Lucene search
K

178 matches found

EUVD
EUVD
added 5 days ago10 views

EUVD-2026-42862

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS6.1AI score0.00319EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago37 views

CVE-2026-12918 Mail Mint <= 1.24.1 - Authenticated (Administrator+) SQL Injection via 'recipients' Parameter

The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...

4.9CVSS0.00319EPSS
Exploits0References6
CVE
CVE
added 5 days ago13 views

CVE-2026-12918

Summary of CVE-2026-12918 (Mail Mint WordPress plugin) : The plugin (versions up to and including 1.24.1) is vulnerable to a general SQL Injection via the recipients parameter due to insufficient escaping and unsafe query construction. This is a second-order injection: an attacker with authentica...

4.9CVSS6.1AI score0.00319EPSS
Exploits0References6
OSV
OSV
added 2026/06/26 7:32 p.m.4 views

CVE-2026-44735 OpenProject: Shares API Information Disclosure

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the GET /api/v3/shares endpoint returns share details for ALL work packages in a project to any user with the viewsharedworkpackages permission. The authorization check operates at the project level onl...

6.5CVSS5.9AI score0.0027EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.12 views

CVE-2026-34600

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

5.7CVSS5.4AI score0.00267EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/05/27 8:46 p.m.14 views

Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address

Description Symfony Mailer selects a transport via the MAILERDSN environment variable / configuration e.g. smtp://..., sendmail://..., native://default. SendmailTransport invokes the local sendmail binary and supports two modes: -bs speak SMTP over stdin: the default and -t read the message on...

8.7CVSS5.8AI score0.00062EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2026/05/27 8:46 p.m.14 views

GHSA-XX3C-QF5G-HC39 Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address

Description Symfony Mailer selects a transport via the MAILERDSN environment variable / configuration e.g. smtp://..., sendmail://..., native://default. SendmailTransport invokes the local sendmail binary and supports two modes: -bs speak SMTP over stdin: the default and -t read the message on...

8.6CVSS5.8AI score0.00062EPSS
Exploits0References6
NVD
NVD
added 2026/05/19 11:16 p.m.14 views

CVE-2026-34600

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

5.7CVSS0.00267EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/19 10:28 p.m.11 views

CVE-2026-34600

Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.5.2 and prior contain a logic error in the delta API that allows share recipients to download notes that are no longer shared with them, related to but not fully fixed by the prior...

5.7CVSS5.8AI score0.00267EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/11 8:37 p.m.13 views

CVE-2026-43880

CVE-2026-43880 involves WWBN AVideo’s endpoint objects/sendEmail.json.php, where unauthenticated calls can send emails using the site’s SMTP and the site’s From/Reply-To identity. When contactForm is omitted, an attacker-supplied email becomes the recipient, while the message From/Reply-To uses t...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/11 7:41 p.m.1 views

cpython: email header injection due to unquoted newlines

A flaw was found in the email module in the Python standard library. When serializing an email message, the BytesGenerator class fails to properly quote newline characters for email headers. This issue is exploitable when the LiteralHeader class is used as it does not respect email folding rules,...

6CVSS6.9AI score0.0056EPSS
Exploits0References9
NVD
NVD
added 2026/04/10 5:17 p.m.10 views

CVE-2026-35664

OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization...

6.9CVSS0.00276EPSS
Exploits0References3
EUVD
EUVD
added 2026/04/10 4:3 p.m.4 views

EUVD-2026-21474

OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.4 views

CVE-2026-35664 OpenClaw < 2026.3.25 - DM Pairing Bypass via Legacy Card Callbacks

OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:3 p.m.2 views

CVE-2026-35664

OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References4
CVE
CVE
added 2026/04/10 4:3 p.m.14 views

CVE-2026-35664

CVE-2026-35664 affects OpenClaw prior to version 2026.3.25. The vulnerability is an authentication bypass in the raw card send surface, enabling unpaired recipients to mint legacy callback payloads. Attackers can issue raw card commands to bypass DM pairing restrictions and access callback handli...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.5 views

PT-2026-31975

OpenClaw before 2026.3.25 contains an authentication bypass vulnerability in raw card send surface that allows unpaired recipients to mint legacy callback payloads. Attackers can send raw card commands to bypass DM pairing restrictions and reach callback handling without proper authorization...

6.9CVSS5.8AI score0.00276EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/04/10 12:0 a.m.6 views

PT-2026-31981

OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered...

6CVSS5.8AI score0.00236EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/13 9:31 p.m.7 views

EUVD-2026-11749

wpDiscuz before 7.6.47 contains an email header injection vulnerability that allows attackers to manipulate mail recipients by injecting malicious data into the commentauthoremail cookie. Attackers can craft a malicious cookie value that, when processed through urldecode and passed to wpmail...

6.3CVSS5.8AI score0.00221EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/13 12:0 a.m.8 views

WordPress plugin wpDiscuz 输入验证错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. A...

6.3CVSS5.8AI score0.00221EPSS
Exploits0References3
Rows per page
Query Builder