318 matches found
EUVD-2023-56042
Malicious code in bioql PyPI...
EUVD-2023-56060
Malicious code in bioql PyPI...
EUVD-2022-1183
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-39052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An external attacker is able to send a specially crafted email with many recipients and trigger a potential DoS of the system CVE-2022-39052 Note that Nessus...
CVE-2025-27157
Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...
CVE-2025-27157 Mastodon's rate-limits are missing on `/auth/setup`
Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...
CVE-2025-27157 Mastodon's rate-limits are missing on `/auth/setup`
Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...
CVE-2023-51326
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2023-51327
A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...
CVE-2024-25507
RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the emailattachid parameter at /LHMail/AttachDown.aspx...
UBUNTU-CVE-2018-17883
An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...
SUSE CVE-2006-0040
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service CPU and memory consumption via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml...
CVE-2022-41273
Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. In order to perform this attack, the attacker sends an email to the victim with a manipulated link that appears to be a legitimate SAP...
OTRS 安全漏洞
OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS version 8.0.x, version 7.0.x. An attacker exploits the vulnerability to send specially crafted emails with numerous recipients and trigger a denial of service attack...
Voicemail Scam Steals Microsoft Credentials
Attackers are using an oft-used and still effective lure to steal credentials to key Microsoft apps by sending emails notifying potential victims that they have a voicemail message, researchers have found. A team from Zscaler ThreatLabZ has been monitoring a campaign since May that targets key...
WordPress Coming soon and Maintenance mode跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Coming soon and Maintenance mode has a cross-site request forgery vulnerability, the vulnerability originates from the plugi...
Denial Of Service (DoS)
Debian is vulnerable to denial of service. The vulnerability exists due to the high CPU usage which allows an attacker to crash the application in a malicious URL via an email...
CVE-2021-21441
CVE-2021-21441 is a Cross‑Site Scripting (XSS) vulnerability in OTRS where the ticket overview screen can leak information when an e‑mail is shown. Exploitation can be performed by sending a specially crafted e‑mail to the system and does not require user interaction. Affected products/versions i...
Microsoft Announces New Campaign from NOBELIUM
The Microsoft Threat Intelligence Center MSTIC has released information on the uncovering of a widespread malicious email campaign undertaken by the activity group that Microsoft tracks as NOBELIUM. NOBELIUM was initially identified in November 2020, during an intrusion at a major cybersecurity...
Business email compromise campaign targets wide range of orgs with gift card scam
Cybercriminals continue to target businesses to trick recipients into approving payments, transferring funds, or, in this case, purchasing gift cards. This kind of email attack is called business email compromise BEC—a damaging form of phishing designed to gain access to critical business...