CVE-2026-43880 WWBN AVideo: Unauthenticated Arbitrary Email Sending via sendEmail.json.php Allows Phishing from Site's Legitimate From Address

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/sendEmail.json.php exposes two branches depending on whether contactForm=1 is submitted. When the parameter is omitted, the endpoint sets $sendTo to an attacker-supplied email and, for unauthenticated...

WWBN AVideo 安全漏洞

WWBN AVideo is a video platform building system written in PHP, developed by the WWBN team. Versions of WWBN AVideo prior to version 29 contain security vulnerabilities. These vulnerabilities stem from the objects/sendEmail.json.php file, which allows unverified attackers to send arbitrary emails...

EFS Easy File Sharing HTTP Server 缓冲区错误漏洞

EFS Easy File Sharing HTTP Server is a file sharing software package from EFS, Inc. A security vulnerability exists in EFS Easy File Sharing HTTP Server version 7.2 that originates from a buffer overflow in the /sendemail.ghp endpoint and could lead to the execution of arbitrary code...

CVE-2024-9907

CVE-2024-9907 affects QileCMS up to version 1.1.3, specifically the Verification Code Handler’s sendEmail functionality in /qilecms/user/controller/Forget.php. The issue allows manipulation that results in weak password recovery. Attacks are described as remote, with high attack complexity and di...

QileCMS 授权问题漏洞

QileCMS is an open source community e-commerce system from QileCMS Open Source. An authorization issue vulnerability exists in QileCMS 1.1.3 and earlier versions, which stems from the sendEmail function in file /qilecms/user/controller/Forget.php can lead to weak password recovery...

KnowBand Security Breach

KnowBand is a plugin from KnowBand Inc. A security vulnerability exists in KnowBand spinwheel v.3.0.3 and earlier versions, which stems from the presence of a SQL injection vulnerability. The vulnerability can be exploited to elevate privileges and obtain sensitive information via the...

PT-2024-22408 · Knowband · Knowband Spinwheel

Name of the Vulnerable Software and Affected Versions: KnowBand spinwheel versions 3.0.3 and earlier Description: The issue allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail method. This is a SQL...

CVE-2024-28389

SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail method...

CVE-2023-39951 Instrumentation for AWS SDK v2 captures email content when using Amazon Simple Email Service (SES) v1 API, exposing that content to the telemetry backend

OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email...

CVE-2023-22938

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance...

CVE-2023-22938

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance...

CVE-2023-22938 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance...

CVE-2023-22938 Permissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk Enterprise

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘sendemail’ REST API endpoint lets any authenticated user send an email as the Splunk instance. The endpoint is now restricted to the ‘splunk-system-user’ account on the local instance...

PT-2023-18781 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 8.1.13 Splunk Enterprise versions prior to 8.2.10 Splunk Enterprise versions prior to 9.0.4 Description: The issue allows any authenticated user to send an email as the Splunk instance through the "sendemai...