Lucene search
K

318 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-56042

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00358EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-56060

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00614EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-1183

Malicious code in bioql PyPI...

4CVSS4AI score0.00766EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2022-39052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An external attacker is able to send a specially crafted email with many recipients and trigger a potential DoS of the system CVE-2022-39052 Note that Nessus...

7.5CVSS6.1AI score0.00562EPSS
Exploits0References2
NVD
NVD
added 2025/02/27 5:15 p.m.9 views

CVE-2025-27157

Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...

5.3CVSS0.00338EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/02/27 5:12 p.m.15 views

CVE-2025-27157 Mastodon's rate-limits are missing on `/auth/setup`

Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...

5.3CVSS0.00338EPSS
Exploits0References2
OSV
OSV
added 2025/02/27 5:12 p.m.5 views

CVE-2025-27157 Mastodon's rate-limits are missing on `/auth/setup`

Mastodon is a self-hosted, federated microblogging platform. Starting in version 4.2.0 and prior to versions 4.2.16 and 4.3.4, the rate limits are missing on /auth/setup. Without those rate limits, an attacker can craft requests that will send an email to an arbitrary addresses. Versions 4.2.16 a...

5.3CVSS6.8AI score0.00338EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/02/20 12:0 a.m.10 views

CVE-2023-51326

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

0.00425EPSS
Exploits2References2
Cvelist
Cvelist
added 2025/02/20 12:0 a.m.9 views

CVE-2023-51327

A lack of rate limiting in the 'Forgot Password' feature of PHPJabbers Cleaning Business Software v1.0 allows attackers to send an excessive amount of email for a legitimate user, leading to a possible Denial of Service DoS via a large amount of generated e-mail messages...

0.00425EPSS
Exploits2References2
NVD
NVD
added 2024/05/07 6:15 p.m.27 views

CVE-2024-25507

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the emailattachid parameter at /LHMail/AttachDown.aspx...

9.4CVSS7.9AI score0.00617EPSS
Exploits1References1
OSV
OSV
added 2023/04/16 12:15 a.m.4 views

UBUNTU-CVE-2018-17883

An issue was discovered in Open Ticket Request System OTRS 6.0.x before 6.0.12. An attacker could send an e-mail message with a malicious link to an OTRS system or an agent. If a logged-in agent opens this link, it could cause the execution of JavaScript in the context of OTRS...

6.1CVSS6AI score0.00443EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/02/15 6:16 a.m.3 views

SUSE CVE-2006-0040

GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service CPU and memory consumption via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml...

5CVSS6.8AI score0.01946EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/12/13 3:8 a.m.6 views

CVE-2022-41273

Due to improper input sanitization in SAP Sourcing and SAP Contract Lifecycle Management - version 1100, an attacker can redirect a user to a malicious website. In order to perform this attack, the attacker sends an email to the victim with a manipulated link that appears to be a legitimate SAP...

4.3CVSS7AI score0.00464EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/10/17 12:0 a.m.4 views

OTRS 安全漏洞

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS version 8.0.x, version 7.0.x. An attacker exploits the vulnerability to send specially crafted emails with numerous recipients and trigger a denial of service attack...

7.5CVSS5.3AI score0.00562EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2022/06/21 11:20 a.m.77 views

Voicemail Scam Steals Microsoft Credentials

Attackers are using an oft-used and still effective lure to steal credentials to key Microsoft apps by sending emails notifying potential victims that they have a voicemail message, researchers have found. A team from Zscaler ThreatLabZ has been monitoring a campaign since May that targets key...

7.1AI score
Exploits0References4
CNVD
CNVD
added 2022/02/23 12:0 a.m.14 views

WordPress Coming soon and Maintenance mode跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. WordPress plugin is a WordPress open source application plugin. WordPress Coming soon and Maintenance mode has a cross-site request forgery vulnerability, the vulnerability originates from the plugi...

4.3CVSS2AI score0.00464EPSS
Exploits2References1
Veracode
Veracode
added 2021/06/19 8:16 p.m.4 views

Denial Of Service (DoS)

Debian is vulnerable to denial of service. The vulnerability exists due to the high CPU usage which allows an attacker to crash the application in a malicious URL via an email...

6.5CVSS6.4AI score0.00976EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2021/06/16 9:50 a.m.77 views

CVE-2021-21441

CVE-2021-21441 is a Cross‑Site Scripting (XSS) vulnerability in OTRS where the ticket overview screen can leak information when an e‑mail is shown. Exploitation can be performed by sending a specially crafted e‑mail to the system and does not require user interaction. Affected products/versions i...

7.5CVSS7.2AI score0.01216EPSS
Exploits0References2Affected Software1
CISA
CISA
added 2021/05/27 12:0 a.m.11 views

Microsoft Announces New Campaign from NOBELIUM

The Microsoft Threat Intelligence Center MSTIC has released information on the uncovering of a widespread malicious email campaign undertaken by the activity group that Microsoft tracks as NOBELIUM. NOBELIUM was initially identified in November 2020, during an intrusion at a major cybersecurity...

6.7AI score
Exploits0References3
Microsoft Secure
Microsoft Secure
added 2021/05/06 4:0 p.m.208 views

Business email compromise campaign targets wide range of orgs with gift card scam

Cybercriminals continue to target businesses to trick recipients into approving payments, transferring funds, or, in this case, purchasing gift cards. This kind of email attack is called business email compromise BEC—a damaging form of phishing designed to gain access to critical business...

Exploits0
Rows per page
Query Builder