62 matches found
Malicious code in postmark-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b71142d16d8ed2a6e96b93be35b1378bad054d735c90ce0ab7b20979a8c40ba4 This package turned malicious in v1.0.16 and exfiltrates email data via BCC...
MAL-2025-47604 Malicious code in postmark-mcp (npm)
--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b71142d16d8ed2a6e96b93be35b1378bad054d735c90ce0ab7b20979a8c40ba4 This package turned malicious in v1.0.16 and exfiltrates email data via BCC...
Linux Distros Unpatched Vulnerability : CVE-2020-22402
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross Site Scripting XSS vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing...
CVE-2023-23629
Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a...
CVE-2021-20761
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege...
CVE-2021-20762
Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege...
CVE-2024-49782
IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification...
CVE-2024-52508
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would ...
Cybozu Garoon Denial of Service Vulnerability (CNVD-2024-29668)
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A denial of service vulnerability exists in Cybozu Garoon, which stems from improper handling of data in emails. ...
Cybozu Garoon 安全漏洞
Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A denial of service vulnerability exists in Cybozu Garoon, which stems from improper handling of data in emails. ...
Apple macOS Sonoma Security Vulnerability
Apple macOS Sonoma is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma version 14.4, which stems from an application that may be able to view email data...
PT-2024-14025 · Ibm · Ibm Qradar Siem
Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM version 7.5 Description: The issue could disclose sensitive email information in responses from offense rules. Recommendations: For IBM QRadar SIEM version 7.5, consider restricting access to offense rules to minimize the risk...
IBM QRadar SIEM Information Disclosure Vulnerability
IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...
Four Threat Actors Capitalized on Zimbra Zero Day to Infiltrate Government Organizations
Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability identified as CVE-2023-37580 in Zimbra Collaboration email software has been exploited by four different groups in attacks. These attacks aimed to illicitly obtain email data, us...
CVE-2023-37580
Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. Recent assessments: ccondon-r7 at January 28, 2024 7:36pm UTC reported: Per Google’s Threat Analysis Group TAG, this bug was exploited as a zero-day and has been used by at least four different threat...
Storm-0558 Chinese Threat Actor Targets Email Accounts
Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0558, a China-based threat actor with espionage objectives, has been targeting email data from approximately 25 organizations using tactics like credential harvesting, OAuth token, and phishing...
SUSE CVE-2013-0764
The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrar...
CVE-2022-38658
BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed...
Cybozu Garoon 输入验证错误漏洞
A security vulnerability exists in Cybozu Garoon, a portal-based OA office system of Cybozu Japan. An attacker could use this vulnerability to change e-mail data without proper privileges...
Cybozu Garoon 授权问题漏洞
An operational restriction bypass vulnerability exists in e-mail in Cybozu Garoon, a portal-based OA office system of Cybozu Japan. An attacker can use this vulnerability to change e-mail data without proper privileges...