20 matches found
The Deliverability Problem: How New Platforms Are Solving Inbox Placement
Email still reaches more people than any other digital channel. Getting it to actually land in the inbox…...
CVE-2026-33654
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...
CVE-2026-33654
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...
CVE-2026-33654
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...
CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...
EUVD-2026-16777
nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...
nanobot 安全漏洞
Nanobot is a lightweight personal AI assistant open-source by Data Intelligence Lab@HKU. Versions of Nanobot prior to 0.1.6 contained a security vulnerability. This vulnerability stemmed from an indirect prompt injection issue in the email channel processing module, which could allow remote...
PT-2026-28507
Name of the Vulnerable Software and Affected Versions nanobot versions prior to 0.1.6 Description An indirect prompt injection exists in the email channel processing module nanobot/channels/email.py. This allows a remote, unauthenticated attacker to execute arbitrary Large Language Model LLM...
GHSA-4CM8-XPFV-JV6F ZeptoClaw: Email Sender Spoofing to bypass Header-Only From Allowlist Validation
Summary The email channel authorizes senders based on the parsed From header identity only. If upstream email authentication/enforcement is weak for example, relaxed SPF/DKIM/DMARC handling, an attacker can spoof an allowlisted sender address and have the message treated as trusted input. Details...
ZeptoClaw: Email Sender Spoofing to bypass Header-Only From Allowlist Validation
Summary The email channel authorizes senders based on the parsed From header identity only. If upstream email authentication/enforcement is weak for example, relaxed SPF/DKIM/DMARC handling, an attacker can spoof an allowlisted sender address and have the message treated as trusted input. Details...
CVE-2025-67823
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting XSS attack due to insufficient input validation. A successful exploit requires user...
EUVD-2025-206292
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting XSS attack due to insufficient input validation. A successful exploit requires user...
CVE-2025-67823
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting XSS attack due to insufficient input validation. A successful exploit requires user...
CVE-2025-67823
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting XSS attack due to insufficient input validation. A successful exploit requires user...
CVE-2025-67823
CVE-2025-67823 affects Mitel MiContact Center Business up to version 10.2.0.10 and Mitel CX up to 1.1.0.1. The vulnerability is in the Multimedia Email component and stems from insufficient input validation, enabling an unauthenticated attacker to perform a Cross-Site Scripting (XSS) attack. A su...
CVE-2025-67823
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting XSS attack due to insufficient input validation. A successful exploit requires user...
PT-2026-3136
Name of the Vulnerable Software and Affected Versions Mitel MiContact Center Business versions through 10.2.0.10 Mitel CX versions through 1.1.0.1 Description A flaw exists in the Multimedia Email component that could allow an unauthenticated attacker to perform a Cross-Site Scripting XSS attack...
CVE-2025-67823
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting XSS attack due to insufficient input validation. A successful exploit requires user...
CVE-2025-67823
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0.10 and Mitel CX through 1.1.0.1 could allow an unauthenticated attacker to conduct a Cross-Site Scripting XSS attack due to insufficient input validation. A successful exploit requires user...
Creating tickets via mail adds recipient address to watchers, without necessary permissions
h3. Issue Summary This is reproducible on Data Center: yes h3. Steps to Reproduce create an email channel for Jira with the email address of a user without license in Jira the user should exist in Jira and not have application access configure the mail puller to create tickets for the email sende...