278 matches found
SureForms <= 1.13.1 - Sensitive Information Exposure
SureForms WordPress plugin = 1.13.1 contains a sensitive information exposure caused by setting 'authcallback' to 'returntrue' in 'srfmemailnotification' post meta registration, letting unauthenticated attackers access sensitive email notification data, exploit requires no authentication. id:...
EUVD-2026-29830
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...
CVE-2026-35504
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...
CVE-2026-35504 Subnet Solutions PowerSYSTEM Center CRLF injection
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...
CVE-2026-35504
CVE-2026-35504 affects PowerSYSTEM Center's email notification service, with a CRLF injection vulnerability when using SMTPS. The available data provides CVSS 4.0/3.1 base metrics (MEDIUM) and does not specify affected versions, root cause details, exploitation status, or remediation. The descrip...
CVE-2026-35504 Subnet Solutions PowerSYSTEM Center CRLF injection
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...
CVE-2026-35504
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...
PT-2026-40431
PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...
CVE-2026-5753 All-in-One WP Migration Unlimited Extension <= 2.83 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Backup Schedule Creation and Backup File Download
The All-in-One WP Migration Unlimited Extension plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.83. This is due to the 'Ai1wmveSchedulesController::save' handler for 'adminpostai1wmscheduleeventsave' not verifying user capabilities before saving...
PT-2026-37349
The Fluent Forms plugin for WordPress is vulnerable to Arbitrary File Read in versions up to and including 6.2.1. This is due to insufficient path validation in the getAttachments method of EmailNotificationActions, which resolves attacker-supplied file-upload URLs into filesystem paths without...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the email notification rendering process. An attacker can inject arbitrary HTML content, such as phishing links or tracking images, by crafting malicious task titles that are embedded in notification emails...
CVE-2026-3226
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...
CVE-2026-3226 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering
The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized email notification triggering due to missing capability checks on all 10 functions in the SendEmailAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catchlpajax dispatcher verifies a...
CVE-2025-6593
CVE-2025-6593 affects Wikimedia Foundation MediaWiki. A remote attacker could entice a user to interact with malicious content in includes/user/User.Php, potentially leading to disclosure of limited sensitive information. Affected versions include MediaWiki 1.27.0 before 1.39.13, 1.42.7–1.43.2, a...
CVE-2024-39836
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0 and 9.8.x = 9.8.2 fail to ensure that remote/synthetic users cannot create sessions or reset passwords, which allows the munged email addresses, created by shared channels, to be used to receive email notifications and to reset...
CVE-2023-50932
An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visitin...
CVE-2025-12536
The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the 'srfmemailnotification' post meta registration. This is due to setting the 'authcallback' parameter to 'returntrue', which allows unauthenticated access to the...
EUVD-2025-150406
The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the 'srfmemailnotification' post meta registration. This is due to setting the 'authcallback' parameter to 'returntrue', which allows unauthenticated access to the...
CVE-2025-12536 SureForms <= 1.13.1 - Missing Authorization to Unauthenticated Sensitive Information Exposure
The SureForms plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.1 via the 'srfmemailnotification' post meta registration. This is due to setting the 'authcallback' parameter to 'returntrue', which allows unauthenticated access to the...
CVE-2025-12536
CVE-2025-12536 affects WordPress SureForms plugin up to version 1.13.1. The issue is missing authorization on the _srfm_email_notification post meta, where the auth_callback was set to __return_true, allowing unauthenticated access to sensitive metadata (e.g., email notification configurations, C...