CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

ATTACKERKB•added 2 hours ago•1 views

CVE-2026-10597

OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address...

6.9CVSS5.8AI score

Exploits0References3Affected Software1

NVD•added yesterday•3 views

CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

2.1CVSS

Vulnrichment•added yesterday•2 views

CVE-2026-10729 HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens

CVE•added yesterday•5 views

CVE-2026-10729

The CVE-2026-10729 entry covers an HTML injection vulnerability in Thinkst Applied Research Canarytokens specifically in the notification email delivery. Affected component: Canarytokens notification emails that render HTML. Root cause described: HTML injection can enable Interface Manipulation a...

EUVD•added yesterday•3 views

EUVD-2026-34085

Cvelist•added yesterday•8 views

CVE-2026-10729 HTML injection in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens

2.1CVSS

Nuclei•added yesterday•16 views

Post SMTP <= 3.6.0 - Email Log Disclosure

Post SMTP WordPress plugin = 3.6.0 contains an unauthorized data access vulnerability caused by missing capability check in construct function, letting unauthenticated attackers read arbitrary logged emails, exploit requires no authentication. id: CVE-2025-11833 info: name: Post SMTP = 3.6.0 -...

9.8CVSS7.6AI score0.1525EPSS

Exploits1References3

Nuclei•added yesterday•3 views

WordPress Qubely < 1.8.6 - Unauthenticated Email Sending

Qubely WordPress plugin 1.8.6 contains an insecure deserialization caused by unauthenticated users being able to send arbitrary emails via the qubelysendformdata AJAX action, letting attackers send spam or malicious emails, exploit requires no authentication. id: CVE-2021-24916 info: name:...

7.5CVSS7.2AI score0.43682EPSS

Exploits2References2

Positive Technologies•added yesterday•3 views

PT-2026-45936

Positive Technologies•added yesterday•2 views

PT-2026-46081

The module doesn't sufficiently sanitize customer comments in the order receipt email template; this could be exploited to achieve Cross-site Scripting XSS. This vulnerability is mitigated by the fact that it only affects installations with Checkout commerce checkout enabled, and the "Comments"...

5.8AI score

ATTACKERKB•added 3 days ago•4 views

CVE-2026-49491

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information includi...

8.8CVSS5.9AI score0.00065EPSS

Exploits0References3Affected Software1

HackRead•added 3 days ago•9 views

Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives

Hackers are using fake purchase order emails and process hollowing to deploy fileless PureLogs malware to steal Windows users' browser, crypto, and Discord data...

5.8AI score

Exploits0

Positive Technologies•added 3 days ago•7 views

PT-2026-45617

8.8CVSS5.9AI score0.00065EPSS

Exploits0References4

ATTACKERKB•added 6 days ago•5 views

CVE-2026-45294

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.219, the password reset endpoint returns visually distinct responses depending on whether the submitted email address belongs to an existing user account, allowing unauthenticated attackers to enumerat...

5.3CVSS5.8AI score0.00038EPSS

Exploits0References2Affected Software1

Cvelist•added 6 days ago•27 views

CVE-2026-45294 FreeScout: User Account Enumeration via Password Reset Response Differentiation

5.3CVSS0.00038EPSS

EUVD•added 6 days ago•4 views

EUVD-2026-33440

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.220, the email processing pipeline in FreeScout's FetchEmails command has two code paths for identifying agent user replies based on In-Reply-To / References headers. The notification reply path...

7.5CVSS5.9AI score0.00014EPSS

NVD•added 2026/05/28 12:16 a.m.•8 views

CVE-2026-4888

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

4.3CVSS0.0001EPSS

CNNVD•added 2026/05/28 12:0 a.m.•5 views

Casdoor 安全漏洞

Casdoor is an open-source platform developed by Casdoor that supports various authentication and authorization protocols. Versions of Casdoor prior to 2.362.0 contained security vulnerabilities. These vulnerabilities stemmed from unverified email binding issues, which could lead to account...

9.1CVSS5.8AI score0.00039EPSS

CNNVD•added 2026/05/28 12:0 a.m.•5 views

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

4.3CVSS5.9AI score0.0001EPSS