6.1CVSS
6.3AI Score
0.001EPSS
The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log...
5.3CVSS
5.5AI Score
0.001EPSS
The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber...
4.3CVSS
4.9AI Score
0.001EPSS
A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle...
7CVSS
7AI Score
0.001EPSS
ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege...
7.8CVSS
7.6AI Score
0.0004EPSS
The Edison Mail application through 1.7.1 for Android allows XSS via an event attribute and arbitrary file loading via a src attribute, if the application has the READ_EXTERNAL_STORAGE...
6.1CVSS
5.9AI Score
0.001EPSS
Multiple unspecified vulnerabilities in Autonomy KeyView IDOL before 10.16, as used in Symantec Mail Security for Microsoft Exchange before 6.5.8, Symantec Mail Security for Domino before 8.1.1, Symantec Messaging Gateway before 10.0.1, Symantec Data Loss Prevention (DLP) before 11.6.1, IBM Notes.....
7.8CVSS
8.1AI Score
0.004EPSS
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 1 of 2) in notes for...
6.1CVSS
6AI Score
0.001EPSS
IceWarp WebMail Server 12.2.0 and 12.1.x before 12.2.1.1 (and probably earlier versions) allows XSS (issue 2 of 2) in notes for...
5.4CVSS
5.2AI Score
0.001EPSS
The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d character. (Also, the message parameter can have initial HTML comment...
7.5CVSS
7.6AI Score
0.001EPSS
5.5CVSS
5.6AI Score
0.0005EPSS
Symantec Endpoint Protection Manager (SEPM) and Symantec Mail Security for MS Exchange (SMSMSE), prior to versions 14.2 RU2 and 7.5.x respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software...
7.8CVSS
7.9AI Score
0.001EPSS
The direct_mail (aka Direct Mail) extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user (with restricted permissions to the fe_users table) to view and export data of frontend users who are subscribed to a...
4.3CVSS
4.5AI Score
0.001EPSS
The mail-masta plugin 1.0 for WordPress has local file inclusion in count_of_send.php and...
7.5CVSS
7.5AI Score
0.011EPSS
6.1CVSS
6.4AI Score
0.001EPSS
An information disclosure vulnerability exists when Exchange allows creation of entities with Display Names having non-printable characters. An authenticated attacker could exploit this vulnerability by creating entities with invalid display names, which, when added to conversations, remain...
6.5CVSS
5.3AI Score
0.005EPSS
Open redirect vulnerability in Joruri Mail 2.1.4 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified...
6.1CVSS
6.2AI Score
0.001EPSS
Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to impersonate an arbitrary user and alter/disclose the information via unspecified...
5.4CVSS
6AI Score
0.001EPSS
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory...
7.5CVSS
7.3AI Score
0.111EPSS
A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail...
6.1CVSS
5.8AI Score
0.004EPSS
K-9 Mail v5.600 can include the original quoted HTML code of a specially crafted, benign looking, email within (digitally signed) reply messages. The quoted part can contain conditional statements that show completely different text if opened in a different email client. This can be abused by an...
4.3CVSS
4.7AI Score
0.001EPSS
In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS or ASCII newline characters. This modified multipart email can be re-sent by the attacker to the....
4.3CVSS
4.4AI Score
0.001EPSS
Ability Mail Server 4.2.6 has Persistent Cross Site Scripting (XSS) via the body e-mail body. To exploit the vulnerability, the victim must open an email with malicious Javascript inserted into the body of the email as an...
6.1CVSS
6AI Score
0.001EPSS
The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content....
5.3CVSS
5AI Score
0.001EPSS
6.1CVSS
6AI Score
0.002EPSS
An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka "Windows Mail Client Information Disclosure Vulnerability." This affects Mail, Calendar, and People in Windows 8.1 App...
6.5CVSS
5.9AI Score
0.019EPSS
Cross-site scripting (XSS) vulnerability for webdav/ticket/ URIs in IceWarp Mail Server 12.0.3 allows remote attackers to inject arbitrary web script or...
6.1CVSS
6.1AI Score
0.002EPSS
The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote attacker can use phishing or other social engineering techniques to access the management console with.....
8.8CVSS
8.6AI Score
0.001EPSS
The S/MIME specification allows a Cipher Block Chaining (CBC) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka...
5.9CVSS
5.6AI Score
0.005EPSS
The OpenPGP specification allows a Cipher Feedback Mode (CFB) malleability-gadget attack that can indirectly lead to plaintext exfiltration, aka EFAIL. NOTE: third parties report that this is a problem in applications that mishandle the Modification Detection Code (MDC) feature or accept an...
5.9CVSS
5.7AI Score
0.008EPSS
Multiple directory traversal vulnerabilities in IceWarp Mail Server before 11.2 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the file parameter to a webmail/client/skins/default/css/css.php page or .../. (dot dot dot slash dot) in the (2) script or (3) style parameter...
7.5CVSS
7.5AI Score
0.904EPSS
MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows remote attackers to execute arbitrary OS commands via unspecified...
9.8CVSS
9.7AI Score
0.005EPSS
Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version...
8.8CVSS
8.9AI Score
0.001EPSS
Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version...
9.8CVSS
9.6AI Score
0.005EPSS
6.1CVSS
6.4AI Score
0.002EPSS
7.8CVSS
8.2AI Score
0.0004EPSS
The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication...
7.5CVSS
7.5AI Score
0.003EPSS
Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body of an e-mail message, with JavaScript code executed on the Read Mail screen (aka the /_readmail URI). This is fixed in version...
6.1CVSS
5.9AI Score
0.001EPSS
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one...
8.1CVSS
8.1AI Score
0.146EPSS
Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 and earlier allows remote attackers to waste CPU resources (memory consumption) via unspecified vectors, possibly triggering an infinite...
5.3CVSS
5.3AI Score
0.021EPSS
Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax WebMail interface in AXIGEN Mail Server before 9.0 allows remote attackers to inject arbitrary web script or HTML via an email...
5.4CVSS
5.3AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp Mail Server 10.4.4 allows remote authenticated domain administrators to inject arbitrary web script or HTML via a crafted user...
4.8CVSS
4.6AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.002EPSS
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified...
8.8CVSS
8.8AI Score
0.002EPSS
Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified...
8.8CVSS
8.8AI Score
0.002EPSS
Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified...
5.4CVSS
5.2AI Score
0.001EPSS
Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination...
6.1CVSS
6.3AI Score
0.002EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm,...
6.1CVSS
6AI Score
0.001EPSS
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for...
5.5CVSS
5.1AI Score
0.004EPSS
The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection: Network (ATP); Symantec Email Security.Cloud; Symantec Data Center Security: Server; Symantec Endpoint Protection (SEP) for Windows before 12.1.6 MP5; Symantec Endpoint Protection (SEP) for...
5.5CVSS
5.1AI Score
0.006EPSS