Lucene search
+L

15113 matches found

Nuclei
Nuclei
added yesterday46 views

IceWarp Mail Server <11.1.1 - Directory Traversal

IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal vulnerability. id: CVE-2015-1503 info: name: IceWarp Mail Server 11.1.1 - Directory Traversal author: 0xAkoko severity: high description: IceWarp Mail Server versions prior to 11.1.1 suffer from a directory traversal...

7.8CVSS7.3AI score0.58302EPSS
Exploits5References5
Nuclei
Nuclei
added yesterday142 views

WordPress Mail Masta 1.0 - Local File Inclusion

WordPress Mail Masta 1.0 is susceptible to local file inclusion in countofsend.php and csvexport.php. id: CVE-2016-10956 info: name: WordPress Mail Masta 1.0 - Local File Inclusion author: daffainfo,0x240x23elu severity: high description: WordPress Mail Masta 1.0 is susceptible to local file...

7.5CVSS7.7AI score0.10178EPSS
Exploits2References5
Nuclei
Nuclei
added yesterday136 views

RaidenMAILD Mail Server v.4.9.4 - Path Traversal

Directory Traversal vulnerability in RaidenMAILD Mail Server v.4.9.4 and before allows a remote attacker to obtain sensitive information via the /webeditor/ component. id: CVE-2024-32399 info: name: RaidenMAILD Mail Server v.4.9.4 - Path Traversal author: DhiyaneshDK severity: high description: |...

7.6CVSS8.4AI score0.0316EPSS
Exploits0References5
Nuclei
Nuclei
added yesterday56 views

Mail Mint < 1.19.5 - Unauthenticated Email Disclosure

Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...

7.5CVSS5.2AI score0.01379EPSS
Exploits0References3
Nuclei
Nuclei
added yesterday58 views

IceWarp Mail Server v10.4.5 - Cross-Site Scripting

IceWarp Mail Server v10.4.5 was discovered to contain a reflected cross-site scripting XSS vulnerability via the color parameter. id: CVE-2023-39700 info: name: IceWarp Mail Server v10.4.5 - Cross-Site Scripting author: r3Y3r53 severity: medium description: | IceWarp Mail Server v10.4.5 was...

6.1CVSS5.8AI score0.01376EPSS
Exploits1References4
NVD
NVD
added 2 days ago10 views

CVE-2024-23565

HCL Aftermarket EPC is vulnerable to email flooding as the application does not have a proper mail limitation mechanism at Forget Password functionality. The actor could b e a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program...

5.3CVSS0.00238EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago36 views

CVE-2024-23565

HCL Aftermarket EPC is vulnerable to email flooding as the application does not have a proper mail limitation mechanism at Forget Password functionality. The actor could b e a human or an automated process such as a virus or bot. This could be used to cause a denial of service, compromise program...

5.3CVSS0.00238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2 days ago13 views

CVE-2026-47083

A flaw was found in Cyrus IMAP. An authenticated user can exploit the ESEARCH command to discover the existence of folder names belonging to other user accounts. This vulnerability leads to information disclosure, allowing an attacker to gain unauthorized knowledge about the structure of other...

4.3CVSS6AI score0.00183EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2 days ago9 views

CVE-2026-47089

A flaw was found in Cyrus IMAP cyrus-imapd. An authenticated user can exploit this vulnerability by using the IMAP LISTRIGHTS command. This allows the user to learn the access permissions of any mailbox they can name, which should be restricted to administrators. This leads to unauthorized...

4.3CVSS6AI score0.00168EPSS
Exploits0References5
Nuclei
Nuclei
added 3 days ago33 views

Axigen Mail Server Filename Directory Traversal

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName parameter in an edi...

6.4CVSS6.2AI score0.83632EPSS
Exploits3References4
Fedora
Fedora
added 3 days ago12 views

[SECURITY] Fedora 44 Update: roundcubemail-1.7.2-1.fc44

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

10CVSS6.1AI score0.00311EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 3 days ago10 views

Fedora 43 : roundcubemail (2026-c3351f4ae4)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c3351f4ae4 advisory. Release 1.6.17 - Enigma: Support automatic public key lookup import using HKP v1 protocol 5314 - Enigma: Kolab WOAT Support 8626 - Security: Fix an...

10CVSS6.1AI score0.00311EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 3 days ago10 views

Fedora 44 : roundcubemail (2026-517daa8d64)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-517daa8d64 advisory. Release 1.7.2 - Add HEAD request handler to the static.php - Fix so the oauthpasswordclaim claim is retrieved via token or userinfo request 9631 - F...

10CVSS6.2AI score0.00311EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 3 days ago10 views

PT-2026-60554

Name of the Vulnerable Software and Affected Versions Cyrus IMAP versions prior to 3.12.3 Description An issue exists where tokens issued via the GENURLAUTH command can bypass Access Control Lists ACLs. An authenticated user can generate a URLAUTH token for any specified mailbox, regardless of...

3.5CVSS5.3AI score0.00169EPSS
Exploits0References4
CVE
CVE
added 3 days ago9 views

CVE-2026-47085

CVE-2026-47085 affects Cyrus IMAPD (up to 3.12.2). The flaw: URLAUTH token forgery via a missing mboxkey, allowing an attacker who knows a folder name the user never authorized to forge a valid URLAUTH by computing an HMAC-SHA1 with a predictable key, granting read access to the mailbox. Impact i...

4CVSS6.1AI score0.00188EPSS
Exploits0References2
CVE
CVE
added 3 days ago10 views

CVE-2026-47082

CVE-2026-47082 affects Cyrus IMAP (cyrus-imapd) up to version 3.12.2. The vacation Sieve option :fcc ignores destination mailbox ACLs, allowing a user’s vacation auto-replies to be delivered to any mailbox named by the script, even if the user lacks insert permissions on that mailbox. The issue i...

5.4CVSS6.1AI score0.00176EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 4 days ago5 views

net-imap: Net::IMAP: Arbitrary IMAP command injection via CRLF sequences in unvalidated input

A flaw was found in Net::IMAP before 0.4.24, 0.5.14, and 0.6.4. Several commands accept raw string arguments sent to the server without validation or escaping; if derived from user-controlled input, CRLF sequences allow injection of arbitrary IMAP commands...

9.8CVSS6.1AI score0.00429EPSS
Exploits0References8
NVD
NVD
added 6 days ago8 views

CVE-2026-13014

A vulnerability in Thales CERT "Suspicious" application = 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent...

9.2CVSS0.0047EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago33 views

CVE-2026-13014 Remote Code Execution vulnerability in "Suspicious" application

A vulnerability in Thales CERT "Suspicious" application = 1.3.4 allows a remote and unauthenticated attacker to execute arbitrary code and arbitrarily overwrite writable application files—including Python modules, configuration files, cron inputs, and runtime artifacts—leading to a persistent...

9.2CVSS0.0047EPSS
Exploits0References1
CVE
CVE
added 6 days ago20 views

CVE-2026-13014

The CVE covers Thales CERT "Suspicious" application, affected at versions

9.2CVSS6.4AI score0.0047EPSS
Exploits0References1
Rows per page
Query Builder