Lucene search
+L

5692 matches found

Patchstack
Patchstack
added 2026/06/26 1:18 p.m.9 views

WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Gmail SMTP versions = 1.2.3.19...

4.3CVSS5.8AI score0.00098EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:1 p.m.5 views

CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.01325EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.16 views

PT-2026-52540

Name of the Vulnerable Software and Affected Versions Hydra versions prior to 9.7 commit 9cc84c2 Description A stack buffer overflow exists in the NTLM authentication process across the SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules. The issue occurs when the software...

8.8CVSS6.6AI score0.01325EPSS
Exploits2References6
NVD
NVD
added 2026/06/24 10:16 p.m.11 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/24 9:38 p.m.24 views

CVE-2026-49979 Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
OSV
OSV
added 2026/06/24 9:38 p.m.5 views

CVE-2026-49979 Appsmith: SSRF via `POST /api/v1/admin/send-test-email` — JavaMail Bypasses WebClient IP Filter

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS6AI score0.00341EPSS
Exploits3References3
CVE
CVE
added 2026/06/24 9:38 p.m.30 views

CVE-2026-49979

Appsmith prior to version 1.99 exposes a vulnerability in the POST /api/v1/admin/send-test-email endpoint. An attacker can supply smtpHost and smtpPort values to establish a raw JavaMail TCP connection, bypassing WebClientUtils.IP_CHECK_FILTER (which only applies to Spring WebClient HTTP requests...

5.1CVSS5.9AI score0.00218EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/24 12:0 a.m.13 views

PT-2026-52131

Name of the Vulnerable Software and Affected Versions Appsmith versions prior to 1.99 Description The 'POST /api/v1/admin/send-test-email' endpoint allows the use of attacker-controlled smtpHost and smtpPort values to establish a raw JavaMail TCP connection. This process bypasses the...

5.1CVSS5.8AI score0.00218EPSS
Exploits1References6
The Hacker News
The Hacker News
added 2026/06/20 9:56 a.m.18 views

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

Threat actors are exploiting a recently patched security flaw impacting Gravity SMTP, a WordPress plugin that's installed on about 100,000 sites. The vulnerability, tracked as CVE-2026-4020 CVSS score: 5.3, is a medium-severity information disclosure flaw that can allow unauthenticated attackers ...

7.5CVSS5.9AI score0.39704EPSS
Exploits2
OSV
OSV
added 2026/06/18 3:3 p.m.10 views

ROOT-APP-MAVEN-CVE-2025-7962 CVE-2025-7962 in io.root.org.eclipse.angus:smtp - Patched by Root

Root has patched CVE-2025-7962 in the io.root.org.eclipse.angus:smtp package for Root:Maven. Multiple fixed versions available...

7.5CVSS5.8AI score0.00756EPSS
Exploits0
OSV
OSV
added 2026/06/16 12:37 p.m.7 views

BIT-DISCOURSE-2026-44784 Discourse: Non-staff group owners can see email password in plaintext through group history

Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext via the group history...

6.5CVSS5.4AI score0.00231EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/06/15 10:9 p.m.81 views

Exploit for CVE-2026-54596

CVE-2026-54596 - Authenticated SQL Injection via recurringinv...

6.1AI score
Exploits0
NVD
NVD
added 2026/06/15 9:17 p.m.8 views

CVE-2026-48838

Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...

7.1CVSS0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.27 views

CVE-2026-48838 WordPress Post SMTP plugin <= 3.6.2 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...

7.1CVSS0.00237EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.7 views

EUVD-2026-36845

Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...

7.1CVSS5.1AI score0.00237EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.25 views

CVE-2026-48838

CVE-2026-48838 covers an unauthenticated Cross Site Scripting (XSS) vulnerability in the WordPress Post SMTP plugin, versions

7.1CVSS5.1AI score0.00237EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49475

Unauthenticated Cross Site Scripting XSS in Post SMTP = 3.6.2 versions...

7.1CVSS5.1AI score0.00237EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.11 views

openSUSE 16 Security Update : python-Django (openSUSE-SU-2026:20937-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20937-1 advisory. Changes in python-Django: - CVE-2026-6873: Signed cookie salt namespace collision bsc1267578 - CVE-2026-7666: Potential unencrypted email...

5.3CVSS5.4AI score0.00359EPSS
Exploits0References15
CVE
CVE
added 2026/06/12 8:23 p.m.28 views

CVE-2026-44784

Discourse has a vulnerability where non-staff group owners can access a group’s outgoing SMTP credentials in plaintext via the group history log (/groups/:name/logs.json). Affected fields include email_password, email_username, smtp_server, smtp_port, and smtp_ssl_mode, with SMTP password being t...

6.5CVSS5.3AI score0.00231EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/12 8:23 p.m.5 views

CVE-2026-44784 Discourse: Non-staff group owners can see email password in plaintext through group history

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.4, 2026.3.0-latest to before 2026.3.1, and 2026.4.0-latest to before 2026.4.1, group owners who are not necessarily admins or moderators can view a group's outgoing email/SMTP credentials in plaintext...

6.5CVSS5.9AI score0.00231EPSS
Exploits0References3
Rows per page
Query Builder