Lucene search
K

54 matches found

RedhatCVE
RedhatCVE
added 2 days ago6 views

CVE-2026-53266

A flaw was found in the Linux kernel's netfilter bridge ebtables SNAT Source Network Address Translation module. This vulnerability allows a local attacker on a system configured with specific bridge netfilter rules to improperly modify underlying memory pages during an ARP Address Resolution...

8.8CVSS5.8AI score0.00129EPSS
Exploits0References4
NVD
NVD
added 6 days ago6 views

CVE-2026-53266

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...

8.8CVSS0.00129EPSS
Exploits0References8
OSV
OSV
added 6 days ago2 views

UBUNTU-CVE-2026-53266

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...

8.8CVSS5.7AI score0.00129EPSS
Exploits0References11
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-39217

In the Linux kernel, the following vulnerability has been resolved: netfilter: bridge: make ebtsnat ARP rewrite writable The ebtables SNAT target keeps the Ethernet source address rewrite behind skbensurewritableskb, 0. This is intentional: at the bridge ebtables hooks the Ethernet header is...

5.7AI score0.00129EPSS
Exploits0References8
CVE
CVE
added 2026/05/11 8:37 p.m.12 views

CVE-2026-43880

CVE-2026-43880 involves WWBN AVideo’s endpoint objects/sendEmail.json.php, where unauthenticated calls can send emails using the site’s SMTP and the site’s From/Reply-To identity. When contactForm is omitted, an attacker-supplied email becomes the recipient, while the message From/Reply-To uses t...

5.3CVSS5.9AI score0.00229EPSS
Exploits0References2
PyPA
PyPA
added 2026/04/24 8:16 p.m.14 views

PYSEC-2026-109

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

6.1CVSS5.9AI score0.00154EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/24 8:16 p.m.4 views

CVE-2026-41426

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

6.1CVSS0.00154EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/24 7:15 p.m.4 views

CVE-2026-41426 pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

6.1CVSS5.5AI score0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/02/20 7:22 a.m.24 views

CVE-2026-1043

The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4. This is due to insufficient input sanitization and output escaping on the pmaapikey and pmasenderaddress parameters. This makes it...

4.4CVSS5.7AI score0.00244EPSS
Exploits0References1
NVD
NVD
added 2026/02/19 7:17 a.m.6 views

CVE-2026-1043

The PostmarkApp Email Integrator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in versions up to, and including, 2.4. This is due to insufficient input sanitization and output escaping on the pmaapikey and pmasenderaddress parameters. This makes it...

4.4CVSS0.00244EPSS
Exploits0References5
OSV
OSV
added 2026/01/20 5:54 p.m.2 views

GHSA-54WQ-72MP-CQ7C Mailpit has an SMTP Header Injection via Regex Bypass

Vulnerability Report: SMTP Header Injection via Regex Bypass Vulnerable Code: mailpit/internal/smtpd/smtpd.go Executive Summary Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can injec...

5.3CVSS5.9AI score0.01441EPSS
Exploits4References5
RedhatCVE
RedhatCVE
added 2026/01/19 11:25 p.m.4 views

CVE-2026-23829

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

5.3CVSS5.8AI score0.01441EPSS
Exploits4References1
ATTACKERKB
ATTACKERKB
added 2026/01/18 11:23 p.m.4 views

CVE-2026-23829

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

5.3CVSS5.8AI score0.01441EPSS
Exploits4References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/18 12:0 a.m.6 views

PT-2026-3406

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.28 Description Mailpit, an email testing tool and API for developers, has a header injection issue in its SMTP server. This is due to a flawed regular expression used to validate RCPT TO and MAIL FROM addresses,...

5.3CVSS5.5AI score0.01441EPSS
Exploits4References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-51217

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00575EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-1726

Malicious code in bioql PyPI...

6.5CVSS8.2AI score0.00223EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2025/04/16 2:53 p.m.14 views

“I sent you an email from your email account,” sextortion scam claims

In a new version of the old “Hello pervert” emails, scammers are relying on classic email spoofing techniques to try and convince victims that they have lost control of their email account and computer systems. Email spoofing basically comes down to sending emails with a false sender address, a...

7.2AI score
Exploits0
SUSE CVE
SUSE CVE
added 2025/02/05 3:48 a.m.2 views

SUSE CVE-2025-0510

Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135...

5.5CVSS7.3AI score0.00223EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2025/02/04 2:15 p.m.3 views

CVE-2025-0510

Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135...

7.5CVSS7.3AI score0.07748EPSS
Exploits0References4
NVD
NVD
added 2025/02/04 2:15 p.m.17 views

CVE-2025-0510

Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability was fixed in Thunderbird 128.7 and Thunderbird 135...

6.5CVSS0.00223EPSS
Exploits0References3
Rows per page
Query Builder