CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

Veracode•added 2026/01/29 8:48 a.m.•5 views

Server-Side Template Injection

fof/pretty-mail is vulnerable to Server-Side Template Injection. The vulnerability is due to improper validation and sanitization of email template inputs, which allows an attacker with administrative access to inject malicious template expressions and execute arbitrary system commands during ema...

8.6CVSS6.1AI score0.00024EPSS

Exploits0References4Affected Software1

RedhatCVE•added 2025/12/12 10:17 p.m.•2 views

CVE-2024-58302

FoF Pretty Mail 1.1.2 contains a local file inclusion vulnerability that allows administrative users to include arbitrary server files in email templates. Attackers can exploit the template settings by inserting file inclusion payloads to read sensitive system files like /etc/passwd during email...

6.9CVSS6.5AI score0.00062EPSS

Exploits0References1

RedhatCVE•added 2025/12/12 10:17 p.m.•2 views

CVE-2024-58303

FoF Pretty Mail 1.1.2 contains a server-side template injection vulnerability that allows administrative users to inject malicious code into email templates. Attackers can execute system commands by inserting crafted template expressions that trigger arbitrary code execution during email generati...

8.6CVSS8.4AI score0.00024EPSS

Exploits0References1

EUVD•added 2025/12/12 12:30 a.m.•2 views

EUVD-2024-55329

FoF Pretty Mail has a server-side template injection vulnerability...

8.6CVSS6.9AI score0.00024EPSS

Exploits0References5

OSV•added 2025/12/11 10:15 p.m.•0 views

CVE-2024-58303

8.6CVSS6.4AI score

Exploits0References4

Snyk•added 2025/12/11 10:7 p.m.•2 views

PHP Remote File Inclusion

Overview fof/pretty-mail is a Create HTML email for Flarum Affected versions of this package are vulnerable to PHP Remote File Inclusion via the email template processing. An attacker can access arbitrary files on the server by injecting file inclusion payloads into the template configuration...

6.9CVSS6.9AI score0.00062EPSS

Exploits0References2

Snyk•added 2025/12/11 10:7 p.m.•2 views

Improper Neutralization of Special Elements Used in a Template Engine

Overview fof/pretty-mail is a Create HTML email for Flarum Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine via the email template processing. An authenticated attacker with admin privileges can execute arbitrary system...

8.6CVSS7AI score0.00024EPSS

Exploits0References2

CVE•added 2025/12/11 9:40 p.m.•5 views

CVE-2024-58303

FoF Pretty Mail 1.1.2 has a server-side template injection vulnerability in email template processing that lets an administrator inject code and trigger arbitrary system commands during email generation. Affected component: FoF Pretty Mail (likely package foF/pretty-mail) with internal Blade temp...

8.6CVSS8AI score0.00024EPSS

Exploits0References4

Vulnrichment•added 2025/12/11 9:40 p.m.•1 views

CVE-2024-58303 FoF Pretty Mail 1.1.2 Server Side Template Injection via Email Template Settings

8.6CVSS6.5AI score0.00024EPSS

Exploits0References4

Vulnrichment•added 2025/12/11 9:40 p.m.•1 views

CVE-2024-58302 FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings

6.9CVSS6.2AI score0.00062EPSS

Exploits0References4

CVE•added 2025/12/11 9:40 p.m.•5 views

CVE-2024-58302

FoF Pretty Mail 1.1.2 is affected by a Local File Inclusion (LFI) in the Email Template Settings. The weakness allows administrative users to include arbitrary server files during email generation, enabling reading of sensitive files such as /etc/passwd. Root cause is misuse of template processin...

6.9CVSS6.2AI score0.00062EPSS

Exploits0References4

Cvelist•added 2025/12/11 9:40 p.m.•17 views

CVE-2024-58302 FoF Pretty Mail 1.1.2 Local File Inclusion via Email Template Settings

6.9CVSS0.00062EPSS

Exploits0References4

Positive Technologies•added 2025/12/11 12:0 a.m.•2 views

PT-2025-50755

Name of the Vulnerable Software and Affected Versions FoF Pretty Mail version 1.1.2 Description FoF Pretty Mail version 1.1.2 has a local file inclusion issue. Administrative users can include arbitrary server files in email templates. An attacker can exploit the template settings by inserting fi...

6.9CVSS6.2AI score0.00062EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-3803

Malicious code in bioql PyPI...

8.7CVSS6.5AI score0.0033EPSS

Exploits1References6

OSV•added 2025/09/05 5:10 p.m.•0 views

MAL-2025-43002 Malicious code in @zalastax/nolb-_fof (npm)

The package @zalastax/nolb-fof was found to contain malicious code...

7AI score

Exploits0

0day.today•added 2024/04/01 12:0 a.m.•191 views

FoF Pretty Mail 1.1.2 Local File Inclusion Vulnerability

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Local File Inclusion LFI Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail...

7.4AI score

Exploits0

Packet Storm•added 2024/03/29 12:0 a.m.•253 views

FoF Pretty Mail 1.1.2 Local File Inclusion

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Local File Inclusion LFI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF...

7.4AI score

Exploits0

Packet Storm•added 2024/03/29 12:0 a.m.•221 views

FoF Pretty Mail 1.1.2 Server-Side Template Injection

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Server-Side Template Injection SSTI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Descriptio...

7.4AI score

Exploits0

Veracode•added 2022/08/02 6:3 a.m.•24 views

Leakage Of Private Discussion

fof/byobu is vulnerable to leakage of private discussion. Lack of enforcement of disablement to private discussion allows forum's users to start private discussions with themselves...

4.3CVSS5.1AI score0.00168EPSS

Exploits0References3Affected Software1

Prion•added 2022/08/01 10:15 p.m.•9 views

Design/Logic Flaw

fof/byobu is a private discussions extension for Flarum forum. Affected versions were found to not respect private discussion disablement by users. Users of Byobu should update the extension to version 1.1.7, where this has been patched. Users of Byobu with Flarum 1.0 or 1.1 should upgrade to...

4CVSS4.7AI score0.00168EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by