Lucene search
K

9 matches found

EUVD
EUVD
added 2026/06/20 12:14 a.m.9 views

EUVD-2026-38101

Capgo before 12.128.12 allows authenticated users to modify their mutable public.users.email to arbitrary addresses, which the SSO provisioning endpoint trusts as an account-merge key. Attackers can pre-position their account with a victim's corporate SSO email, causing the provision-user endpoin...

8.7CVSS6AI score0.00228EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-8406

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.00268EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/29 9:35 a.m.17 views

CVE-2025-29993

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...

5.3CVSS7.7AI score0.00268EPSS
Exploits0References1
NVD
NVD
added 2025/03/27 10:15 a.m.15 views

CVE-2025-29993

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...

5.3CVSS0.00268EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/27 9:6 a.m.18 views

CVE-2025-29993

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...

5.3CVSS0.00268EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/27 9:6 a.m.9 views

CVE-2025-29993

The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail...

5.3CVSS5.7AI score0.00268EPSS
Exploits0References2
CVE
CVE
added 2025/03/27 9:6 a.m.82 views

CVE-2025-29993

CVE-2025-29993 affects PowerCMS versions PowerCMS 6.6 and earlier, PowerCMS 5.27 and earlier, and PowerCMS 4.58 and earlier. The vulnerability is an HTTP header injection flaw in PowerCMS that can cause the product to send emails (e.g., password reset) containing tampered URLs. The root cause is ...

5.3CVSS7.3AI score0.00268EPSS
Exploits0References2
Prion
Prion
added 2022/01/26 7:15 p.m.11 views

Code injection

jpress v 4.2.0 is vulnerable to RCE via io.jpress.module.product.ProductNotifyKitdoSendEmail. The admin panel provides a function through which attackers can edit the email templates and inject some malicious code...

6.5CVSS8.6AI score0.01328EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2000/12/19 5:0 a.m.23 views

CVE-2000-1138

Lotus Notes R5 client R5.0.5 and earlier does not properly warn users when an S/MIME email message has been modified, which could allow an attacker to modify the email in transit without being detected...

6.5AI score0.01162EPSS
Exploits0References2
Rows per page
Query Builder