Lucene search
K

6 matches found

NVD
NVD
added 2026/06/12 9:16 p.m.10 views

CVE-2026-44780

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, ReviewableQueuedPostSerializer unconditionally included payload"rawemail" for posts that arrived via incoming email...

4.3CVSS0.00189EPSS
Exploits0References1
CVE
CVE
added 2026/06/12 8:22 p.m.17 views

CVE-2026-44780

Summary of CVE-2026-44780 (Discourse) : The flaw arises in the ReviewableQueuedPostSerializer where, for posts arriving via incoming email, payload["raw_email"] was unconditionally included. This allowed category moderation group members in the review queue to access the full inbound email conten...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.16 views

PT-2026-48978

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description The ReviewableQueuedPostSerializer unconditionally includes the raw email payload for posts received via incoming email. This allo...

4.3CVSS5.2AI score0.00189EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/02/17 10:56 p.m.8 views

OpenClaw Google Chat spoofing access with allowlist authorized mutable email principal despite sender-ID mismatch

Summary Google Chat allowlisting supports matching by sender email in addition to immutable sender resource name users/. This weakens identity binding if a deployment assumes allowlists are strictly keyed by immutable principals. Affected Packages / Versions As of 2026-02-14; based on latest...

5.6AI score
Exploits0References5Affected Software2
OSV
OSV
added 2018/10/24 10:29 p.m.6 views

CVE-2018-18621

CommuniGate Pro 6.2 allows stored XSS via a message body in Pronto! Mail Composer, which is mishandled in /MIME/INBOX-MM-1/ if the raw email link in .txt format is modified and then renamed with a .html or .wssp extension...

6.1CVSS5.8AI score0.01058EPSS
Exploits1References2
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

SqWebMail 4.0.4 .20040524 Email Header HTML Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10588/info SqWebMail is reported to be prone to an email header HTML injection vulnerability. This issue presents itself due to a failure of the application to properly sanitize user-supplied email header strings. The...

7.1AI score
Exploits0
Rows per page
Query Builder