CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

RedhatCVE•added 2026/04/23 7:58 p.m.•3 views

CVE-2026-6235

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manageadminrequests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

9.8CVSS5.6AI score0.00047EPSS

Exploits0References1

Positive Technologies•added 2026/03/30 12:0 a.m.•1 views

PT-2026-29015

BulletProof FTP Server 2019.0.0.50 contains a denial of service vulnerability in the SMTP configuration interface that allows local attackers to crash the application by supplying an oversized string. Attackers can input a buffer of 257 'A' characters in the SMTP Server field and trigger a crash ...

6.8CVSS6.1AI score0.00015EPSS

Exploits1References5

Positive Technologies•added 2026/03/27 12:0 a.m.•1 views

PT-2026-28279

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR...

7.1CVSS6.7AI score0.00194EPSS

Exploits1References3

Positive Technologies•added 2026/01/21 12:0 a.m.•2 views

PT-2026-3799

GetSimple CMS My SMTP Contact Plugin 1.1.1 contains a cross-site request forgery CSRF vulnerability. Attackers can craft a malicious webpage that, when visited by an authenticated administrator, can change SMTP configuration settings in the plugin. This may allow unauthorized changes but does not...

5.1CVSS5.8AI score0.00103EPSS

Exploits1References6

RedhatCVE•added 2026/01/09 12:9 p.m.•4 views

CVE-2018-18949

Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings...

9.8CVSS8.3AI score0.12277EPSS

Exploits0References1

CNVD•added 2025/10/31 12:0 a.m.•2 views

IPFire Cross-Site Scripting Vulnerability (CNVD-2025-27702)

IPFire is an open source Linux distribution from the IPFire organization, used primarily as a router and firewall. IPFire suffers from a cross-site scripting vulnerability that is caused by improper validation of user-supplied input by mail server settings. An attacker can exploit this...

5.4CVSS6.2AI score0.00024EPSS

Exploits0References1

Vulnrichment•added 2025/10/28 2:34 p.m.•2 views

CVE-2025-34316 IPFire < v2.29 Stored XSS via Mail Server Settings

IPFire versions prior to 2.29 Core Update 198 contain a stored cross-site scripting XSS vulnerability that allows an authenticated attacker to inject arbitrary JavaScript code through the txtmailuser and txtmailpass parameters when updating the mail server settings. When a user updates the mail...

5.1CVSS5.7AI score0.00024EPSS

Exploits0References3

CNNVD•added 2025/10/28 12:0 a.m.•2 views

IPFire 安全漏洞

5.4CVSS6.1AI score0.00024EPSS

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-2994

Malware in sbrugna...

9.8CVSS9.2AI score0.02143EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2022-32561

Malicious code in bioql PyPI...

7.2CVSS7.1AI score0.05231EPSS

Exploits1References1

RedhatCVE•added 2025/05/23 1:6 a.m.•7 views

CVE-2022-28076

Seacms v11.6 was discovered to contain a remote command execution RCE vulnerability via the Mail Server Settings...

7.2CVSS7.7AI score0.05231EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 3:7 p.m.•9 views

CVE-2020-10541

Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108...

9.8CVSS7.9AI score0.02143EPSS

Exploits0References1

Positive Technologies•added 2024/05/23 12:0 a.m.•1 views

PT-2024-4026

Name of the Vulnerable Software and Affected Versions: HP Color LaserJet MFP M478-M479 series affected versions not specified Description: The issue is related to a weakness in the authentication procedure of the HP Color LaserJet MFP M478-M479 series, which can potentially expose protected SMTP...

6.8CVSS5.9AI score0.00154EPSS

Exploits0References6

CNNVD•added 2024/05/23 12:0 a.m.•1 views

Hp LaserJet Pro Printer 安全漏洞

The HP Hp LaserJet Pro Printer is a laser printer from Hewlett-Packard HP in the United States. A security vulnerability exists in the Hp LaserJet Pro Printer that originates from a user with device administrative privileges being able to change the existing SMTP server settings on the device...

6.8CVSS6.7AI score0.00154EPSS

Exploits0References3

CNNVD•added 2023/12/12 12:0 a.m.•1 views

Umbraco Information Disclosure Vulnerability

Umbraco is an open source Content Management System CMS written in C by Umbraco, Denmark. Umbraco suffers from an information disclosure vulnerability that stems from a user enumeration attack that can occur when SMTP settings are incorrect but reset passwords are enabled...

5.3CVSS6.2AI score0.00368EPSS

Exploits0References2

OSV•added 2023/09/13 1:15 p.m.•0 views

CVE-2023-36638

An improper privilege management vulnerability CWE-269 in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may...

4.3CVSS5.8AI score0.00132EPSS

Exploits0References1

Positive Technologies•added 2023/06/25 12:0 a.m.•2 views

PT-2023-5204 · Fortinet · Fortimanager +1

Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.0 through 7.2.2 FortiAnalyzer versions 6.0 through 7.2.2 Description: The issue is related to improper privilege management, which may allow a remote and authenticated API admin user to access certain system settings,...

4.3CVSS4.3AI score0.00132EPSS

Exploits0References6