CVE-2026-44784

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

EUVD-2022-5085

Malicious code in bioql PyPI...

EUVD-2022-5224

Malicious code in bioql PyPI...

EUVD-2022-3418

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2019-17576

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Dolibarr 10.0.2. It has XSS via the outgoing email setup feature in the /admin/mails.php?action=edit URI via the Send all emails to...

Linux Distros Unpatched Vulnerability : CVE-2019-17578

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Dolibarr 10.0.2. It has XSS via the outgoing email setup feature in the admin/mails.php?action=edit URI via the Sender email for...

CVE-2019-17577

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails fields 'Errors-To' in emails sent" field...

CVE-2019-17576

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to instead of real recipients, for test purposes" field...

CVE-2019-17578

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails default value in php.ini: Undefined" field...

Lunary Email Injection Vulnerability

lunary is lunary open source a production toolkit for LLM . An email injection vulnerability exists in lunary, which allows an unauthenticated attacker to inject data into an outgoing email by bypassing the function using different space characters. No detailed vulnerability details are provided ...

Atlassian Jira Service Management 5.4.0 < 5.4.2 Critical Authentication Vulnerability

According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 5.3.0 prior to version 5.3.3, 5.4.0 prior to 5.4.2 or 5.5.0 prior to 5.3.3. It is, therefore, affected by a critical authentication vulnerability which allows a...

Atlassian Jira Service Management 5.5.0 < 5.3.3 Critical Authentication Vulnerability

According to its self-reported version number, the Atlassian Jira Service Management application running on the remote host is version 5.3.0 prior to version 5.3.3, 5.4.0 prior to 5.4.2 or 5.5.0 prior to 5.3.3. It is, therefore, affected by a critical authentication vulnerability which allows a...

An Authentication Vulnerability Discovered in Jira Service Management Server and Data Center

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A security vulnerability was found in Jira Service Management Server and Data Center versions 5.3.0 to 5.5.0 which allows an attacker to access a Jira Service Management instance by impersonating...

CVE-2023-22501

An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances. With write access to a User Directory and outgoing email enabled...

CVE-2023-22501

An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances. With write access to a User Directory and outgoing email enabled...

CVE-2023-22501

CVE-2023-22501 affects Jira Service Management Server and Data Center. It is an authentication vulnerability allowing impersonation to access signup tokens for users with never-logged-in accounts, if an attacker has write access to a User Directory and outgoing email enabled, and can access token...

GHSA-9P7Q-V9GP-FRQ4 Dolibarr Cross-site Scripting vulnerability

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails default value in php.ini: Undefined" field...

GHSA-RR5G-RC28-WXWJ Dolibarr Cross-site Scripting via outgoing email setup feature

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to instead of real recipients, for test purposes" field...

Dolibarr Cross-site Scripting via outgoing email setup feature

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to instead of real recipients, for test purposes" field...

Dolibarr Cross-site Scripting via outgoing email setup feature

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails fields 'Errors-To' in emails sent" field...