CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

EUVD-2021-18739

Malware in sbrugna...

EUVD-2024-33325

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-31864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming...

CVE-2025-6925

A vulnerability has been found in Dromara RuoYi-Vue-Plus 5.4.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The manipulation of the argument filePath...

PT-2025-27469 · Dromara · Dromara Ruoyi-Vue-Plus

Name of the Vulnerable Software and Affected Versions: Dromara RuoYi-Vue-Plus version 5.4.0 Description: A critical issue has been discovered, affecting an unknown functionality of the file /src/main/java/org/dromara/demo/controller/MailController.java of the component Mail Handler. The...

CVE-2025-25363

An authenticated stored cross-site scripting XSS vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center JEMH before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload int...

CVE-2025-25363

An authenticated stored cross-site scripting XSS vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center JEMH before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload int...

CVE-2025-25363

An authenticated stored cross-site scripting XSS vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center JEMH before v4.1.69-dc allows attackers with Administrator privileges to execute arbitrary Javascript in context of a user's browser via injecting a crafted payload int...

Atlassian Plugin People Enterprise Mail Handler for Jira Data Center 安全漏洞

Atlassian Plugin People Enterprise Mail Handler for Jira Data Center is an enterprise message handling plugin from Atlassian Australia. A security vulnerability exists in Atlassian Plugin People Enterprise Mail Handler for Jira Data Center versions prior to 4.1.69-dc. An attacker can exploit this...

CVE-2025-25363

CVE-2025-25363 is an authenticated stored XSS vulnerability in The Plugin People Enterprise Mail Handler for Jira Data Center (JEMH) prior to v4.1.69-dc. The issue allows attackers with Administrator privileges to inject a crafted payload into a template’s HTML field, causing arbitrary Javascript...

CVE-2024-10841

A vulnerability classified as critical was found in romadebrian WEB-Sekolah 1.0. Affected by this vulnerability is an unknown functionality of the file /ProsesKirim.php of the component Mail Handler. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely...

CVE-2024-10841

A vulnerability classified as critical was found in romadebrian WEB-Sekolah 1.0. Affected by this vulnerability is an unknown functionality of the file /ProsesKirim.php of the component Mail Handler. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely...

PT-2024-16583 · Unknown · Romadebrian Web-Sekolah

Name of the Vulnerable Software and Affected Versions: romadebrian WEB-Sekolah version 1.0 Description: A critical vulnerability was found in the Mail Handler component of romadebrian WEB-Sekolah. The manipulation of the Name argument in the /Proses Kirim.php file leads to SQL injection. The atta...

BIT-REDMINE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

Cross-site Scripting (XSS)

sogo is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the NSString+Utilities.m of Mail Handler, allowing an attacker to inject and execute malicious javascript...

DEBIAN-CVE-2022-4558

A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack...

CVE-2022-4558

A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack...

UBUNTU-CVE-2022-4558

A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack...

Cross site scripting

A vulnerability was found in Alinto SOGo up to 5.7.1. It has been classified as problematic. This affects an unknown part of the file SoObjects/SOGo/NSString+Utilities.m of the component Folder/Mail Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack...