CVE-2026-5041

A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The...

CVE-2026-27492

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...

CVE-2026-27492

Lettermint Node.js SDK is the official Node.js SDK for Lettermint. In versions 1.5.0 and below, email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a...

Lettermint Node.js SDK leaks email properties to unintended recipients when client instance is reused

Impact Email properties such as to, subject, html, text, and attachments are not reset between sends when a single client instance is reused across multiple .send calls. This can cause properties from a previous send to leak into a subsequent one, potentially delivering content or recipient...

SSRF-to-RCE-Scanner

SSRF-to-RCE-Scanner IT is advanced Python-based security tool...

Revive Adserver: Improper sanitisation of input in the settings could cause DoS

A vulnerability was found in the settings functionality of the application where attacker-controlled values in the emailfromName and emailfromCompany fields were persisted and later rendered to pages without proper output encoding. This could have led to the execution of arbitrary JavaScript in t...

EUVD-2012-2565

Malware in sbrugna...

EUVD-2019-2615

Malware in sbrugna...

EUVD-2025-27681

Malicious code in bioql PyPI...

CVE-2025-10099 Portabilis i-Educar Editar usuário educar_usuario_cad.php cross site scripting

A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educarusuariocad.php of the component Editar usuário Page. This manipulation of the argument email/datainicial/dataexpiracao causes cross site...

CVE-2024-40478

A Stored Cross Site Scripting XSS vulnerability was found in "/admin/afeedback.php" in Kashipara Online Exam System v1.0, which allows remote attackers to execute arbitrary code via "rname" and "email" parameter fields...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on PHP and MySQL servers. A cross-site scripting vulnerability exists in the WordPress plugin that stems from Forminator not cleaning up and...

CVE-2021-35956

Stored cross-site scripting XSS in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email from/to/cc, System Name, and System Location fields...

AKCP sensorProbe 跨站脚本漏洞

The AKCP sensorProbe is a platform-independent environmental and safety monitoring device from AKCP USA. Simply assign an IP address and connect to the embedded web server. A cross-site scripting vulnerability exists in versions prior to SP480-20210624 of the AKCP sensorProbe Embedded Web Server...

CVE-2019-1933 Cisco Email Security Appliance Content Filter Bypass Vulnerability

A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance ESA could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper input validation of certain email fields. An attacker cou...

CVE-2017-11503

PHPMailer 5.2.23 has XSS in the "From Email Address" and "To Email Address" fields of codegenerator.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 To, 2 From, 3 Date, or 4 Subject field of an email...

CVE-2012-2579

Multiple cross-site scripting XSS vulnerabilities in the WP SimpleMail plugin 1.0.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 To, 2 From, 3 Date, or 4 Subject field of an email...

CVE-2013-0257

The email2image module 6.x-1.x and 6.x-2.x for Drupal does not properly restrict access to nodes, which allows remote attackers to read images of user email addresses and email fields...

WordPress SimpleMail Plugin Email fields script insertion vulnerabilities and fixes-vulnerability warning-the black bar safety net

WordPress is a PHP language and MySQL database development Blog（blog, blogengine, users can support PHP and MySQL database server on build your own Blog. SimpleMail plugin for WordPress 1.0.6 and other versions in the realization on the presence of a plurality of vulnerabilities, through the e-ma...