Lucene search
K

57 matches found

CVE
CVE
added 2026/04/23 3:54 a.m.21 views

CVE-2026-41232

CVE-2026-41232 (Froxlor) : In Froxlor prior to 2.3.6, EmailSender::add() uses the wrong array index when splitting an email address, passing the local part to validateLocalDomainOwnership() instead of the domain. This makes the domain ownership check pass for non-existent domains, allowing any au...

5CVSS5.8AI score0.00231EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2026/04/16 12:47 a.m.7 views

Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing

Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...

5CVSS5.9AI score0.00231EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/04/16 12:47 a.m.9 views

GHSA-VMJJ-QR7V-PXM6 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing

Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...

5CVSS5.9AI score0.00231EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/12/10 2:22 p.m.3 views

CVE-2025-66525

Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...

4.3CVSS7AI score0.00249EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.3 views

EUVD-2025-202147

Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...

6.5AI score0.00249EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:18 p.m.3 views

CVE-2025-66525

Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...

4.3CVSS0.00249EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:13 p.m.20 views

CVE-2025-66525 WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...

4.3CVSS0.00249EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:13 p.m.5 views

CVE-2025-66525

CVE-2025-66525 concerns a Missing Authorization vulnerability in the WordPress Elastic Email Sender plugin (versions up to 1.2.20). The underlying issue is incorrectly configured access control, resulting in a broken access control vulnerability that affects the plugin’s elastic-email-sender comp...

4.3CVSS6.6AI score0.00249EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:13 p.m.2 views

CVE-2025-66525 WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...

6.6AI score0.00249EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.4 views

WordPress plugin Elastic Email Sender 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A security...

4.3CVSS6.6AI score0.00249EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/09 12:0 a.m.4 views

PT-2025-49873

Missing Authorization vulnerability in Elastic Email Elastic Email Sender elastic-email-sender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elastic Email Sender: from n/a through = 1.2.20...

4.3CVSS7AI score0.00249EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/10/28 3:31 a.m.4 views

WordPress Elastic Email Sender plugin <= 1.2.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Elastic Email Sender versions = 1.2.20...

4.3CVSS7AI score0.00249EPSS
Exploits0Affected Software1
OSV
OSV
added 2025/10/12 2:15 p.m.7 views

CVE-2025-2140

IBM Engineering Requirements Management Doors Next 7.0.2, 7.0.3, and 7.1 could allow an authenticated user on the network to spoof email identity of the sender due to improper verification of source data...

5.7CVSS5.5AI score0.00116EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-5803

Malware in sbrugna...

5CVSS6.3AI score0.01947EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-42204

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.00316EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-26809

Malicious code in bioql PyPI...

5.9CVSS8.6AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:56 a.m.6 views

CVE-2024-29815

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aminur Islam WP Change Email Sender allows Stored XSS.This issue affects WP Change Email Sender: from n/a before 1.3.0...

5.9CVSS8.6AI score0.00359EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:16 a.m.8 views

CVE-2023-38387

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Elastic Email Sender plugin = 1.2.6 versions...

5.9CVSS5.6AI score0.00316EPSS
Exploits0References1
SUSE Linux
SUSE Linux
added 2025/02/10 1:54 p.m.2 views

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.7 MFSA 2025-10, bsc1236539. Security fixes: CVE-2025-1009: use-after-free in XSLT. CVE-2025-1010: use-after-free in Custom Highlight. CVE-2025-1011: a bug in WebAssembly code generation could result i...

8.8CVSS7.6AI score0.01331EPSS
Exploits0References26
Positive Technologies
Positive Technologies
added 2025/02/04 12:0 a.m.9 views

PT-2025-3931 · Mozilla +8 · Thunderbird +8

Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 128.7 Thunderbird versions prior to 135 Description: The issue arises when the From field of an email uses invalid group name syntax. This results in Thunderbird displaying an incorrect sender address...

9.8CVSS9.3AI score0.1307EPSS
Exploits3References345
Rows per page
Query Builder