These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-29964 is a reflected cross-site scripting vulnerability in HSC MailInspector v5.3.3-7. According to the NVD record and linked advisory material, the /tap/tap.php endpoint reflects user-controlled input without adequate output encoding, including cases involving alternate or obfuscated JavaScript syntax. Because the flaw requires a victim to interact with a crafted request or response, the immedia [truncated]
CVE-2026-29963 is a remotely exploitable path traversal issue in HSC MailInspector 5.3.3-7. According to the NVD record, improper validation of user-supplied input in the /tap/dw.php endpoint can allow the text parameter to be used in unsafe file path construction, which may expose arbitrary files on the underlying operating system. The primary impact is unauthorized disclosure of sensitive information, a [truncated]
CVE-2026-29962 is a high-severity local file inclusion/path traversal flaw affecting HSC MailInspector v5.3.3-7. According to the NVD record and referenced advisory material, the endpoint /vendor/phpunit/phpunit.php accepts user-controlled input that can influence file access without sufficient validation or path restriction. The practical impact is unauthorized read access to arbitrary files on the host, [truncated]