Lucene search
+L

940 matches found

NVD
NVD
added 6 days ago6 views

CVE-2026-57739

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in AcyMailing Newsletter Team AcyMailing SMTP Newsletter acymailing allows Blind SQL Injection.This issue affects AcyMailing SMTP Newsletter: from n/a through = 10.11.0...

9.3CVSS0.00291EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/07/09 1:49 p.m.4 views

CVE-2026-56292 Joomla Extension - acymailing.com - SQL Injection in AcyMailing extension < 10.11.1

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS5.9AI score0.00263EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/07/09 1:49 p.m.7 views

CVE-2026-56292

A SQLi vulnerability in AcyMailing component 10.11.1 for Joomla was discovered. Exploiting this flaw can lead to unauthorized database access and data leakage...

9.2CVSS5.9AI score0.00263EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/07/09 6:52 a.m.8 views

CVE-2026-12170

The CVE concerns the AcyMailing WordPress plugin (all versions up to 10.10.2) vulnerability to Stored Cross-Site Scripting via the alignment attribute, caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at contributor level or higher, enablin...

6.4CVSS6.1AI score0.00256EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/05/20 6:46 a.m.48 views

CVE-2026-5200 AcyMailing <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via 'acymailing_router'

The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 10.8.2. This is due to the plugin not properly verifying that a user is authorized to perform an action. Thi...

8.8CVSS0.00336EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/20 12:0 a.m.11 views

WordPress plugin AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.8CVSS5.8AI score0.00336EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/10 3:31 p.m.21 views

EUVD-2022-55990

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References5
NVD
NVD
added 2026/05/10 1:16 p.m.18 views

CVE-2022-50969

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The datecreated, datefrom, dateto, and createdat parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via crafted...

6.1CVSS0.00252EPSS
Exploits0References4
CVE
CVE
added 2026/05/10 12:13 p.m.16 views

CVE-2022-50969

CVE-2022-50969 affects uBidAuction 2.0.1 and involves a reflected Cross‑Site Scripting (XSS) vulnerability in the backend/mailingLog/manage module. The issue stems from improper sanitization of the date_created, date_from, date_to, and created_at parameters in the filter functionality, allowing r...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/10 12:0 a.m.19 views

PT-2026-39494

uBidAuction 2.0.1 contains a reflected cross-site scripting vulnerability in the backend/mailingLog/manage module. The date created, date from, date to, and created at parameters in the filter functionality are not properly sanitized, allowing remote attackers to inject malicious scripts via...

6.1CVSS5.7AI score0.00252EPSS
Exploits0References5
Malwarebytes
Malwarebytes
added 2026/04/30 7:29 p.m.12 views

More PayPal emails hijacked to deliver tech support scams

Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices. In those cases, scammers created a PayPal subscription and then paus...

6AI score
Exploits0
CVE
CVE
added 2026/04/23 6:55 p.m.22 views

CVE-2026-41259

CVE-2026-41259 affects Mastodon prior to versions 4.5.9, 4.4.16, and 4.3.22. The issue is insufficient verification of email addresses: Mastodon allows restricting new user sign-up by domain but does not properly handle characters that some mail servers interpret differently. Root cause is incomp...

8.2CVSS5.8AI score0.00213EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2026/04/03 11:24 p.m.8 views

SUSE CVE-2026-35535

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation...

7.4CVSS5.8AI score0.00173EPSS
Exploits0References17
Packet Storm
Packet Storm
added 2026/04/02 12:0 a.m.161 views

📄 listmonk Session Persistence

listmonk has a flaw where sessions persist as valid after password reset and password change. CVE-2026-34828 listmonk’s Session Persistence After Password Reset and Password Change Intro I found this issue while reviewing listmonk, an open-source newsletter and mailing list manager, with a simple...

7.1CVSS5.9AI score0.003EPSS
Exploits2
GithubExploit
GithubExploit
added 2026/03/25 4:37 p.m.215 views

Exploit for Improper Input Validation in Microsoft

HTB: Mailing — A Complete Walkthrough By Mursalin --- I...

9.8CVSS8AI score0.9466EPSS
Exploits24
RedhatCVE
RedhatCVE
added 2026/02/19 7:29 a.m.6 views

CVE-2026-1857

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 3.6.1. This is due to insufficient validation of the endpoint parameter in the getitems function of the GetResponse REST API handler. The endpoint's...

4.3CVSS5.7AI score0.00283EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 7:17 a.m.7 views

CVE-2025-13079

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 4.4.2. This is due to the plugin generating predictable unsubscribe tokens using deterministic data. This makes it...

5.3CVSS0.00372EPSS
Exploits0References4
Circl
Circl
added 2026/02/10 10:0 a.m.13 views

CVE-2026-24027

creationtimestamp| type| source ---|---|--- 2026-02-10 10:00:10+00:00| seen| https://seclists.org/oss-sec/2026/q1/159...

5.3CVSS5.1AI score0.00396EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:44 p.m.10 views

CVE-2005-1419

SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Adminid parameter...

7.5CVSS8.8AI score0.0133EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:29 p.m.11 views

CVE-2023-40160

Directory traversal vulnerability exists in Mailing List Search CGI pmmls.exe included in A.K.I Software's PMailServer/PMailServer2 products. If this vulnerability is exploited, a remote attacker may obtain arbitrary files on the server...

3.7CVSS7.1AI score0.00748EPSS
Exploits0References1
Rows per page
Query Builder