浏览 27+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-3090 | Post SMTP <= 3.8.0 - Unauthenticated Stored Cross-Site Scripting via 'event_type' | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2026-03-18 15:28:29 | Deep Dive |
| CVE-2026-2559 | Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 5.3 | 2026-03-18 15:28:28 | Deep Dive |
| CVE-2025-12887 | Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.1 - Missing Authorization to Authenticated (Subscriber+) OAuth Token Update | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 5.4 | 2025-12-03 12:29:54 | Deep Dive |
| CVE-2025-13516 | SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers <= 1.9.0 - Unauthenticated Arbitrary File Upload | brainstormforce | SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers | High | 8.1 | 2025-12-02 08:24:55 | Deep Dive |
| CVE-2025-11833 | Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App <= 3.6.0 - Missing Authorization to Account Takeover via Unauthenticated Email Log Disclosure | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Critical | 9.8 | 2025-11-01 03:34:36 | Deep Dive |
| CVE-2025-9219 | Post SMTP <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Option Update | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 4.3 | 2025-09-03 08:27:23 | Deep Dive |
| CVE-2024-11372 | Connexion Logs <= 3.0.2 - Admin+ SQL Injection | Unknown | Connexion Logs | - | - | 2025-05-15 20:06:50 | Deep Dive |
| CVE-2024-11373 | Connexion Logs <= 3.0.2 - Log Deletion via CSRF | Unknown | Connexion Logs | - | - | 2025-05-15 20:06:50 | Deep Dive |
| CVE-2024-13844 | Post SMTP <= 3.1.2 - Authenticated (Administrator+) SQL Injection via columns Parameter | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | Medium | 4.9 | 2025-03-08 05:30:08 | Deep Dive |
| CVE-2025-0916 | YaySMTP 2.4.9 - 2.6.2 - Unauthenticated Stored Cross-Site Scripting | yaycommerce | YaySMTP and Email Logs: Amazon SES, SendGrid, Outlook, Mailgun, Brevo, Google and Any SMTP Service | High | 7.2 | 2025-02-19 11:10:38 | Deep Dive |
| CVE-2025-0521 | Post SMTP <= 3.0.2 - Unauthenticated Stored Cross-Site Scripting | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2025-02-18 11:10:19 | Deep Dive |
| CVE-2025-22221 | VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22221) | VMware | VMware Aria Operations for Logs | Medium | 5.2 | 2025-01-30 15:30:12 | Deep Dive |
| CVE-2025-22220 | VMware Aria Operations for Logs broken access control vulnerability (CVE-2025-22220) | VMware | VMware Aria Operations for Logs | Medium | 4.3 | 2025-01-30 15:28:13 | Deep Dive |
| CVE-2025-22219 | VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22219) | VMware | VMware Aria Operations for Logs | Medium | 6.8 | 2025-01-30 15:26:16 | Deep Dive |
| CVE-2025-22218 | VMware Aria Operations for Logs information disclosure vulnerability | VMware | VMware Aria Operations for Logs | High | 8.5 | 2025-01-30 14:23:02 | Deep Dive |
| CVE-2024-4477 | WP Logs Book <= 1.0.1 - Unauthenticated Stored XSS | Unknown | WP Logs Book | 中危 | - | 2024-06-21 06:00:05 | Deep Dive |
| CVE-2024-4475 | WP Logs Book <= 1.0.1 - Log Clearing via CSRF | Unknown | WP Logs Book | 中危 | - | 2024-06-21 06:00:05 | Deep Dive |
| CVE-2024-4474 | WP Logs Book <= 1.0.1 - Disable Logging via CSRF | Unknown | WP Logs Book | 中危 | - | 2024-06-21 06:00:05 | Deep Dive |
| CVE-2024-5207 | POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.9.3 - Authenticated (Administrator+) SQL Injection | saadiqbal | Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App | High | 7.2 | 2024-05-30 05:33:15 | Deep Dive |
| CVE-2023-47530 | WordPress Redirect 404 Error Page to Homepage or Custom Page with Logs Plugin <= 1.8.7 is vulnerable to SQL Injection | WPVibes | Redirect 404 Error Page to Homepage or Custom Page with Logs | High | 7.6 | 2023-12-18 22:57:04 | Deep Dive |