Lucene search
K

8 matches found

CNNVD
CNNVD
added 2026/03/13 12:0 a.m.8 views

WordPress plugin wpDiscuz 输入验证错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. A...

6.3CVSS5.8AI score0.00221EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/27 9:31 p.m.12 views

CVE-2024-53860 Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler

sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...

8.6CVSS8.6AI score0.00451EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/27 9:31 p.m.27 views

CVE-2024-53860 Potential Abuse for Sending Arbitrary Emails in sp-php-email-handler

sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to...

8.6CVSS0.00451EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:17 a.m.5 views

SUSE CVE-2005-3351

SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients "To" addresses, which triggers a bus error in Perl...

5CVSS6.9AI score0.07259EPSS
Exploits0References4
NVD
NVD
added 2022/03/10 5:45 p.m.22 views

CVE-2022-23940

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the emailrecipients property. By using a crafted request, they can create a malicious report, containin...

8.8CVSS0.53235EPSS
Exploits2References2
Prion
Prion
added 2022/03/10 5:45 p.m.20 views

Deserialization of untrusted data

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the emailrecipients property. By using a crafted request, they can create a malicious report, containin...

6.5CVSS8.8AI score0.53235EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2022/03/07 7:6 p.m.18 views

CVE-2022-23940

SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the emailrecipients property. By using a crafted request, they can create a malicious report, containin...

8.8CVSS7.2AI score0.53235EPSS
Exploits2References4
ThreatPost
ThreatPost
added 2018/02/12 12:58 p.m.13 views

Romance Scams Drive Necurs Botnet Activity in Run Up to Valentine’s Day

Necurs botnet activity is spiking as scammers use the network to flood inboxes with promises of companionship, in part of a seasonal wave of Valentine’s Day-themed spam. Victims are encouraged to share revealing photos of themselves, which scammers later use as leverage in extortion shakedowns. T...

0.1AI score
Exploits0References4
Rows per page
Query Builder