Lucene search
+L

1921 matches found

Nuclei
Nuclei
added yesterday136 views

RaidenMAILD Mail Server v.4.9.4 - Path Traversal

Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component. id: CVE-2024-32399 info: name: RaidenMAILD Mail Server v.4.9.4 - Path Traversal author: DhiyaneshDK severity: high description: |...

7.6CVSS8.4AI score0.0316EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday58 views

IceWarp Mail Server v10.4.5 - Cross-Site Scripting

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting XSS vulnerability via the color parameter. id: CVE-2023-39700 info: name: IceWarp Mail Server v10.4.5 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | IceWarp Mail Server v10.4.5 was...

6.1CVSS5.8AI score0.01376EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2 days ago13 views

CVE-2026-47083

A flaw was found in Cyrus IMAP. An authenticated user can exploit the ESEARCH command to discover the existence of folder names belonging to other user accounts. This vulnerability leads to information disclosure, allowing an attacker to gain unauthorized knowledge about the structure of other...

4.3CVSS6AI score0.00183EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2 days ago9 views

CVE-2026-47089

A flaw was found in Cyrus IMAP cyrus-imapd. An authenticated user can exploit this vulnerability by using the IMAP LISTRIGHTS command. This allows the user to learn the access permissions of any mailbox they can name, which should be restricted to administrators. This leads to unauthorized...

4.3CVSS6AI score0.00168EPSS
Exploits0References5
CVE
CVE
added 3 days ago9 views

CVE-2026-47085

CVE-2026-47085 affects Cyrus IMAPD (up to 3.12.2). The flaw: URLAUTH token forgery via a missing mboxkey, allowing an attacker who knows a folder name the user never authorized to forge a valid URLAUTH by computing an HMAC-SHA1 with a predictable key, granting read access to the mailbox. Impact i...

4CVSS6.1AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 3 days ago10 views

CVE-2026-47082

CVE-2026-47082 affects Cyrus IMAP (cyrus-imapd) up to version 3.12.2. The vacation Sieve option :fcc ignores destination mailbox ACLs, allowing a user’s vacation auto-replies to be delivered to any mailbox named by the script, even if the user lacks insert permissions on that mailbox. The issue i...

5.4CVSS6.1AI score0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/09 5:24 p.m.32 views

CVE-2026-59721 Hoppscotch: Admin RCE via MAILER_SMTP_URL nodemailer sendmail-transport injection

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILERSMTPURL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into...

7.2CVSS0.00518EPSS
Exploits0References4
OSV
OSV
added 2026/07/09 5:24 p.m.3 views

CVE-2026-59721 Hoppscotch: Admin RCE via MAILER_SMTP_URL nodemailer sendmail-transport injection

Hoppscotch is an open source API development ecosystem. Prior to 2026.6.0, the updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILERSMTPURL value, and validateSMTPUrl in utils.ts permits path, query, or fragment content that nodemailer parses into...

7.2CVSS6.3AI score0.00518EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2026/07/08 12:0 a.m.11 views

The vulnerability of the Exim mail server, related to the lack of initialization of resources, allows attackers to compromise the confidentiality and accessibility of the protected information.

The vulnerability of the Exim mail server is related to the lack of initialization of resources. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and accessibility of the protected information...

9.4CVSS6.1AI score0.00373EPSS
Exploits0References8Affected Software4
BDU FSTEC
BDU FSTEC
added 2026/07/08 12:0 a.m.12 views

The vulnerability of the Exim mail server, related to reading data beyond the allowed buffer limits, allows attackers to gain access to confidential data.

The vulnerability of the Exim mail server is related to reading data from buffer beyond the allowed limits. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...

5.3CVSS6.3AI score0.00246EPSS
Exploits0References8Affected Software4
Fedora
Fedora
added 2026/07/07 1:11 a.m.21 views

[SECURITY] Fedora 43 Update: clamav-1.4.5-1.fc43

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

6AI score
Exploits0
Cvelist
Cvelist
added 2026/07/06 8:12 a.m.31 views

CVE-2026-1433 uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS0.00217EPSS
Exploits0References2
NVD
NVD
added 2026/07/02 10:16 a.m.11 views

CVE-2026-12472

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.11. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00283EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/02 8:33 a.m.9 views

EUVD-2026-41267

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.11. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS5.9AI score0.00283EPSS
Exploits0References6
CVE
CVE
added 2026/07/02 8:33 a.m.23 views

CVE-2026-12472

The CVE-2026-12472 entry concerns the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin. It states an authorization bypass in all versions up to 6.0.11, enabling unauthenticated attackers to send arbitrary HTML-injected emails via the site’s mail server, potentially phi...

5.3CVSS5.9AI score0.00283EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:38 p.m.5 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/12 8:23 p.m.10 views

CVE-2026-44784 Discourse: Non-staff group owners can see email password in plaintext through group history

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/12 8:23 p.m.13 views

EUVD-2026-36587

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.29 views

PT-2026-48981

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 through 2026.3.0 Discourse versions 2026.4.0 through 2026.4.0 Description Group owners who are not administrators or moderators can view a group's outgoing email and SMTP...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:31 p.m.11 views

CVE-2026-33234

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

5CVSS5.6AI score0.00304EPSS
Exploits0References1
Rows per page
Query Builder