Lucene search
K

15045 matches found

Cvelist
Cvelist
added 2026/06/28 3:30 p.m.35 views

CVE-2026-13504 code-projects Project Management System Mail Compose mail.php cross site scripting

A vulnerability has been found in code-projects Project Management System 1.0. This vulnerability affects unknown code of the file /mail.php of the component Mail Compose Page. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed...

5.1CVSS0.00203EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/28 12:0 a.m.13 views

PT-2026-53115

Name of the Vulnerable Software and Affected Versions code-projects Project Management System version 1.0 Description Cross site scripting XSS occurs in the Mail Compose Page component within the /mail.php endpoint. This issue allows a remote attacker to execute malicious scripts through the...

5.1CVSS5.8AI score0.00203EPSS
Exploits0References10
Fedora
Fedora
added 2026/06/27 1:12 a.m.6 views

[SECURITY] Fedora 44 Update: nginx-1.30.3-1.fc44

Nginx is a web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols, with a strong focus on high concurrency, performance and low memory usage...

9.2CVSS7AI score0.03225EPSS
Exploits4
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39662

Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...

4.3CVSS5.8AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 6:1 p.m.6 views

EUVD-2026-39515

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.01325EPSS
Exploits2References2
NVD
NVD
added 2026/06/24 10:16 p.m.8 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 9:38 p.m.5 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/06/24 9:38 p.m.19 views

CVE-2026-49979

Appsmith prior to version 1.99 exposes a vulnerability in the POST /api/v1/admin/send-test-email endpoint. An attacker can supply smtpHost and smtpPort values to establish a raw JavaMail TCP connection, bypassing WebClientUtils.IP_CHECK_FILTER (which only applies to Spring WebClient HTTP requests...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References1Affected Software1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.11 views

Astra Linux – Vulnerability in expat

In libexpat before version 2.7.4, the doContent function does not properly determine the buffer size bufSize, as there is no check for integer overflow during the reallocation of the tag buffer...

7.8CVSS7AI score0.00193EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.9 views

PT-2026-52114

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 2.1 Description An authenticated user can craft outbound requests that reach loopback-bound services inside the container. This occurs because the outbound HTTP host filter applied by WebClientUtils used by the REST...

9.1CVSS5.8AI score0.0022EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2026/06/22 12:0 a.m.45 views

📄 N-able Mail Assure Authentication Bypass

N-able Mail Assure appears to suffer from a cross-tenant authentication bypass vulnerability via spoofing. CVE-2025-68624: Cross-Tenant Authentication Bypass by Spoofing in N-able Mail Assure CVE ID: CVE-2025-68624 Status: DISPUTED CWE: CWE-290 Authentication Bypass by Spoofing Affected Product:...

5.9AI score
Exploits1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 has an improper neutralization of line delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via the AUTH= parameter in the MAIL FROM command...

9CVSS7.6AI score0.0406EPSS
Exploits1References1
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.8 views

Astra Linux – Vulnerability in exim4

The STARTTLS feature in Exim up to 4.94.2 allows for response injection buffering during MTA SMTP sending...

7.5CVSS7.2AI score0.01996EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/19 9:14 a.m.4 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: nginx: nginx-1.30.3-2.hum1 aarch64, x8664 nginx-all-modules-1.30.3-2.hum1 noarch nginx-core-1.30.3-2.hum1 aarch64, x8664 nginx-filesystem-1.30.3-2.hum1 noarch nginx-mod-devel-1.30.3-2.hum1 aarch6...

9.2CVSS6.1AI score0.0314EPSS
Exploits1References4
Rockylinux
Rockylinux
added 2026/06/19 6:4 a.m.11 views

postfix security update

An update is available for postfix. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The postfix packages provide a Mail Transport Agent MTA, which supports...

7.5CVSS6.1AI score0.00415EPSS
Exploits0
OSV
OSV
added 2026/06/19 6:4 a.m.11 views

RLSA-2026:25930 Important: postfix security update

The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS6.1AI score0.00415EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/18 2:25 p.m.5 views

Arbitrary Command Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Command Injection via unsanitized input in the searchemails, replyemail, and archiveemail functions. An attacker can execute...

8.6CVSS6AI score
Exploits0References2
OSV
OSV
added 2026/06/17 12:3 p.m.7 views

RLSA-2026:26205 Important: postfix security update

The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS5.5AI score0.00415EPSS
Exploits0References2
OSV
OSV
added 2026/06/17 6:0 a.m.5 views

RLSA-2026:25932 Important: postfix security update

The postfix packages provide a Mail Transport Agent MTA, which supports protocols like LDAP, SMTP AUTH SASL, and TLS. Security Fixes: postfix: buffer over-read via malformed enhanced status code CVE-2026-43964 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS5.5AI score0.00415EPSS
Exploits0References2
Rockylinux
Rockylinux
added 2026/06/17 6:0 a.m.10 views

postfix security update

An update is available for postfix. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The postfix packages provide a Mail Transport Agent MTA, which supports...

7.5CVSS5.7AI score0.00415EPSS
Exploits0
Rows per page
Query Builder