HGiga C&Cm@il 访问控制错误漏洞

HGiga C&Cm@il is an email collaboration system developed by China’s HGiga Corporation. There is an access control vulnerability in HGiga C&Cm@il, which stems from the lack of authentication. This vulnerability could allow unverified remote attackers to read and modify the email content of any use...

CVE-2025-57881

A reflected cross-site scripting xss vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-57881

A reflected cross-site scripting xss vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

CVE-2025-57881

Talos reports CVE-2025-57881: a post-auth reflected XSS in MedDream PACS Premium 7.3.6.870 via Pacs/modifyEmail.php, where the server parameter is echoed into HTML without sanitization. A crafted URL can trigger arbitrary JavaScript execution in the affected web interface. Vulnerable versions: Me...

PT-2026-3609

A reflected cross-site scripting xss vulnerability exists in the modifyEmail functionality of MedDream PACS Premium 7.3.6.870. A specially crafted malicious URL can lead to arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2023-28632

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 0.83 and prior to versions 9.5.13 and 10.0.7, an authenticated user can modify emai...

CVE-2023-27312

SnapCenter Plugin for VMware vSphere versions 4.6 prior to 4.9 are susceptible to a vulnerability which may allow authenticated unprivileged users to modify email and snapshot name settings within the VMware vSphere user interface...

NetApp SnapCenter Security Vulnerability

NetApp SnapCenter is a suite of applications from Network Appliance NetApp, Inc. that provides the ability to back up, verify, clone, and restore NetApp storage systems. A security vulnerability exists in NetApp SnapCenter version 4.6 VMware vSphere versions prior to 4.9 that originates from...

The vulnerability of SCIM (System of Cross-domain Identity Management) function of the Git-based software platform for collaborative code development on GitLab arises from the ability to invite arbitrary users through their user names and email addresses. This allows a malicious actor to gain control over user accounts by modifying their email addresses.

The vulnerability of SCIM System of Cross-domain Identity Management in the Git-based software platform for collaborative code development on GitLab relates to the ability to invite arbitrary users through their user names and email addresses. Exploiting this vulnerability could allow a malicious...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that 1 modify the admin email address or 2 modify the blog title via a settings action; 3 add a page via an editpage action, or 4 add a...

Sql injection

SQL injection vulnerability in admin/users/self-2.php in XRMS allows remote attackers to execute arbitrary SQL commands and modify name and email fields via unspecified vectors...