Lucene search
K

62 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/26 4:14 a.m.4 views

Malicious code in postmark-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b71142d16d8ed2a6e96b93be35b1378bad054d735c90ce0ab7b20979a8c40ba4 This package turned malicious in v1.0.16 and exfiltrates email data via BCC...

7AI score
Exploits0References1
OSV
OSV
added 2025/09/26 4:14 a.m.3 views

MAL-2025-47604 Malicious code in postmark-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b71142d16d8ed2a6e96b93be35b1378bad054d735c90ce0ab7b20979a8c40ba4 This package turned malicious in v1.0.16 and exfiltrates email data via BCC...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2020-22402

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross Site Scripting XSS vulnerability in SOGo Web Mail before 4.3.1 allows attackers to obtain user sensitive information when a user reads an email containing...

6.1CVSS6.4AI score0.00378EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 2:39 a.m.6 views

CVE-2023-23629

Metabase is an open source data analytics platform. Affected versions are subject to Improper Privilege Management. As intended, recipients of dashboards subscriptions can view the data as seen by the creator of that subscription. This allows someone with greater access to data to create a...

6.3CVSS6.3AI score0.00378EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.4 views

CVE-2021-20761

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate privilege...

3.5CVSS6.9AI score0.00752EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:16 p.m.10 views

CVE-2021-20762

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege...

4.3CVSS6.5AI score0.00802EPSS
Exploits0References1
OSV
OSV
added 2025/02/20 4:15 a.m.5 views

CVE-2024-49782

IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensitive information disclosed through email notifications generated by OpenPages or disrupt notification...

8.2CVSS5.8AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:8 p.m.7 views

CVE-2024-52508

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like [email protected] that does not support auto configuration, and an attacker managed to register autoconfig.tld, the used email details would ...

8.2CVSS6.7AI score0.00698EPSS
Exploits0References1
CNVD
CNVD
added 2024/05/16 12:0 a.m.5 views

Cybozu Garoon Denial of Service Vulnerability (CNVD-2024-29668)

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A denial of service vulnerability exists in Cybozu Garoon, which stems from improper handling of data in emails. ...

4.9CVSS6.6AI score0.00454EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/05/13 12:0 a.m.2 views

Cybozu Garoon 安全漏洞

Cybozu Garoon is a portal-type OA office system from Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, and other functions. A denial of service vulnerability exists in Cybozu Garoon, which stems from improper handling of data in emails. ...

4.9CVSS6.7AI score0.00454EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/03/07 12:0 a.m.4 views

Apple macOS Sonoma Security Vulnerability

Apple macOS Sonoma is a desktop operating system from Apple Inc. in the United States. A security vulnerability exists in Apple macOS Sonoma version 14.4, which stems from an application that may be able to view email data...

3.3CVSS6.4AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/17 12:0 a.m.6 views

PT-2024-14025 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM version 7.5 Description: The issue could disclose sensitive email information in responses from offense rules. Recommendations: For IBM QRadar SIEM version 7.5, consider restricting access to offense rules to minimize the risk...

5.3CVSS5AI score0.00419EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/01/17 12:0 a.m.6 views

IBM QRadar SIEM Information Disclosure Vulnerability

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

5.3CVSS6AI score0.00419EPSS
Exploits0References7
hivepro
hivepro
added 2023/11/20 4:51 a.m.50 views

Four Threat Actors Capitalized on Zimbra Zero Day to Infiltrate Government Organizations

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A zero-day vulnerability identified as CVE-2023-37580 in Zimbra Collaboration email software has been exploited by four different groups in attacks. These attacks aimed to illicitly obtain email data, us...

5.8CVSS7.3AI score0.59041EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/07/31 12:0 a.m.27 views

CVE-2023-37580

Zimbra Collaboration ZCS 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client. Recent assessments: ccondon-r7 at January 28, 2024 7:36pm UTC reported: Per Google’s Threat Analysis Group TAG, this bug was exploited as a zero-day and has been used by at least four different threat...

6.1CVSS6.4AI score0.59041EPSS
In wildExploits0References4
hivepro
hivepro
added 2023/07/24 1:36 p.m.22 views

Storm-0558 Chinese Threat Actor Targets Email Accounts

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Storm-0558, a China-based threat actor with espionage objectives, has been targeting email data from approximately 25 organizations using tactics like credential harvesting, OAuth token, and phishing...

6.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:41 a.m.3 views

SUSE CVE-2013-0764

The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 17.x before 17.0.2, and SeaMonkey before 2.15 does not ensure thread safety for SSL sessions, which allows remote attackers to execute arbitrar...

9.3CVSS9.7AI score0.03148EPSS
Exploits0References8
OSV
OSV
added 2022/12/24 12:15 a.m.3 views

CVE-2022-38658

BigFix deployments that have installed the Notification Service on Windows are susceptible to disclosing SMTP BigFix operator's sensitive data in clear text. Operators who use Notification Service related content from BES Support are at risk of leaving their SMTP sensitive data exposed...

7.5CVSS5.6AI score0.00312EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.4 views

Cybozu Garoon 输入验证错误漏洞

A security vulnerability exists in Cybozu Garoon, a portal-based OA office system of Cybozu Japan. An attacker could use this vulnerability to change e-mail data without proper privileges...

4.3CVSS5.3AI score0.00802EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.5 views

Cybozu Garoon 授权问题漏洞

An operational restriction bypass vulnerability exists in e-mail in Cybozu Garoon, a portal-based OA office system of Cybozu Japan. An attacker can use this vulnerability to change e-mail data without proper privileges...

4.3CVSS5.3AI score0.00818EPSS
Exploits0References4
Rows per page
Query Builder