Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/06/11 1:32 p.m.11 views

CVE-2026-8406 openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/11 1:32 p.m.9 views

EUVD-2026-36245

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/11 1:32 p.m.27 views

CVE-2026-8406 openSIS Classic 9.3 - Insecure Direct Object Reference in Sent Mail

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mailid value...

7.1CVSS0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 1:32 p.m.35 views

CVE-2026-8406

openSIS Classic 9.3 is affected by an insecure direct object reference in the messaging module. An authenticated user with access to messaging can request details of sent messages by supplying an arbitrary mail_id to modules/messaging/SentMail.php, exposing potentially sensitive information. No e...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/11 12:0 a.m.17 views

PT-2026-48668

openSIS Classic 9.3 contains an insecure direct object reference vulnerability in the messaging module. Any authenticated user with access to the messaging module can request sent-message details from modules/messaging/SentMail.php by supplying an arbitrary mail id value...

7.1CVSS5.6AI score0.00238EPSS
Exploits0References4
Hacker One
Hacker One
added 2021/09/09 2:0 p.m.168 views

curl: CVE-2021-22947: STARTTLS protocol injection via MITM

Summary: A man-in-the-middle can inject cleartext forged responses to future encrypted commands by pipelining them to the STARTTLS response. Steps To Reproduce: Use the attached test case within the curl test system. It is based on IMAP FETCH with explicit TLS. Upon test failure, the downloaded...

4.3CVSS7.7AI score0.02799EPSS
Exploits1
Rows per page
Query Builder