Lucene search
K

10 matches found

Talos Blog
Talos Blog
added 2026/04/07 10:0 a.m.10 views

The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines

By Diana Brown Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. These emails are transmitted using the legitimate mail delivery infrastructure associated with GitHub and Jira...

5.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/11/05 12:0 a.m.10 views

PT-2025-45105

Name of the Vulnerable Software and Affected Versions MDaemon Mail Server version 23.5.2 Description MDaemon Mail Server version 23.5.2 validates Sender Policy Framework SPF, DomainKeys Identified Mail DKIM, and Domain-based Message Authentication, Reporting & Conformance DMARC using the email...

7.1CVSS6.5AI score0.00196EPSS
Exploits0References3
CERT
CERT
added 2025/10/28 12:0 a.m.16 views

Authenticated SMTP users may spoof other identities due to ambiguous “From” header interpretation

Overview Email message header syntax can be exploited to bypass authentication protocols such as SPF, DKIM, and DMARC. These exploits enable attackers to deliver spoofed emails that appear to originate from trusted sources. Recent research has explored using the originator fields, such as From: a...

6.5AI score
Exploits0References6
OSV
OSV
added 2023/11/30 11:15 p.m.4 views

CVE-2023-46388

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via dpalconfig.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

7.5CVSS5.8AI score0.01522EPSS
Exploits2References4
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.3 views

LOYTEC LINX-212 Security Vulnerability

The LOYTEC LINX-212 is a building controller from LOYTEC. A security vulnerability exists in the LOYTEC LINX-212 version 6.2.4 and LINX-151 version 7.2.4, which stems from a vulnerability that allows an attacker to disclose smtp client account credentials and bypass email authentication via the...

7.5CVSS6.9AI score0.01522EPSS
Exploits2References5
CNNVD
CNNVD
added 2023/11/30 12:0 a.m.4 views

LOYTEC LINX-212 Security Vulnerability

The LOYTEC LINX-212 is a building controller from LOYTEC. A security vulnerability exists in the LOYTEC LINX-212 version 6.2.4 and LINX-151 version 7.2.4, which originated from a vulnerability that allows an attacker to disclose smtp client account credentials and bypass email authentication via...

7.5CVSS6.9AI score0.01573EPSS
Exploits2References5
CVE
CVE
added 2023/11/30 12:0 a.m.41 views

CVE-2023-46388

LOYTEC LINX-212 and LINX-151 devices (all versions) are affected by CVE-2023-46388 due to Insecure Permissions via dpal_config.zml, enabling remote disclosure of SMTP client credentials and bypass of email authentication. The issue is tracked across multiple sources (including Red Hat and CISA IC...

7.5CVSS7.7AI score0.01522EPSS
Exploits2References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:59 a.m.3 views

SUSE CVE-2020-12063

A certain Postfix 2.10.1-7 package could allow an attacker to send an email from an arbitrary-looking sender via a homoglyph attack, as demonstrated by the similarity of \xce\xbf to the 'o' character. This is potentially relevant when the /etc/postfix/senderlogin feature is used, because a spoofe...

5.3CVSS6.8AI score0.00935EPSS
Exploits1References3
CNVD
CNVD
added 2020/05/06 12:0 a.m.2 views

Longbrothers Digital OKLOK Code Issue Vulnerability

Longbrothers Digital Fingerprint Bluetooth Padlock FB50 and OKLOK are both products of Longbrothers Digital China.Fingerprint Bluetooth Padlock FB50 is a fingerprint round The Fingerprint Bluetooth Padlock FB50 is a fingerprint round padlock that supports fingerprint unlocking, remote unlocking...

7.5CVSS7.2AI score0.01067EPSS
Exploits1References1
CNVD
CNVD
added 2019/12/19 12:0 a.m.3 views

GitLab Authorization Issues Vulnerability (CNVD-2020-12719)

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab...

8.8CVSS7AI score0.01511EPSS
Exploits1References1
Rows per page
Query Builder