features Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more Integrated SMTP support - send without a local...
CVE-2021-33674
Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting XSS vulnerability when creating a new email and to execute arbitrary code on the victim's browser...
SAP Contact Center 跨站脚本漏洞
SAP Contact Center, a new cloud service from SAP, is a modern contact center solution built on top of SAP's on-premise contact center software that puts agents at their fingertips. The vulnerability stems from a program that does not properly encode input. An attacker could use the vulnerability ...
[SECURITY] Fedora 31 Update: php-phpmailer6-6.1.6-1.fc31
PHPMailer - A full-featured email creation and transfer class for PHP Class Features Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more Integrated SMTP support - send without a local...
[SECURITY] Fedora 28 Update: php-phpmailer6-6.0.6-1.fc28
PHPMailer - A full-featured email creation and transfer class for PHP Class Features Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more Integrated SMTP support - send without a local...
[SECURITY] Fedora 27 Update: php-phpmailer6-6.0.6-1.fc27
PHPMailer - A full-featured email creation and transfer class for PHP Class Features Probably the world's most popular code for sending email from PHP! Used by many open-source projects: WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more Integrated SMTP support - send without a local...
sp mode mail issue where emails in the process of creation may be accessed
Overview sp mode mail provided by NTT DOCOMO contains an application link interface so that mail data can be exchanged with external application during email creation. When the application to be linked is selected, the email contents and attachment are saved to the SD card, therefore other Androi...