Lucene search
K

15060 matches found

NVD
NVD
added yesterday4 views

CVE-2026-13014

A vulnerability in Thales CERT "Suspicious" application = 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent...

9.2CVSS0.00704EPSS
Exploits0References1
CVE
CVE
added yesterday15 views

CVE-2026-13014

The CVE covers Thales CERT "Suspicious" application, affected at versions

9.2CVSS6.4AI score0.00704EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday17 views

CVE-2026-13014 Remote Code Execution vulnerability in "Suspicious" application

A vulnerability in Thales CERT "Suspicious" application = 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent...

9.2CVSS0.00704EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday139 views

WordPress Mail Masta 1.0 - Local File Inclusion

WordPress Mail Masta 1.0 is susceptible to local file inclusion in countofsend.php and csvexport.php. id: CVE-2016-10956 info: name: WordPress Mail Masta 1.0 - Local File Inclusion author: daffainfo,0x240x23elu severity: high description: WordPress Mail Masta 1.0 is susceptible to local file...

7.5CVSS7AI score0.10178EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday52 views

Mail Mint < 1.19.5 - Unauthenticated Email Disclosure

Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...

7.5CVSS6.1AI score0.01379EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday134 views

RaidenMAILD Mail Server v.4.9.4 - Path Traversal

Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component. id: CVE-2024-32399 info: name: RaidenMAILD Mail Server v.4.9.4 - Path Traversal author: DhiyaneshDK severity: high description: |...

7.6CVSS7.1AI score0.0316EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday56 views

IceWarp Mail Server v10.4.5 - Cross-Site Scripting

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting XSS vulnerability via the color parameter. id: CVE-2023-39700 info: name: IceWarp Mail Server v10.4.5 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | IceWarp Mail Server v10.4.5 was...

6.1CVSS6.4AI score0.01376EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday44 views

IceWarp Mail Server <11.1.1 - Directory Traversal

IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability. id: CVE-2015-1503 info: name: IceWarp Mail Server 11.1.1 - Directory Traversal author: 0xAkoko severity: high description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal...

7.8CVSS7AI score0.58302EPSS
Exploits5References5
NVD
NVD
added 4 days ago6 views

CVE-2026-12918

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS0.00319EPSS
Exploits0References6
EUVD
EUVD
added 4 days ago10 views

EUVD-2026-42862

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS6.1AI score0.00319EPSS
Exploits0References6
CVE
CVE
added 4 days ago13 views

CVE-2026-12918

Summary of CVE-2026-12918 (Mail Mint WordPress plugin) : The plugin (versions up to and including 1.24.1) is vulnerable to a general SQL Injection via the recipients parameter due to insufficient escaping and unsafe query construction. This is a second-order injection: an attacker with authentica...

4.9CVSS6.1AI score0.00319EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-12918 Mail Mint <= 1.24.1 - Authenticated (Administrator+) SQL Injection via 'recipients' Parameter

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS0.00319EPSS
Exploits0References6
Patchstack
Patchstack
added 5 days ago4 views

WordPress Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 1.24.1 - Authenticated (Administrator+) SQL Injection vulnerability

Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Mail Mint versions = 1.24.1...

4.9CVSS6.1AI score0.00319EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-59721 Hoppscotch: Admin RCE via MAILER_SMTP_URL nodemailer sendmail-transport injection

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILERSMTPURL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into...

7.2CVSS0.00518EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 5 days ago3 views

ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses

A flaw was found in Net::IMAP, a Ruby library implementing the Internet Message Access Protocol IMAP client functionality. A hostile server can exploit a quadratic time complexity issue in the Net::IMAP::ResponseReader when processing large responses containing numerous string literals. This can...

7.5CVSS5.8AI score0.0041EPSS
Exploits0References11
NVD
NVD
added 5 days ago8 views

CVE-2026-14342

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS0.00266EPSS
Exploits0References5
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-14342 Mail Mint <= 1.24.2 - Authenticated (Administrator+) SQL Injection via 'contact_ids' Parameter

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS0.00266EPSS
Exploits0References5
CVE
CVE
added 5 days ago11 views

CVE-2026-14342

The Mail Mint WordPress plugin (Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails) is affected up to version 1.24.2 by a time-based SQL Injection via the contact_ids parameter. The root cause is insufficient escaping of user input and lack of proper SQL query preparat...

4.9CVSS6AI score0.00266EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42545

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS6AI score0.00266EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-14342

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS6AI score0.00266EPSS
Exploits0References6
Rows per page
Query Builder