Skip to main content

Mail

20 CVEs product

Monthly

CVE-2024-52509 MEDIUM PATCH This Month

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Mail
NVD GitHub
CVSS 3.1
5.7
EPSS
0.5%
CVE-2024-52508 HIGH PATCH This Week

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Mail
NVD GitHub
CVSS 3.1
8.1
EPSS
0.7%
CVE-2023-48307 CRITICAL PATCH Act Now

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
9.8
EPSS
0.9%
CVE-2023-45660 MEDIUM PATCH This Month

Nextcloud mail is an email app for the Nextcloud home server platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Denial Of Service Nextcloud Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
0.6%
CVE-2023-33184 MEDIUM PATCH This Month

Nextcloud Mail is a mail app in Nextcloud. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-25160 MEDIUM PATCH This Month

Nextcloud Mail is an email app for the Nextcloud home server platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Mail
NVD GitHub
CVSS 3.1
5.3
EPSS
0.5%
CVE-2023-23943 MEDIUM POC PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Nextcloud Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
0.9%
CVE-2023-23944 MEDIUM PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Mail
NVD GitHub
CVSS 3.1
6.5
EPSS
0.5%
CVE-2022-31119 MEDIUM PATCH This Month

Nextcloud Mail is an email application for the nextcloud personal cloud product. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Mail
NVD GitHub
CVSS 3.1
4.9
EPSS
0.6%
CVE-2022-31132 CRITICAL Act Now

Nextcloud Mail is an email application for the nextcloud personal cloud product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Nextcloud PHP Mail
NVD GitHub
CVSS 3.1
9.8
EPSS
0.6%
CVE-2021-39220 LOW PATCH Monitor

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Mail
NVD GitHub
CVSS 3.1
3.5
EPSS
0.8%
CVE-2021-32707 MEDIUM POC PATCH This Month

Nextcloud Mail is a mail app for Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%
CVE-2021-32652 MEDIUM POC This Month

Nextcloud Mail is a mail app for the Nextcloud platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Mail
NVD GitHub
CVSS 3.1
4.3
EPSS
1.1%
CVE-2020-8156 HIGH This Week

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nextcloud Information Disclosure Mail Fedora
NVD
CVSS 3.1
7.0
EPSS
0.9%
CVE-2019-17123 HIGH POC This Week

The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Mail
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2019-10735 MEDIUM POC This Month

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mail
NVD
CVSS 3.0
4.3
EPSS
0.6%
CVE-2017-15806 PHP HIGH POC PATCH THREAT Act Now

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 16.5%.

RCE Code Injection PHP Mail
NVD GitHub Exploit-DB
CVSS 3.0
8.1
EPSS
16.5%
CVE-2015-9097 Ruby MEDIUM POC PATCH This Month

The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Mail
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
CVE-2016-4879 PHP HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms Mail
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2016-4877 MEDIUM PATCH This Month

Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms Mail
NVD
CVSS 3.1
5.4
EPSS
0.2%
EPSS 1% CVSS 5.7
MEDIUM PATCH This Month

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass Nextcloud Mail
NVD GitHub
EPSS 1% CVSS 8.1
HIGH PATCH This Week

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Nextcloud Information Disclosure Mail
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

Nextcloud mail is an email app for the Nextcloud home server platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Denial Of Service Nextcloud +1
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Nextcloud Mail is a mail app in Nextcloud. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Nextcloud Mail
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Nextcloud Mail is an email app for the Nextcloud home server platform. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nextcloud Mail
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

SSRF Nextcloud Mail
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Nextcloud mail is an email app for the nextcloud home server platform. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Nextcloud Mail
NVD GitHub
EPSS 1% CVSS 4.9
MEDIUM PATCH This Month

Nextcloud Mail is an email application for the nextcloud personal cloud product. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Mail
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Nextcloud Mail is an email application for the nextcloud personal cloud product. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Nextcloud PHP +1
NVD GitHub
EPSS 1% CVSS 3.5
LOW PATCH Monitor

Nextcloud is an open-source, self-hosted productivity platform The Nextcloud Mail application prior to versions 1.10.4 and 1.11.0 does by default not render images in emails to not leak the read. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Nextcloud Information Disclosure Mail
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC PATCH This Month

Nextcloud Mail is a mail app for Nextcloud. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Nextcloud Information Disclosure Mail
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Nextcloud Mail is a mail app for the Nextcloud platform. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Nextcloud Authentication Bypass Mail
NVD GitHub
EPSS 1% CVSS 7.0
HIGH This Week

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Nextcloud Information Disclosure Mail +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

The eGain Web Email API 11+ allows spoofed messages because the fromName and message fields (to /system/ws/v11/ss/email) are mishandled, as demonstrated by fromName header injection with a %0a or %0d. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Mail
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Mail
NVD
EPSS 16% CVSS 8.1
HIGH POC PATCH THREAT Act Now

The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 16.5%.

RCE Code Injection PHP +1
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Mail
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

CSRF Basercms Mail
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Basercms Mail
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy