Lucene search
+L

405 matches found

NVD
NVD
added 2026/07/08 5:17 p.m.9 views

CVE-2026-59887

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS0.00346EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/07/08 3:58 p.m.5 views

CVE-2026-59887

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS5.9AI score0.00346EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/07/08 3:58 p.m.13 views

CVE-2026-59887

The CVE concerns the linkify-it library. The mailto: schema validator (used by .test()/.match()) could, before version 5.0.2, be invoked for each mailto occurrence and scan the remaining input through src_email_name in lib/re.mjs, causing O(n^2) CPU consumption (DoS) on crafted text. Impact is hi...

7.5CVSS5.9AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 2026/07/08 3:58 p.m.3 views

CVE-2026-59887 linkify-it: Quadratic-complexity DoS via the `mailto:` validator scan-loop on attacker text

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS6.1AI score0.00346EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/07/08 3:58 p.m.37 views

CVE-2026-59887 linkify-it: Quadratic-complexity DoS via the `mailto:` validator scan-loop on attacker text

linkify-it is a links recognition library with full Unicode support. Prior to 5.0.2, the mailto: schema validator used by .test and .match can be invoked at every mailto: occurrence and scan the remaining input through srcemailname in lib/re.mjs, causing On^2 CPU consumption on crafted user text...

7.5CVSS0.00346EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/07/08 12:0 a.m.7 views

PT-2026-56502

Name of the Vulnerable Software and Affected Versions linkify-it versions prior to 5.0.2 Description The mailto: schema validator used by the .test and .match functions can be triggered at every occurrence of mailto: and scan the remaining input via src email name in lib/re.mjs. This behavior lea...

7.5CVSS5.9AI score0.00346EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/25 11:23 p.m.11 views

CVE-2026-13324

A vulnerability has been identified in the GNOME Geary package within its mailto URI handling component. This flaw occurs because the email client automatically processes a non-standard attach parameter in email links without prompting or alerting the user. An attacker could exploit this by...

6.5CVSS5.8AI score
Exploits0References4
Cvelist
Cvelist
added 2026/04/16 2:10 p.m.36 views

CVE-2026-2840 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eebmailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS0.00257EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/16 2:10 p.m.4 views

CVE-2026-2840 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eebmailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00257EPSS
Exploits0References3
CVE
CVE
added 2026/04/16 2:10 p.m.15 views

CVE-2026-2840

The CVE-2026-2840 entry concerns the WordPress plugin “Email Encoder – Protect Email Addresses and Phone Numbers”. Affected: plugin versions up to 2.4.4. Root cause: insufficient input sanitization and output escaping on the eeb_mailto shortcode, enabling Stored Cross-Site Scripting. Impact: auth...

6.4CVSS5.9AI score0.00257EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/16 3:20 a.m.6 views

WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode vulnerability

WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin = 2.4.4 - Authenticated Contributor+ Stored Cross-Site Scripting via eebmailto Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Email Encoder Bundle versions = 2.4.4...

6.4CVSS5.8AI score0.00257EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/16 12:0 a.m.11 views

PT-2026-33322

The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb mailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.9AI score0.00257EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.4 views

Azure Linux 3.0 Security Update: xdg-utils (CVE-2022-4055)

The version of xdg-utils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4055 advisory. - When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to...

7.4CVSS5.7AI score0.00652EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : xdg-utils-1.1.3-13.el9_6 (AXSA:2025-10482:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10482:01 advisory. xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 Tenable has extracted the preceding...

7.4CVSS7.3AI score0.00652EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.6 views

CVE-2023-4599

The Email Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eebmailto' shortcode in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

6.4CVSS6.8AI score0.0045EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:42 a.m.12 views

CVE-1999-0872

Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file...

7.2CVSS7.2AI score0.00361EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:41 a.m.13 views

CVE-1999-0768

Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable...

7.5CVSS7.3AI score0.02303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:39 a.m.8 views

CVE-1999-0769

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable...

7.2CVSS6.9AI score0.00801EPSS
Exploits0References1
OSV
OSV
added 2026/01/02 12:14 p.m.4 views

OPENSUSE-SU-2026:20002-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: Mozilla Thunderbird 140.5.0 ESR MFSA 2025-91 bsc1253188: CVE-2025-13012 Race condition in the Graphics component CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component...

8.8CVSS5.8AI score0.00449EPSS
Exploits0References10
Amazon
Amazon
added 2025/10/27 12:0 a.m.10 views

Important: squid

Issue Overview: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. . This potentially allows a remote client to identify security tokens or credentials used internally by a web...

10CVSS6.9AI score0.62871EPSS
Exploits1
Rows per page
Query Builder