EUVD-2025-22077

Malicious code in bioql PyPI...

SOGo Webmail 安全漏洞

SOGo Webmail is a SOGo open source webmail and collaboration system. A security vulnerability exists in SOGo Webmail 5.6.0 and earlier versions, which stems from an insecure direct object reference that could lead to an authenticated user impersonating another user to send mail...

MB CONNECT LINE mbNET.mini resource management error vulnerability (CNVD-2025-21146)

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. A resource management error vulnerability exists in MB CONNECT LINE mbNET.mini that originates from exhausting critical...

CVE-2025-41677

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession...

CVE-2025-41677

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession...

CVE-2025-41677

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession...

CVE-2025-41677

CVE-2025-41677 describes a resource exhaustion vulnerability in MB CONNECT LINE mbNET.mini (and related Helmholz/mbNET.mini variants) where an attacker with high privileges can remotely exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in rapi...

CVE-2025-41677 Resource Exhaustion via POST Requests to send-mail Action

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession...

CVE-2025-41677 Resource Exhaustion via POST Requests to send-mail Action

A high privileged remote attacker can exhaust critical system resources by sending specifically crafted POST requests to the send-mail action in fast succession...

MB Connect Line mbNET.mini 资源管理错误漏洞

The mbNET.mini from MB CONNECT LINE is an industrial router designed for industrial scenarios and is primarily used to enable secure remote connections to machines and systems. A resource management error vulnerability exists in MB CONNECT LINE mbNET.mini that originates from exhausting critical...

CVE-2024-40464

An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file...

Umbraco Forms 安全漏洞

Umbraco Forms is a form builder from Umbraco. A security vulnerability exists in Umbraco Forms versions 7.x through 13.4.2 and prior to 15.1.2, which stems from a Send Mail workflow that does not HTML-encode user-supplied field values, which could lead to a bypass of spam and email client securit...

PT-2024-39400 · WordPress · Wp Helper Premium

Name of the Vulnerable Software and Affected Versions: WP Helper Premium plugin for WordPress versions up to, and including, 4.6.1 Description: The issue is related to a missing capability check on the whp smtp send mail test function, allowing unauthenticated attackers to send emails with any...

WP Mail Log < 1.1.3 – Incorrect Authorization in REST API Endpoints

Description The plugin does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. The following actions may be taken by a Contributor user: --- /wmllogs - Information leak Execute the followi...

SUSE CVE-2005-3883

CRLF injection vulnerability in the mbsendmail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds LF in the "To" address argument...

WordPress plugin Coming soon and Maintenance mode 安全漏洞

WordPress is the WordPress Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports setting up personal blogging sites on servers with PHP and MySQL. The vulnerability is caused by the plugin's unauthorized and CSRF-checked in its comingsoonsendma...

CVE-2021-44839

An issue was discovered in Delta RM 1.2. It is possible to request a new password for any other account using the account ID. Using the /listes/DTsendmaildata/admutilisateur/send-mail.json endpoint, a user can send a JSON array with user IDs that will have their passwords reset and new ones sent ...

SSRFmap - Automatic SSRF Fuzzer And Exploitation Tool

SSRF are often used to leverage actions on other services, this framework aims to find and exploit these services easily. SSRFmap takes a Burp request file as input and a parameter to fuzz. Server Side Request Forgery or SSRF is a vulnerability in which an attacker forces a server to perform...

Hardcoded credentials

Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration...

CVE-2018-0680

Denbun by NEOJAPAN Inc. Denbun POP version V3.3P R4.0 and earlier, Denbun IMAP version V3.3I R4.0 and earlier uses hard-coded credentials, which may allow remote attackers to read/send mail or change the configuration...