Lucene search
K

15060 matches found

Positive Technologies
Positive Technologies
added 5 days ago7 views

PT-2026-56897

Name of the Vulnerable Software and Affected Versions Hoppscotch versions prior to 2026.6.0 Description The updateInfraConfigs GraphQL mutation in admin/infra.resolver.ts accepts an attacker-controlled MAILER SMTP URL value. Additionally, the validateSMTPUrl function in utils.ts permits path,...

7.2CVSS6.3AI score0.00518EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 6 days ago4 views

CVE-2026-46584

A flaw was found in the Apache Camel Mail Component. This vulnerability, due to improper input validation, allows a remote attacker to exploit routes that channel untrusted input into the mail producer without proper header stripping. Before version 4.19.0, this could lead to the redirection of...

7.5CVSS5.9AI score0.00378EPSS
Exploits0References4
Nuclei
Nuclei
added last week27 views

Axigen Mail Server Filename Directory Traversal

Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. dot dot in the fileName parameter in a download action to source/loggin/pagelogdwnfile.hsp, or the fileName parameter in an edi...

6.4CVSS6.1AI score0.83632EPSS
Exploits3References4
Fedora
Fedora
added 2026/07/07 1:11 a.m.16 views

[SECURITY] Fedora 43 Update: clamav-1.4.5-1.fc43

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

6AI score
Exploits0
NVD
NVD
added 2026/07/06 9:16 a.m.8 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

3.7CVSS0.00378EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:12 a.m.7 views

CVE-2026-1433

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS5.9AI score0.00217EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/07/06 8:12 a.m.30 views

CVE-2026-1433 uniFLOW Universal Login Manager (ULM) Standalone Improper Protection of Sensitive Information Leads to Information Disclosure

uniFLOW Universal Login Manager ULM Standalone contains an information disclosure vulnerability that may allow an authenticated administrator to access sensitive configuration information through the ULM Remote User Interface RUI. Exploitation requires administrative privileges and may disclose...

4.8CVSS0.00217EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/06 8:2 a.m.6 views

CVE-2026-46584

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

6AI score0.00378EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/06 8:2 a.m.5 views

EUVD-2026-41832

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

3.7CVSS6AI score0.00378EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 8:2 a.m.13 views

CVE-2026-46584

CVE-2026-46584 affects Apache Camel’s Mail component. The MailProducer.getSender could read headers from the mail.smtp/mail.smtps namespace and apply them as JavaMail session properties, overriding endpoint config. This allows attacker-controlled inputs to influence SMTP parameters if untrusted i...

3.7CVSS6AI score0.00378EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/06 8:2 a.m.34 views

CVE-2026-46584 Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

0.00378EPSS
Exploits0References1
Fedora
Fedora
added 2026/07/05 1:10 a.m.10 views

[SECURITY] Fedora 44 Update: clamav-1.4.5-1.fc44

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

6AI score
Exploits0
NVD
NVD
added 2026/07/02 10:16 a.m.9 views

CVE-2026-12472

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.11. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS0.00283EPSS
Exploits0References6
EUVD
EUVD
added 2026/07/02 8:33 a.m.6 views

EUVD-2026-41267

The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 6.0.11. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

5.3CVSS5.9AI score0.00283EPSS
Exploits0References6
CVE
CVE
added 2026/07/02 8:33 a.m.16 views

CVE-2026-12472

The CVE-2026-12472 entry concerns the Kirki – Freeform Page Builder, Website Builder & Customizer WordPress plugin. It states an authorization bypass in all versions up to 6.0.11, enabling unauthenticated attackers to send arbitrary HTML-injected emails via the site’s mail server, potentially phi...

5.3CVSS5.9AI score0.00283EPSS
Exploits0References6
NVD
NVD
added 2026/07/02 6:16 a.m.10 views

CVE-2026-11592

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS0.00272EPSS
Exploits0References12
ATTACKERKB
ATTACKERKB
added 2026/07/02 5:35 a.m.5 views

CVE-2026-11592

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/07/02 5:35 a.m.40 views

CVE-2026-11592 Email Subscribers & Newsletters <= 5.9.27 - Missing Authorization to Authenticated (Contributor+) Settings Modification via ig_es_handle_request AJAX Action

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS0.00272EPSS
Exploits0References12
EUVD
EUVD
added 2026/07/02 5:35 a.m.8 views

EUVD-2026-41248

The Email Subscribers & Newsletters – Email Marketing, Post Notifications & Newsletter Plugin for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.9.27. This is due to the plugin not properly verifying that a user is authorized to perfor...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References12
CVE
CVE
added 2026/07/02 5:35 a.m.17 views

CVE-2026-11592

The CVE-2026-11592 entry concerns the WordPress plugin Email Subscribers & Newsletters (formerly “Email Marketing, Post Notifications & Newsletter”). It describes an authorization bypass vulnerability affecting all versions up to and including 5.9.27. The root cause is that the plugin fails to ve...

4.3CVSS5.9AI score0.00272EPSS
Exploits0References12
Rows per page
Query Builder