14977 matches found
WordPress Kalium plugin <= 3.29 - Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request vulnerability
Missing Authorization to Unauthenticated Mail Relay via kaliumvccontactformrequest vulnerability discovered by Ahmed Rayen Ayari in WordPress Theme Kalium versions = 3.29...
CVE-2025-12895
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...
EUVD-2026-2816
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...
CVE-2025-12895
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...
CVE-2025-12895 Kalium <= 3.29 - Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...
CVE-2025-12895 Kalium <= 3.29 - Missing Authorization to Unauthenticated Mail Relay via kalium_vc_contact_form_request
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...
PT-2026-3002
The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium vc contact form request function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers t...
CVE-2025-14464
The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0. This is due to the plugin registering an AJAX action handler that is accessible to unauthenticated users and exposes SMTP configuration data including credentials...
MiracleLinux 3 : postfix-2.3.3-2.9AXS3 (AXSA:2008-88:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-88:01 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, and TLS. CVE-2008-2936: Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and...
MiracleLinux 3 : cyrus-imapd-2.3.7-12.AXS3.1 (AXSA:2011-318:02)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-318:02 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise...
MiracleLinux 3 : cyrus-imapd-2.3.7-2AXS3.2 (AXSA:2009-72:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2009-72:01 advisory. The cyrus-imapd package contains the core of the Cyrus IMAP server. It is a scaleable enterprise mail system designed for use from small to large enterprise...
MiracleLinux 3 : dbmail-2.2.5-1.8AXS3 (AXSA:2008-85:01)
The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2008-85:01 advisory. Description of problem: Dbmail is the name of a group of programs that enable the possibility of storing and retrieving mail messages from a database. DBMail...
MiracleLinux 3 : hplip-1.6.7-4.1.4.1AXS3 (AXSA:2008-271:01)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2008-271:01 advisory. Description of problem: The hplip Hewlett-Packard Linux Imaging and Printing packages provide drivers for Hewlett-Packard printers and multifunction...
MiracleLinux 3 : cyrus-imapd-2.3.7-12.AXS3.2 (AXSA:2011-380:03)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-380:03 advisory. A full Cyrus IMAP implementation allows a seamless mail and bulletin board environment to be set up across multiple servers. It differs from other IM...
GHSA-7VP9-X248-9VR9 TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool
Problem Local platform users who can write to TYPO3’s mail‑file spool directory can craft a file that the system will automatically deserialize without any class restrictions. This flaw allows an attacker to inject and execute arbitrary PHP code in the public scope of the web server. The...
TYPO3 CMS Allows Insecure Deserialization via Mailer File Spool
Problem Local platform users who can write to TYPO3’s mail‑file spool directory can craft a file that the system will automatically deserialize without any class restrictions. This flaw allows an attacker to inject and execute arbitrary PHP code in the public scope of the web server. The...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to command injection due to the Netty package (CVE-2025-59419)
Summary Netty is used by DataStage on Cloud Pak for Data as part of the event processing functionality. Vulnerability Details CVEID:CVE-2025-59419 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec ...
Deserialization of Untrusted Data
Overview typo3/cms-core is a free open source enterprise content management system. Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to deserialization of files without any class restrictions. A local attacker can execute arbitrary PHP code by crafting a...
CVE-2026-0859
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54,...
CVE-2026-0859
TYPO3's mail‑file spool deserialization flaw lets local users with write access to the spool directory craft a malicious file that is deserialized during the mailer:spool:send command, enabling arbitrary PHP code execution on the web server. This issue affects TYPO3 CMS versions 10.0.0-10.4.54,...