Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

9 matches found

OSSF Malicious Packages
OSSF Malicious Packagesadded 2025/08/14 6:52 p.m.3 views

Malicious code in pmg (npm)

The package pmg was found to contain malicious code...

7AI score
Exploits0
OSV
OSVadded 2025/08/14 6:52 p.m.2 views

MAL-2025-29444 Malicious code in pmg (npm)

The package pmg was found to contain malicious code...

7.2AI score
Exploits0
Openbugbounty
Openbugbountyadded 2023/03/16 7:7 p.m.10 views

pmg-goa.com Cross Site Scripting vulnerability OBB-3224278

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Prion
Prionadded 2022/12/04 7:15 p.m.15 views

Crlf injection

A response-header CRLF injection vulnerability in the Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers...

5.8CVSS6.8AI score0.38391EPSS
Exploits1References2Affected Software1
Prion
Prionadded 2022/12/04 7:15 p.m.14 views

Server side request forgery (ssrf)

Proxmox Virtual Environment PVE and Proxmox Mail Gateway PMG are vulnerable to SSRF when proxying HTTP requests between pvepmgproxy and pvepmgdaemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox...

7.5CVSS9.2AI score0.00688EPSS
Exploits1References4Affected Software1
CVE
CVEadded 2022/12/04 12:0 a.m.84 views

CVE-2022-35507

Proxmox VE/PMG web interfaces are affected by a response-header CRLF injection in pve-http-server. An attacker can cause a client-side DoS by injecting CRLF into response headers to set cookies longer than the server expects, notably affecting Chromium-based browsers using %0d. Affected versions ...

7.1CVSS6.8AI score0.38391EPSS
Exploits1References2Affected Software3
CVE
CVEadded 2022/12/04 12:0 a.m.98 views

CVE-2022-35508

Proxmox CVE-2022-35508 enables SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon, exploitable by an unprivileged user to disclose server files. In Proxmox Mail Gateway, there is also a privilege escalation route to root@pam if backup artifacts were used, because pmg-backup...

9.8CVSS9.2AI score0.00688EPSS
Exploits1References4Affected Software3
Openbugbounty
Openbugbountyadded 2020/09/22 2:49 p.m.5 views

exam.pmg.co.kr Cross Site Scripting vulnerability OBB-1356272

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Openbugbounty
Openbugbountyadded 2020/09/21 9:9 a.m.5 views

exam.pmg.co.kr Cross Site Scripting vulnerability OBB-1351557

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Rows per page
Query Builder