This page aggregates publicly disclosed CVE and security risk information related to kmail, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2006-7062 | calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows remote attackers to obtain the full path of the server via an invalid d parameter, which leaks the path in an error message. | [email protected] | 7.8 | 0.40% | 2007-02-24 | 2026-04-23 |
| CVE-2006-2104 | Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email System (kmail) 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) d parameter to main.php, ordner parameter to (2) main.php, or (3) webdisk.php, (4) draft parameter to compose.php, or (5) m, or (6) y parameter to calendar.php. | [email protected] | 6.8 | 2.03% | 2006-04-29 | 2026-04-16 |
| CVE-2005-0404 | KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email. | [email protected] | 5.0 | 5.40% | 2005-05-02 | 2026-04-16 |