EUVD-2026-20576

LORIS Longitudinal Online Research and Imaging System is a self-hosted web application that provides data- and project-management for neuroimaging research. From 20.0.0 to before 27.0.3 and 28.0.1, an endpoint in the publication module was incorrectly trusting the baseURL submitted by a user's PO...

CVE-2022-35924 Verification requests (magic link) sent to unwanted emails

NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...

[SECURITY] Fedora 35 Update: libspf2-1.2.11-1.20210922git4915c308.fc35

libspf2 is an implementation of the SPF Sender Policy Framework specification as found at: http://www.ietf.org/internet-drafts/draft-mengwong-spf-00.txt SPF allows email systems to check SPF DNS records and make sure that an email is authorized by the administrator of the domain name that it is...

IBM Maximo Asset Management Forgery Vulnerability

IBM Maximo Asset Management is a comprehensive asset lifecycle and maintenance management solution from IBM USA. The solution is capable of managing all types of assets, such as facilities, transportation, etc., on a single platform with a single point of control for these assets. A forgery...

CVE-2007-4073

Webbler CMS is affected up to version 3.1.5 (prior to 3.1.6). The vulnerability arises from insufficient validation of the "+mail a friend+" form, allowing remote attackers to cause the system to send forged emails. The issue is a misuse of an input form rather than a separate exploit channel, en...

CVE-2000-1203

Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service CPU consumption by forging an email message with the sender as [email protected] localhost, which causes Domino to enter a mail loop...