Lucene search
+L

50006 matches found

nuclei
nuclei
added yesterday64 views

Email Subscribers by Icegram Express <= 5.7.20 - Unauthenticated SQL Injection via Hash

Email Subscribers by Icegram Express = 5.7.20 contains an unauthenticated SQL injection vulnerability via the hash parameter. id: CVE-2024-4295 info: name: Email Subscribers by Icegram Express = 5.7.20 - Unauthenticated SQL Injection via Hash author: iamnoooob,rootxharsh,pdresearch severity:...

9.8CVSS7.1AI score0.10161EPSS
Exploits1References4
nuclei
nuclei
added yesterday53 views

WordPress Core - Post Author Email Disclosure

WordPress Core is vulnerable to Sensitive Information Exposure in versions between 4.7.0 and 6.3.1 via the User REST endpoint. While the search results do not display user email addresses unless the requesting user has the 'listusers' capability, the search is applied to the useremail column. id:...

5.3CVSS6.5AI score0.03862EPSS
Exploits4References3
nuclei
nuclei
added yesterday108 views

OpenCATS 0.9.6 - Cross-Site Scripting

OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the email parameter in the Check Email function. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

6.1CVSS6.5AI score0.01333EPSS
Exploits1References5
nuclei
nuclei
added yesterday37 views

Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection

The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...

8.8CVSS7AI score0.04184EPSS
Exploits3References2
nuclei
nuclei
added yesterday10 views

WordPress tagDiv Composer < 3.5 - Authentication Bypass

The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before 12.1 and Newsmag WordPress theme before 5.2.2, does not properly implement the Facebook login feature, allowing unauthenticated attackers to login as any user by just knowing their email address id:...

9.8CVSS7AI score0.03546EPSS
Exploits2References2
nuclei
nuclei
added yesterday20 views

Canon Devices - Authentication Bypass in Catwalk Server

Certain Canon devices manufactured in 2012 through 2020 such as imageRUNNER ADVANCE iR-ADV C5250, when Catwalk Server is enabled for HTTP access, allow remote attackers to modify an e-mail address setting, and thus cause the device to send sensitive information through e-mail to the attacker. For...

7.5CVSS7AI score0.04EPSS
Exploits1References3
nuclei
nuclei
added yesterday44 views

WP Directory Kit < 1.5.0 - Unauthenticated Email Exposure

WP Directory Kit plugin for WordPress = 1.4.9 contains a sensitive information exposure caused by improper access control in wdkpublicaction AJAX handler, letting unauthenticated attackers extract email addresses of users with Directory Kit-specific roles. id: CVE-2025-13920 info: name: WP...

5.3CVSS6.1AI score0.00669EPSS
Exploits0References3
nuclei
nuclei
added yesterday19 views

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation

Privilege escalation vulnerability exists in the Frontend Login and Registration Blocks plugin for WordPress versions = 1.0.7. An unauthenticated attacker can exploit the AJAX endpoint flrblocksusersettingshandleajaxcallback to change the administrator's email address. Subsequently, the attacker...

9.8CVSS7AI score0.06441EPSS
Exploits4References5
nuclei
nuclei
added yesterday9 views

SureForms <= 1.13.1 - Sensitive Information Exposure

SureForms WordPress plugin = 1.13.1 contains a sensitive information exposure caused by setting 'authcallback' to 'returntrue' in 'srfmemailnotification' post meta registration, letting unauthenticated attackers access sensitive email notification data, exploit requires no authentication. id:...

7.5CVSS6.1AI score0.01986EPSS
Exploits0References2
nuclei
nuclei
added yesterday64 views

Integrate Google Drive <= 1.5.3 - Information Disclosure

File Manager for Google Drive - Integrate Google Drive with WordPress plugin for WordPress = 1.5.3 contains sensitive information exposure caused by improper protection of the getlocalizedata function, letting unauthenticated attackers extract Google OAuth credentials and account email addresses,...

7.5CVSS6.1AI score0.02362EPSS
Exploits0References2
nuclei
nuclei
added yesterday29 views

Frontend File Manager Plugin <= 23.5 - Unauthenticated Arbitrary Email Sending

Frontend File Manager Plugin WordPress plugin through 23.5 contains an open relay and unauthorized file access vulnerability caused by lack of authentication and security checks, letting unauthenticated attackers send emails and access files, exploit requires no authentication. id: CVE-2026-0829...

5.8CVSS6.1AI score0.00682EPSS
Exploits0References4
nuclei
nuclei
added yesterday110 views

Eyou E-Mail <3.6 - Remote Code Execution

Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php via the getloginipconfigfile function. id: CVE-2014-1203 info: name: Eyou E-Mail 3.6 - Remote Code Execution author: pikpik...

9.8CVSS7.3AI score0.15647EPSS
Exploits0References5
nuclei
nuclei
added yesterday14 views

Group-Office < 26.0.5 - Remote Code Execution

Group-Office before versions 6.8.150, 25.0.82, and 26.0.5 is vulnerable to remote code execution via OS command injection. The endpoint email/message/tnefAttachmentFromTempFile directly concatenates the user-controlled parameter tmpfile into an exec call. By injecting shell metacharacters into...

9.4CVSS6.7AI score0.18536EPSS
Exploits2References4
nuclei
nuclei
added yesterday53 views

Mail Mint < 1.19.5 - Unauthenticated Email Disclosure

Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...

7.5CVSS6.1AI score0.01379EPSS
Exploits0References3
nvd
nvd
added 2 days ago4 views

CVE-2026-45063

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $SERVER'SSLCLIENTSDN' with an unanchored regex that matches emailAddress= anywhere in the distinguishe...

9.1CVSS0.00336EPSS
Exploits0References6
osv
osv
added 2 days ago2 views

CVE-2026-45063 Symfony: Identity Spoofing via Unanchored DN Regex in X509Authenticator

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 5.4.52, 6.4.40, 7.4.12, and 8.0.12, X509Authenticator extracts the user identifier from $SERVER'SSLCLIENTSDN' with an unanchored regex that matches emailAddress= anywhere in the distinguishe...

9.1CVSS6.1AI score0.00336EPSS
Exploits0References8
osv
osv
added 2 days ago4 views

CVE-2026-45067 Symfony: Email Header / SMTP Command Injection via CRLF in Symfony\Component\Mime\Address

Description Symfony\Component\Mime\Address is the value-object every Symfony Mailer address to/cc/bcc/from/reply-to flows through; its constructor is documented as validating the address and throwing on invalid input, so developers treat it as a security boundary. The constructor accepts email...

6.3CVSS6.1AI score0.00619EPSS
Exploits0References8
redhatcve
redhatcve
added 2 days ago4 views

CVE-2026-54433

A flaw was found in Roundcube Webmail. A remote attacker could exploit a Stored Cross-Site Scripting XSS vulnerability by sending a specially crafted plain-text email message. When the victim opens or previews this message, attacker-controlled JavaScript executes within their authenticated sessio...

7.2CVSS6.2AI score0.00276EPSS
Exploits0References2
nvd
nvd
added 2 days ago3 views

CVE-2026-54433

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting XSS via a crafted plain-text email message. The attacker-controlled JavaScript executes within the victim's authenticated session simply by opening or previewing the message zero-click...

7.2CVSS0.00276EPSS
Exploits0References1
cvelist
cvelist
added 2 days ago27 views

CVE-2026-54433

In Roundcube Webmail before 1.6.17 and 1.7.x before 1.7.2, there is Stored Cross-Site Scripting XSS via a crafted plain-text email message. The attacker-controlled JavaScript executes within the victim's authenticated session simply by opening or previewing the message zero-click...

7.2CVSS0.00276EPSS
Exploits0References1
Rows per page
Query Builder