20 matches found
CVE-2026-30878
baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...
baserCMS has Mail Form Acceptance Bypass via Public API
Summary A public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. Details In baserCMS, mail form...
CVE-2026-30878
baserCMS is a website development framework. Prior to version 5.2.3, a public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables...
EUVD-2022-1618
Malicious code in bioql PyPI...
PT-2025-40540
Name of the Vulnerable Software and Affected Versions phpMyFAQ versions 4.0-nightly-2025-10-03 and below Description phpMyFAQ does not enforce uniqueness of email addresses during user registration, allowing multiple distinct accounts to be created with the same email. This can cause account...
Unsolicited Email Subscription (Spam Abuse)
Shopware is vulnerable to Unsolicited Email Subscription Spam Abuse. The vulnerability is due to insecure default double-opt-in settings due to the lack of confirmation requirements for newsletter sign-ups, allowing attackers to register arbitrary emails and trigger unsolicited emails without use...
Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam
Attackers are abusing normal features of legitimate web sites to transmit spam, such as the traditional method of verifying the creation of a new account. This web infrastructure and its associated email infrastructure is otherwise used for legitimate purposes, which makes blocking these messages...
CVE-2022-31184 Email activation route can be abused by spammers in Discourse
Discourse is the an open source discussion platform. In affected versions an email activation route can be abused to send mass spam emails. A fix has been included in the latest stable, beta and tests-passed versions of Discourse which rate limits emails. Users are advised to upgrade. Users unabl...
TYPO3 is vulnerable to Spam Abuse in the native form content element
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element. An attacker could abuse the form to send mails to arbitrary email addresses...
CVE-2010-3667
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element...
CVE-2010-3667
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element...
Design/Logic Flaw
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element...
CVE-2010-3667
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows Spam Abuse in the native form content element...
TYPO3 < 4.1.14, 4.2.x < 4.2.13, 4.3.x < 4.3.4, 4.4.0 Multiple Vulnerabilities (TYPO3-SA-2010-012)
TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...
th_mailformplus
A weakness in the form validation of thmailformplus has been discovered that may be abused to inject additional recipients in mail forms. Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension ...
TYPO3 Security Bulletin
Unless the default encryption key settings have been changed by the administrator, the TYPO3 mailform can be compromised to send mail to a wrong receipient. Thus, spam mails may be sent from a remote site. Component Type: Core Affected Component: mailforms Version: 3.7.0 and earlier Vulnerability...
MDaemon 5.0.5 authentication vulnerability
Hello, There is a security problem on MDaemon 5.0.5 maybe other versions affected as well regarding smtp authentication. Blank password authenticates any valid user: For primary domain: User: VALIDUSER or [email protected] Password: blank password For secondary domains: User:...
CVE-2000-0960
The vulnerability CVE-2000-0960 affects Netscape Messaging Server 4.15p1: the POP3 server exposes user enumeration by returning different error messages for incorrect usernames versus incorrect passwords, enabling an attacker to determine valid accounts and harvest email addresses. The connected ...
CVE-1999-0512
A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers...
PT-1999-1175 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A mail server issue allows abuse by spammers due to explicit configuration to permit SMTP mail relay. Recommendations: At the moment, there is no information about a newer version...