CVE-2026-0859

TYPO3 CMS contains a local deserialization vulnerability in the mail-file spool handling. Local users with write access to the spool directory can craft a file that is deserialized during mailer:spool:send, enabling arbitrary PHP code execution on the web server. Affected versions: 10.0.0–10.4.54...

TYPO3 CMS 安全漏洞

TYPO3 CMS is a content management system from TYPO3 open source. A security vulnerability exists in TYPO3 CMS , the vulnerability stems from a mail file staging deserialization flaw , which could lead to arbitrary PHP code execution . The following versions are affected: version 10.0.0 to 10.4.54...

PT-2026-2638

Name of the Vulnerable Software and Affected Versions TYPO3 versions 10.0.0 through 10.4.54 TYPO3 versions 11.0.0 through 11.5.48 TYPO3 versions 12.0.0 through 12.4.40 TYPO3 versions 13.0.0 through 13.4.22 TYPO3 versions 14.0.0 through 14.0.1 Description A flaw exists in TYPO3 that allows local...

CVE-2014-4945

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via an unspecified flag in the basic 1 mailbox or 2 message view...

CVE-2014-4946

Multiple cross-site scripting XSS vulnerabilities in Horde Internet Mail Program IMP before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitrary web script or HTML via 1 unspecified flags or 2 a mailbox name in the dynamic mailbox view...

CVE-2005-1650

The web mail service in Woppoware PostMaster 4.2.2 build 3.2.5 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames...

CVE-2023-43320

An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component...

CVE-2023-40779

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL...

CVE-2018-10948

Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs...

CVE-2018-18949

Zoho ManageEngine OpManager 12.3 before 123222 has SQL Injection via Mail Server settings...

CVE-2009-4159

Cross-site scripting XSS vulnerability in the newsletter configuration feature in the backend module in the Direct Mail directmail extension 2.6.4 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-4959

SQL injection vulnerability in the T3M E-Mail Marketing Tool t3m extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

CVE-2016-10793

cPanel before 59.9999.145 allows arbitrary code execution due to an incorrect ! in Mail::SPF scripts SEC-152...

CVE-2016-10956

The mail-masta plugin 1.0 for WordPress has local file inclusion in countofsend.php and csvexport.php...

CVE-2022-23835

The Visual Voice Mail VVM application through 2022-02-24 for Android allows persistent access if an attacker temporarily controls an application that has the READSMS permission, and reads an IMAP credentialing message that is by design not displayed to the victim within the AOSP SMS/MMS messaging...

CVE-2022-31119

Nextcloud Mail is an email application for the nextcloud personal cloud product. Affected versions of Nextcloud mail would log user passwords to disk in the event of a misconfiguration. Should an attacker gain access to the logs complete access to affected accounts would be obtainable. It is...

CVE-2022-26246

TMS v2.28.0 was discovered to contain a cross-site scripting XSS vulnerability in the component /TMS/admin/setting/mail/createorupdate...

CVE-2022-35508

Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...

CVE-2022-35507

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...