CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

69 matches found

GithubExploit•added 2026/04/29 9:37 p.m.•53 views

Exploit for Server-Side Request Forgery in Chamilo Chamilo_Lms

CVE-2026-33715 — Unauthenticated SSRF + Open Email Relay in Ch...

7.2CVSS5.9AI score0.00166EPSS

Exploits1

NVD•added 2026/04/21 3:16 a.m.•0 views

CVE-2026-6675

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient email address supplie...

5.3CVSS0.00032EPSS

Exploits0References7

Vulnrichment•added 2026/04/21 2:25 a.m.•0 views

CVE-2026-6675 Responsive Blocks <= 2.2.0 - Unauthenticated Open Email Relay via REST API 'email_to' Parameter

5.3CVSS5.8AI score0.00032EPSS

Exploits0References7

ATTACKERKB•added 2026/04/21 2:25 a.m.•1 views

CVE-2026-6675

5.3CVSS5.8AI score0.00032EPSS

Exploits0References8

CVE•added 2026/04/21 2:25 a.m.•7 views

CVE-2026-6675

The CVE entry maps to a concrete vulnerability in the WordPress Responsive Blocks plugin (versions ≤ 2.2.0). It describes an unauthenticated open email relay via the REST API 'email_to' parameter, enabling abuse of email delivery functions without login. The source does not provide exploit steps ...

5.3CVSS5.8AI score0.00032EPSS

Exploits0References7

ATTACKERKB•added 2026/04/14 9:5 p.m.•4 views

CVE-2026-33715

Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs...

7.2CVSS5.8AI score0.00166EPSS

Exploits1References3Affected Software1

CNNVD•added 2026/04/14 12:0 a.m.•2 views

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Version Chamilo 2.0-RC.2 has code vulnerabilities. These vulnerabilities stem from the fact that the install.ajax.php file can be accessed without authentication. This could allow unauthorized attackers to exploit the SMTP...

7.2CVSS5.8AI score0.00166EPSS

Exploits1References2

Patchstack•added 2026/01/19 8:0 a.m.•5 views

WordPress Quick Contact Form plugin <= 8.2.6 - Unauthenticated Open Mail Relay vulnerability

Unauthenticated Open Mail Relay vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Quick Contact Form versions = 8.2.6...

5.8CVSS5.4AI score0.00221EPSS

Exploits0References1Affected Software1

RedhatCVE•added 2026/01/18 2:26 a.m.•4 views

CVE-2025-12718

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcfvalidateform' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers t...

5.8CVSS5.9AI score0.00221EPSS

Exploits0References1

NVD•added 2026/01/17 3:16 a.m.•2 views

CVE-2025-12718

5.8CVSS0.00221EPSS

Exploits0References2

ATTACKERKB•added 2026/01/17 2:22 a.m.•1 views

CVE-2025-12718

5.8CVSS5.5AI score0.00221EPSS

Exploits0References3

EUVD•added 2026/01/17 2:22 a.m.•4 views

EUVD-2026-3160

5.8CVSS5.5AI score0.00221EPSS

Exploits0References3

CVE•added 2026/01/17 2:22 a.m.•15 views

CVE-2025-12718

CVE-2025-12718 pertains to the Quick Contact Form plugin for WordPress. A vulnerability in the qcf_validate_form AJAX endpoint permits a user-controlled parameter to set the from address, enabling unauthenticated attackers to relay mail through the server to arbitrary recipients (Open Mail Relay)...

5.8CVSS5.6AI score0.00221EPSS

Exploits0References2

Vulnrichment•added 2026/01/17 2:22 a.m.•2 views

CVE-2025-12718 Quick Contact Form <= 8.2.6 - Unauthenticated Open Mail Relay

5.8CVSS5.7AI score0.00221EPSS

Exploits0References2

Cvelist•added 2026/01/17 2:22 a.m.•20 views

CVE-2025-12718 Quick Contact Form <= 8.2.6 - Unauthenticated Open Mail Relay

5.8CVSS0.00221EPSS

Exploits0References2

Positive Technologies•added 2026/01/17 12:0 a.m.•2 views

PT-2026-3337

The Quick Contact Form plugin for WordPress is vulnerable to Open Mail Relay in all versions up to, and including, 8.2.6. This is due to the 'qcf validate form' AJAX endpoint allowing a user controlled parameter to set the 'from' email address. This makes it possible for unauthenticated attackers...

5.8CVSS5.9AI score0.00221EPSS

Exploits0References3

NVD•added 2026/01/15 2:16 p.m.•3 views

CVE-2025-12895

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kaliumvccontactformrequest function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers to us...

5.3CVSS0.00128EPSS

Exploits0References3

EUVD•added 2026/01/15 1:23 p.m.•3 views

EUVD-2026-2816

5.3CVSS5.1AI score0.00128EPSS

Exploits0References5

ATTACKERKB•added 2026/01/15 1:23 p.m.•2 views

CVE-2025-12895

5.3CVSS5.7AI score0.00128EPSS

Exploits0References4

Positive Technologies•added 2026/01/15 12:0 a.m.•3 views

PT-2026-3002

The Kalium 3 | Creative WordPress & WooCommerce Theme theme for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the kalium vc contact form request function in all versions up to, and including, 3.29. This makes it possible for unauthenticated attackers t...

5.3CVSS5.6AI score0.00128EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by