CVE-2026-43880 WWBN AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Allows Phishing from Site's Legitimate From Address

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/sendEmail.json.php exposes two branches depending on whether contactForm=1 is submitted. When the parameter is omitted, the endpoint sets $sendTo to an attacker-supplied email and, for unauthenticated...

EFS Easy File Sharing HTTP Server 缓冲区错误漏洞

EFS Easy File Sharing HTTP Server is a file sharing software package from EFS, Inc. A security vulnerability exists in EFS Easy File Sharing HTTP Server version 7.2 that originates from a buffer overflow in the /sendemail.ghp endpoint and could lead to the execution of arbitrary code...

PT-2023-18781 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The issue allows any authenticated user to send an email as the Splunk instance through the "sendemai...