CVE-2026-35542

A flaw was found in Roundcube Webmail. A remote attacker could bypass the remote image blocking feature by sending a specially crafted email containing a malicious background attribute within a BODY element. This vulnerability may lead to unauthorized information disclosure or an access-control...

CVE-2026-1670 Honeywell CCTV Products Missing Authentication for Critical Function

The affected products are vulnerable to an unauthenticated API endpoint exposure, which may allow an attacker to remotely change the "forgot password" recovery email address...

EUVD-2009-1586

Malware in sbrugna...

EUVD-2006-7093

Malware in sbrugna...

EUVD-2024-2498

Malicious code in bioql PyPI...

The vulnerability of the Blitz Identity Provider software, related to deficiencies in the authentication process, allows a perpetrator to change the email address of a user’s account.

The vulnerability of the Blitz Identity Provider software is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to change the email address of a user’s account remotely...

SUSE CVE-2017-12375

The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail...

Wix Remote Email PoC 0day

Wix send remote email affects all pages created with wix.com, possible social engineering attack. Usage Info usage: exploit.py -h -u URL -t EMAILTO -f EMAILFROM -s SUBJECT -i SITEID -m MESSAGE This is private exploit. You can buy it at https://0day.today...

Dovecot IMAP 1.0.10 <= 1.1rc2 Remote Email Disclosure Exploit

Exploit for multiple platform in category remote exploits ============================================================= Dovecot IMAP 1.0.10 1.1rc3 Exploit Here's an exploit for the recent TAB vulnerability in Dovecot. It's nothing special since in the wild there are few to none targets because of...

DeluxeBB <= 1.09 Remote Admin Email Change Exploit

Exploit for unknown platform in category web applications ================================================== DeluxeBB unbufferedquery"UPDATE ".$prefix."users SET email='$xemail', msn='$xmsn', icq='$xicq', ... WHERE username='$membercookie'"; So, editing cookie "membercookie" you can change remote...

CVE-2007-2372

CVE-2007-2372 affects phpMyNewsletter 0.8 beta5 and earlier. The admin/send_mod.php path prints a Location header but does not exit when administrative credentials are missing, enabling remote attackers to craft an e-mail via a POST containing subject, message, format, and list_id, then send the ...

CVE-2002-1630

The sendmail.jsp sample page in Oracle 9i Application Server 9iAS allows remote attackers to send arbitrary emails...

CVE-2000-0082

WebTV email client allows remote attackers to force the client to send email without the user's knowledge via HTML...