397 matches found
CVE-2026-2840 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eebmailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2840 Email Encoder – Protect Email Addresses and Phone Numbers <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eebmailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2026-2840
The CVE-2026-2840 entry concerns the WordPress plugin “Email Encoder – Protect Email Addresses and Phone Numbers”. Affected: plugin versions up to 2.4.4. Root cause: insufficient input sanitization and output escaping on the eeb_mailto shortcode, enabling Stored Cross-Site Scripting. Impact: auth...
WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin <= 2.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via eeb_mailto Shortcode vulnerability
WordPress Email Encoder - Protect Email Addresses and Phone Numbers plugin = 2.4.4 - Authenticated Contributor+ Stored Cross-Site Scripting via eebmailto Shortcode vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Email Encoder Bundle versions = 2.4.4...
PT-2026-33322
The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb mailto' shortcode in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for...
Azure Linux 3.0 Security Update: xdg-utils (CVE-2022-4055)
The version of xdg-utils installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-4055 advisory. - When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to...
MiracleLinux 9 : xdg-utils-1.1.3-13.el9_6 (AXSA:2025-10482:01)
The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10482:01 advisory. xdg-utils: improper parse of mailto URIs allows bypass of Thunderbird security mechanism for attachments CVE-2022-4055 Tenable has extracted the preceding...
CVE-2023-4599
The Email Encoder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eebmailto' shortcode in versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...
CVE-1999-0872
Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file...
CVE-1999-0768
Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable...
CVE-1999-0769
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable...
OPENSUSE-SU-2026:20002-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: Mozilla Thunderbird 140.5.0 ESR MFSA 2025-91 bsc1253188: CVE-2025-13012 Race condition in the Graphics component CVE-2025-13016 Incorrect boundary conditions in the JavaScript: WebAssembly component...
Important: squid
Issue Overview: Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. . This potentially allows a remote client to identify security tokens or credentials used internally by a web...
ALPINE-CVE-2025-62168
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...
CVE-2025-62168
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...
CVE-2025-62168 Squid vulnerable to information disclosure via authentication credential leakage in error handling
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...
EUVD-2025-34894
Squid is a caching proxy for the Web. In Squid versions prior to 7.2, a failure to redact HTTP authentication credentials in error handling allows information disclosure. The vulnerability allows a script to bypass browser security protections and learn the credentials a trusted client uses to...
EUVD-2007-4022
Malware in sbrugna...
EUVD-2008-5809
Malware in sbrugna...
EUVD-1999-0750
Malware in sbrugna...