VIR Vulnerability Intelligence Relay

Package impact

php Packagist / s9y/serendipity

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-39971 unknown 2mo ago Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTP_HOST in Message-ID email header
CVE-2026-39963 unknown 2mo ago Serendipity has a Host Header Injection allows authentication cookie scoping to attacker-controlled domain in functions_config.inc.php