CVE-2026-10729

An HTML injection vulnerability in the notification email for "Slow Redirect" and "Cloned Website" Canarytokens exists in Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting XSS in emails clients that render HTML emails. This issue affects Canarytokens: fr...

CVE-2026-10729

The CVE-2026-10729 entry covers an HTML injection vulnerability in Thinkst Applied Research Canarytokens specifically in the notification email delivery. Affected component: Canarytokens notification emails that render HTML. Root cause described: HTML injection can enable Interface Manipulation a...

CVE-2026-41904

FreeScout (PHP/Laravel) prior to version 1.8.217 is affected by a Stored XSS in the mailbox auto-reply feature. A user with updateAutoReply permission can store an XSS payload in the auto-reply message, which is rendered unescaped in auto-reply emails sent to customers. As email clients do not en...

CVE-2022-50684

An HTML injection vulnerability in Kentico Xperience allows attackers to inject malicious HTML values into form submission emails via unencoded form fields. Unencoded form values could enable HTML content execution in recipient email clients, potentially compromising email security...

PT-2025-51552

Name of the Vulnerable Software and Affected Versions Canary Mail affected versions not specified Blue Mail affected versions not specified Description A flaw exists in the data protection mechanisms of email clients. Remote attackers may be able to conduct phishing attacks by exploiting this...

EUVD-1999-0004

Malware in sbrugna...

Unity Linux 20.1070e Security Update: nss (UTSA-2025-680649)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680649 advisory. NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Application...

EUVD-2021-30456

Malicious code in bioql PyPI...

CVE-1999-0004

MIME buffer overflow in email clients, e.g. Solaris mailtool and Outlook...

CVE-2025-32782 Ash Authentication email link auto-click account confirmation vulnerability

Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools e.g., Outlook, virus scanners, and email previewers may automatically follow...

GHSA-V333-7H2P-5FHV ZITADEL has improper HTML sanitization in emails and Console UI

Impact ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker,...

CentOS 9 : nss-3.79.0-14.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the nss-3.79.0-14.el9 build changelog. - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS...

NewStart CGSL CORE 5.05 / MAIN 5.05 : nss Vulnerability (NS-SA-2023-0010)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has nss packages installed that are affected by a vulnerability: - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures...

Amazon Linux 2023 : nspr, nspr-devel, nss (ALAS2023-2023-031)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-031 advisory. NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within...

Amazon Linux 2 : nspr (ALAS-2023-1953)

The version of nspr installed on the remote host is prior to 4.32.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1953 advisory. NSS Network Security Services up to and including 3.73 is vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS...

SUSE CVE-2007-1558

The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle MITM attacks that use crafted message IDs and MD5 collisions. NOTE: this design-level issue potentially affects all products that use APOP, including 1 Thunderbird 1.x before 1.5.0.12 and...

EulerOS Virtualization 3.0.6.6 : nss (EulerOS-SA-2022-2521)

According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA o...

SUSE SLES12 Security Update : mozilla-nspr, mozilla-nss (SUSE-SU-2022:2536-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2536-1 advisory. - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or...

EulerOS 2.0 SP10 : nss (EulerOS-SA-2022-1477)

According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS...

EulerOS Virtualization 2.10.1 : nss (EulerOS-SA-2022-1381)

According to the versions of the nss packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NSS Network Security Services versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA o...