57 matches found
CVE-2026-41232
CVE-2026-41232 (Froxlor) : In Froxlor prior to 2.3.6, EmailSender::add() uses the wrong array index when splitting an email address, passing the local part to validateLocalDomainOwnership() instead of the domain. This makes the domain ownership check pass for non-existent domains, allowing any au...
Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing
Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...
GHSA-VMJJ-QR7V-PXM6 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing
Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...
CVE-2025-66525
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...
EUVD-2025-202147
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...
CVE-2025-66525
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...
CVE-2025-66525 WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...
CVE-2025-66525
CVE-2025-66525 concerns a Missing Authorization vulnerability in the WordPress Elastic Email Sender plugin (versions up to 1.2.20). The underlying issue is incorrectly configured access control, resulting in a broken access control vulnerability that affects the plugin’s elastic-email-sender comp...
CVE-2025-66525 WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...
WordPress plugin Elastic Email Sender 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...
PT-2025-49873
Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...
WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Elastic Email Sender versions = 1.2.20...
CVE-2025-2140
IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data...
EUVD-2015-5803
Malware in sbrugna...
EUVD-2023-42204
Malicious code in bioql PyPI...
EUVD-2024-26809
Malicious code in bioql PyPI...
CVE-2024-29815
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aminur Islam WP Change Email Sender allows Stored XSS.This issue affects WP Change Email Sender: from n/a before 1.3.0...
CVE-2023-38387
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Elastic Email Sender plugin = 1.2.6 versions...
Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.7 MFSA 2025-10, bsc1236539. Security fixes: CVE-2025-1009: use-after-free in XSLT. CVE-2025-1010: use-after-free in Custom Highlight. CVE-2025-1011: a bug in WebAssembly code generation could result i...
PT-2025-3931 · Mozilla +8 · Thunderbird +8
Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 128.7 Thunderbird versions prior to 135 Description: The issue arises when the From field of an email uses invalid group name syntax. This results in Thunderbird displaying an incorrect sender address...