CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Vulnrichment•added 2026/04/21 7:12 p.m.•5 views

CVE-2026-40871 mailcow: dockerized vulnerable to Second Order SQL Injection in quarantine category via API

mailcow: dockerized is an open source groupware/email suite based on docker. Versions prior to 2026-03b have a second-order SQL injection vulnerability in the quarantinecategory field via the Mailcow API. The /api/v1/add/mailbox endpoint stores quarantinecategory without validation or sanitizatio...

7.2CVSS5.9AI score0.09874EPSS

Exploits0References1

SUSE CVE•added 2023/02/15 6:17 a.m.•3 views

SUSE CVE-2005-3539

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via 1 the notify script in HylaFAX 4.2.0 to 4.2.3 and 2 crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3...

7.5CVSS8.1AI score0.12367EPSS

Exploits1References3

Debian•added 2006/01/10 3:24 a.m.•38 views

[SECURITY] [DSA 933-1] New hylafax packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 933-1 [email protected] http://www.debian.org/security/ Michael Stone January 9, 2006 http://www.debian.org/security/faq -...

7.5CVSS0.7AI score0.12367EPSS

Exploits1

Debian CVE•added 2006/01/06 11:0 a.m.•19 views

CVE-2005-3539

7.5CVSS7.7AI score0.12367EPSS

Exploits1

CVE•added 2006/01/06 11:0 a.m.•58 views

CVE-2005-3539

CVE-2005-3539 affects HylaFAX up to version 4.2.x (notably 4.2.3 and earlier). The root cause is evaluation of untrusted input in HylaFAX components: the notify script and crafted CallID parameters to faxrcvd, enabling remote attackers to execute arbitrary commands with the HylaFAX server privile...

7.5CVSS7.6AI score0.12367EPSS

Exploits1References12Affected Software1