Lucene search
+L

38 matches found

RedhatCVE
RedhatCVE
added 2025/11/06 3:11 a.m.8 views

CVE-2025-8871

The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...

5.6CVSS7.2AI score0.00274EPSS
Exploits0References1
NVD
NVD
added 2025/11/05 3:15 a.m.8 views

CVE-2025-8871

The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...

5.6CVSS0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/11/05 2:25 a.m.4 views

CVE-2025-8871 Everest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature

The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...

5.6CVSS6.8AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/11/05 2:25 a.m.13 views

CVE-2025-8871 Everest Forms (Pro) <= 1.9.7 - Unauthenticated PHP Object Injection via PHAR Deserialization in Form Signature

The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...

5.6CVSS0.00274EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/11/05 12:0 a.m.10 views

WordPress plugin Everest Forms Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

5.6CVSS7.1AI score0.00274EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-1999-0822

Malware in sbrugna...

7.2CVSS6.4AI score0.00832EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2024/10/27 12:0 a.m.15 views

EulerOS Virtualization 2.12.0 : emacs (EulerOS-SA-2024-2767)

According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : In Emacs before 29.4, org-link-expand-abbrev in lisp/ol.el expands a %... link abbrev even when it specifies an unsafe function, such...

9.8CVSS6.9AI score0.01312EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2024/06/30 2:0 p.m.4 views

In Emacs before 29.3 Gnus treats inline MIME contents as trusted.

...

5.5CVSS7.1AI score0.00579EPSS
Exploits0
CNVD
CNVD
added 2024/03/27 12:0 a.m.5 views

Unspecified vulnerability in Gnu emacs (CNVD-2025-15363)

Gnu emacs is a family of text editors in the American GNU community. Gnu emacs suffers from a security vulnerability that stems from Gnus treating inline MIME content as trusted. No details of the vulnerability are provided at this time...

7.1CVSS7.1AI score0.00579EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/25 12:0 a.m.29 views

CVE-2024-30203

In Emacs before 29.3, Gnus treats inline MIME contents as trusted...

6.8AI score0.00579EPSS
Exploits0References16
CVE
CVE
added 2024/03/25 12:0 a.m.3949 views

CVE-2024-30203

CVE-2024-30203 affects GNU Emacs prior to 29.3, where Gnus treats inline MIME contents as trusted. Public advisories from multiple sources (e.g., ALAS/ALAS2) recommend upgrading Emacs to a newer version (29.3 or later) to apply the fix. The issue is limited to Emacs/Gnus handling of inline MIME; ...

5.5CVSS6.3AI score0.00579EPSS
Exploits0References16Affected Software1
CNNVD
CNNVD
added 2024/03/25 12:0 a.m.6 views

GNU Emacs 安全漏洞

GNU Emacs is a family of text editors in the American GNU community. A security vulnerability existed prior to GNU Emacs version 29.3, which stemmed from Gnus treating inline MIME content as trusted...

5.5CVSS6.9AI score0.00579EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2021/11/01 11:49 a.m.102 views

USN-5121-2: Mailman vulnerabilities

USN-5009-1 fixed vulnerabilities in Mailman. This update provides the corresponding updates for Ubuntu 20.04 LTS. In addition, the following CVEs were fixed: It was discovered that Mailman allows arbitrary content injection. An attacker could use this to inject malicious content. CVE-2020-12108,...

8.5CVSS6.6AI score0.02698EPSS
Exploits1
OSV
OSV
added 2019/12/20 4:15 p.m.14 views

UBUNTU-CVE-2019-19916

In Midori Browser 0.5.11 on Windows 10, Content Security Policy CSP is not applied correctly to all parts of multipart content sent with the multipart/x-mixed-replace MIME type. This could result in script running where CSP should have blocked it, allowing for cross-site scripting XSS and other...

6.1CVSS6.3AI score0.0157EPSS
Exploits1References5
OSV
OSV
added 2018/06/08 6:29 p.m.3 views

CVE-2018-4227

An issue was discovered in certain Apple products. iOS before 11.4 is affected. macOS before 10.13.5 is affected. The issue involves the "Mail" component. It allows remote attackers to read the cleartext content of S/MIME encrypted messages via direct exfiltration...

7.5CVSS5.8AI score0.01893EPSS
Exploits1References5
OSV
OSV
added 2018/04/03 6:29 a.m.5 views

CVE-2018-4111

An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Mail" component. It allows man-in-the-middle attackers to read S/MIME encrypted message content by sending HTML e-mail that references remote resources but lacks a valid S/MIME signature...

5.9CVSS5.8AI score0.01159EPSS
Exploits0References3
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

SqWebMail 4.0.4 .20040524 Email Header HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10588/info SqWebMail is reported to be prone to an email header HTML injection vulnerability. This issue presents itself due to a failure of the application to properly sanitize user-supplied email header strings. The...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Pine 4.x Empty MIME Boundary Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5301/info Pine is an open source mail user agent distributed by the University of Washington. It is freely available for Unix, Linux, and Microsoft Operating Systems. When a mail is received by pine that contains MIME...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2007/11/29 12:0 a.m.25 views

IBM Lotus Notes Lotus 1-2-3文件查看器缓冲区溢出漏洞

Lotus Notes是由IBM开发的集成邮件、日历、即时消息、浏览器和业务协作应用,可用作Lotus Domino服务器应用的桌面客户端。 Lotus Notes的邮件客户端支持预览和处理各种格式的文件附件。为了预览和处理Lotus 1-2-3所使用的Lotus工作表文件格式(WKS)的文件,邮件客户端使用了第三方软件厂商的函数库(Autonomy的Verity KeyView SDK)。该函数库处理Lotus 1-2-3文件附件时存在缓冲区溢出漏洞,如果用户试图查看恶意附件的话就可以触发这个溢出,导致执行任意指令。 尽管这只是第三方组件中的问题,但Lotus...

7.1AI score
Exploits0
securityvulns
securityvulns
added 2004/09/13 12:0 a.m.38 views

[Full-Disclosure] Corsaire Security Advisory - Multiple vendor MIME field whitespace issue

-- Corsaire Security Advisory -- Title: Multiple vendor MIME field whitespace issue Date: 04.08.03 Application: various Environment: various Author: Martin O'Neal [email protected] Audience: General distribution Reference: c030804-003 -- Scope -- The aim of this document is to clearly...

7.5CVSS6AI score0.02446EPSS
Exploits0
Rows per page
Query Builder