Lucene search
K

20 matches found

RedhatCVE
RedhatCVE
added 2026/04/01 5:0 a.m.4 views

CVE-2026-30878

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...

5.3CVSS5.8AI score0.00382EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/03/31 10:36 p.m.7 views

baserCMS has Mail Form Acceptance Bypass via Public API

Summary A public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. Details In baserCMS, mail form...

5.3CVSS5.8AI score0.00382EPSS
Exploits1References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/31 12:45 a.m.3 views

CVE-2026-30878

baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...

5.3CVSS5.8AI score0.00382EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2022-1618

Malicious code in bioql PyPI...

5.3CVSS5.5AI score0.0115EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.9 views

PT-2025-40540

Name of the Vulnerable Software and Affected Versions phpMyFAQ versions 4.0-nightly-2025-10-03 and below Description phpMyFAQ does not enforce uniqueness of email addresses during user registration, allowing multiple distinct accounts to be created with the same email. This can cause account...

9.8CVSS7.4AI score0.00388EPSS
Exploits1References11
Veracode
Veracode
added 2025/04/18 4:40 p.m.6 views

Unsolicited Email Subscription (Spam Abuse)

Shopware is vulnerable to Unsolicited Email Subscription Spam Abuse. The vulnerability is due to insecure default double-opt-in settings due to the lack of confirmation requirements for newsletter sign-ups, allowing attackers to register arbitrary emails and trigger unsolicited emails without use...

6.9CVSS6.9AI score0.0027EPSS
Exploits0References3Affected Software2
Talos Blog
Talos Blog
added 2024/09/26 1:0 p.m.26 views

Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam

Attackers are abusing normal features of legitimate web sites to transmit spam, such as the traditional method of verifying the creation of a new account. This web infrastructure and its associated email infrastructure is otherwise used for legitimate purposes, which makes blocking these messages...

7.4AI score
Exploits0
Vulnrichment
Vulnrichment
added 2022/08/01 7:40 p.m.6 views

CVE-2022-31184 Email activation route can be abused by spammers in Discourse

Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unabl...

6.5CVSS6.6AI score0.0056EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/04/21 1:57 a.m.20 views

TYPO3 is vulnerable to Spam Abuse in the native form content element

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. An attacker could abuse the form to send mails to arbitrary email addresses...

5.3CVSS7.1AI score0.0115EPSS
Exploits0References9Affected Software1
NVD
NVD
added 2019/11/04 10:15 p.m.21 views

CVE-2010-3667

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element...

5.3CVSS5.2AI score0.0115EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2019/11/04 10:15 p.m.22 views

CVE-2010-3667

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element...

5.3CVSS6.1AI score0.0115EPSS
Exploits0References1
Prion
Prion
added 2019/11/04 10:15 p.m.14 views

Design/Logic Flaw

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element...

5CVSS7AI score0.0115EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2019/11/04 9:58 p.m.22 views

CVE-2010-3667

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element...

6AI score0.0115EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2017/11/08 12:0 a.m.19 views

TYPO3 < 4.1.14, 4.2.x < 4.2.13, 4.3.x < 4.3.4, 4.4.0 Multiple Vulnerabilities (TYPO3-SA-2010-012)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

9.4CVSS6.2AI score0.02395EPSS
Exploits0References2
Typo3
Typo3
added 2005/11/07 12:0 a.m.20 views

th_mailformplus

A weakness in the form validation of thmailformplus has been discovered that may be abused to inject additional recipients in mail forms. Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension ...

7AI score
Exploits0Affected Software1
Typo3
Typo3
added 2005/03/07 12:0 a.m.41 views

TYPO3 Security Bulletin

Unless the default encryption key settings have been changed by the administrator, the TYPO3 mailform can be compromised to send mail to a wrong receipient. Thus, spam mails may be sent from a remote site. Component Type: Core Affected Component: mailforms Version: 3.7.0 and earlier Vulnerability...

6.8AI score
Exploits0Affected Software1
securityvulns
securityvulns
added 2003/08/10 12:0 a.m.30 views

MDaemon 5.0.5 authentication vulnerability

Hello, There is a security problem on MDaemon 5.0.5 maybe other versions affected as well regarding smtp authentication. Blank password authenticates any valid user: For primary domain: User: VALIDUSER or [email protected] Password: blank password For secondary domains: User:...

7.5AI score
Exploits0
CVE
CVE
added 2001/01/22 5:0 a.m.48 views

CVE-2000-0960

The vulnerability CVE-2000-0960 affects Netscape Messaging Server 4.15p1: the POP3 server exposes user enumeration by returning different error messages for incorrect usernames versus incorrect passwords, enabling an attacker to determine valid accounts and harvest email addresses. The connected ...

5CVSS6.6AI score0.01697EPSS
Exploits1References3Affected Software1
NVD
NVD
added 1999/01/01 5:0 a.m.28 views

CVE-1999-0512

A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers...

10CVSS6.4AI score0.12359EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 1999/01/01 12:0 a.m.4 views

PT-1999-1175 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A mail server issue allows abuse by spammers due to explicit configuration to permit SMTP mail relay. Recommendations: At the moment, there is no information about a newer version...

10CVSS4.3AI score0.12359EPSS
Exploits0References2
Rows per page
Query Builder