CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

288 matches found

SmarterMail - Remote Code Execution

SmarterTools SmarterMail build 9511 contains an unauthenticated remote code execution caused by malicious OS command execution via ConnectToHub API method, letting remote attackers execute arbitrary commands, exploit requires no authentication. id: CVE-2026-24423 info: name: SmarterMail - Remote...

9.8CVSS9AI score0.83401EPSS

Exploits0References4

RedhatCVE•added 2 days ago•4 views

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000...

9.1CVSS5.5AI score0.00035EPSS

Exploits0References1

RedhatCVE•added 2026/05/10 8:20 p.m.•8 views

CVE-2026-7807

SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/type API endpoint that allows authenticated users to read arbitrary .json files on the system. Attackers can exploit this vulnerability combined with weak encryption algorithms...

8.8CVSS5.9AI score0.00014EPSS

Exploits0References1

EUVD•added 2026/05/08 9:31 p.m.•5 views

EUVD-2026-28826

8.7CVSS5.9AI score0.00014EPSS

Exploits0References3

NVD•added 2026/05/08 8:16 p.m.•7 views

CVE-2026-7807

8.8CVSS0.00014EPSS

Exploits0References2

Cvelist•added 2026/05/08 7:54 p.m.•30 views

CVE-2026-7807 SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API

8.7CVSS0.00014EPSS

Exploits0References2

CVE•added 2026/05/08 7:54 p.m.•10 views

CVE-2026-7807

SmarterTools SmarterMail

8.8CVSS5.9AI score0.00014EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/05/08 7:54 p.m.•4 views

CVE-2026-7807

8.7CVSS5.9AI score0.00014EPSS

Exploits0References3

Vulnrichment•added 2026/05/08 7:54 p.m.•7 views

CVE-2026-7807 SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API

8.7CVSS5.9AI score0.00014EPSS

Exploits0References2

CNNVD•added 2026/05/08 12:0 a.m.•6 views

SmarterTools SmarterMail 路径遍历漏洞

SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Previous versions of SmarterTools SmarterMail version 9560 contained a...

8.7CVSS5.8AI score0.00014EPSS

Exploits0References1

Positive Technologies•added 2026/05/08 12:0 a.m.•6 views

PT-2026-39193

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to 9560 Description An issue in the '/api/v1/report/summary/type' API endpoint allows authenticated users to perform local file inclusion, enabling the reading of arbitrary .json files on the system. Thi...

8.8CVSS5.9AI score0.00014EPSS

Exploits0References6

NVD•added 2026/04/27 3:16 p.m.•2 views

CVE-2026-40514

9.1CVSS0.00035EPSS

Exploits0References2

CVE•added 2026/04/27 2:21 p.m.•31 views

CVE-2026-40514

SmarterTools SmarterMail builds prior to 9610 are affected by a cryptographic weakness in file and email sharing endpoints. DES-CBC is used with keys and IVs derived from System.Random seeded with insufficient entropy, reducing the seed space to about 19,000 values. An unauthenticated attacker ca...

9.1CVSS5.5AI score0.00035EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/04/27 2:21 p.m.•1 views

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

8.2CVSS5.5AI score0.00035EPSS

Exploits0References2

ATTACKERKB•added 2026/04/27 2:21 p.m.•2 views

CVE-2026-40514

8.2CVSS5.5AI score0.00035EPSS

Exploits0References3

EUVD•added 2026/04/27 2:21 p.m.•4 views

EUVD-2026-25856

8.2CVSS5.5AI score0.00035EPSS

Exploits0References2

Cvelist•added 2026/04/27 2:21 p.m.•30 views

CVE-2026-40514 SmarterTools SmarterMail < Build 9610 Cryptographic Weakness via Weak RNG

8.2CVSS0.00035EPSS

Exploits0References2

Positive Technologies•added 2026/04/27 12:0 a.m.•3 views

PT-2026-35434

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to 9610 Description A cryptographic weakness exists in the file and email sharing endpoints. These endpoints utilize DES-CBC encryption with keys and initialization vectors derived from System.Random...

9.1CVSS5.5AI score0.00035EPSS

Exploits0References7

CNNVD•added 2026/04/27 12:0 a.m.•4 views

SmarterTools SmarterMail 安全特征问题漏洞

SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Prior versions of SmarterTools SmarterMail up to version 9610 had...

8.2CVSS5.9AI score0.00035EPSS

Exploits0References1

Packet Storm News•added 2026/02/23 12:0 a.m.•8 views

SmarterMail 100.0.9413 Vulnerability Scanner

This PHP class implements a non-intrusive vulnerability scanner designed to assess the exposure of a SmarterMail instance to a file upload–related security flaw without executing any commands or payloads. The scanner follows a safe, read-only validation approach that focuses on detecting improper...

10CVSS7.3AI score0.8966EPSS

Exploits15

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by