6 matches found
CVE-2026-44780
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload"rawemail" for posts that arrived via incoming email...
CVE-2026-44780
Summary of CVE-2026-44780 (Discourse) : The flaw arises in the ReviewableQueuedPostSerializer where, for posts arriving via incoming email, payload["raw_email"] was unconditionally included. This allowed category moderation group members in the review queue to access the full inbound email conten...
PT-2026-48978
Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The ReviewableQueuedPostSerializer unconditionally includes the raw email payload for posts received via incoming email. This allo...
OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch
Summary Google Chat allowlisting supports matching by sender email in addition to immutable sender resource name users/. This weakens identity binding if a deployment assumes allowlists are strictly keyed by immutable principals. Affected Packages / Versions As of 2026-02-14; based on latest...
CVE-2018-18621
CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link in .txt format is modified and then renamed with a .html or .wssp extension...
SqWebMail 4.0.4 .20040524 Email Header HTML Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10588/info SqWebMail is reported to be prone to an email header HTML injection vulnerability. This issue presents itself due to a failure of the application to properly sanitize user-supplied email header strings. The...