Lucene search
K

538 matches found

The Hacker News
The Hacker News
added 2026/07/06 7:27 a.m.8 views

Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages

Researchers found a flaw in Opera GX, the gaming-focused version of the Opera browser, that let a malicious website silently install a browser add-on and use it to lift specific data from the pages a victim visits. In a proof of concept, they reconstructed a signed-in user's full Gmail address fr...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/07/02 1:4 p.m.15 views

ToddyCat-Linked Umbrij Malware Abuses OAuth to Access Gmail via Google API

The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications hosted on Gmail,...

6AI score
Exploits0
NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57657

Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...

4.3CVSS0.00098EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.15 views

CVE-2026-57657

The connected sources confirm an unauthenticated Cross Site Request Forgery (CSRF) vulnerability in the WordPress Gmail SMTP plugin, affecting versions up to 1.2.3.19. The issue is documented across CVE entries and third-party listings as CVE-2026-57657 and specifies the affected product as the W...

4.3CVSS5.8AI score0.00098EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/26 2:53 p.m.5 views

EUVD-2026-39662

Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...

4.3CVSS5.8AI score0.00098EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:53 p.m.32 views

CVE-2026-57657 WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...

4.3CVSS0.00098EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:18 p.m.7 views

WordPress Gmail SMTP plugin <= 1.2.3.19 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Gmail SMTP versions = 1.2.3.19...

4.3CVSS5.8AI score0.00098EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/06/18 1:4 p.m.11 views

Untrusted Search Path

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the CLOUDSDKPYTHON environment variable in the .env file during the Gmail setup process. An attacker can cause unintended Python runtime execution by manipulatin...

7.1CVSS6AI score0.00133EPSS
Exploits0References2
OSV
OSV
added 2026/06/16 9:31 p.m.5 views

GHSA-9FR2-P65V-GQXQ Duplicate Advisory: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fq9j-vw4w-fr6v. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to...

7.1CVSS5.9AI score0.00133EPSS
Exploits0References3
NVD
NVD
added 2026/06/16 7:17 p.m.14 views

CVE-2026-53842

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDKPYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDKPYTHON variable to execute...

7.1CVSS0.00133EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.22 views

PT-2026-49759

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.2 Description An environment variable injection exists where workspace .env files can influence the Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can manipulate...

7.1CVSS5.8AI score0.00133EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/05 7:48 p.m.10 views

CVE-2026-10277

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initia...

6.5CVSS6.1AI score0.00276EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 5:15 p.m.12 views

EUVD-2026-33721

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initia...

6.5CVSS6.1AI score0.00276EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/06/01 5:15 p.m.12 views

CVE-2026-10277 j3k0 mcp-google-workspace MCP Gmail Tool gmail.ts saveToDisk access control

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initia...

6.5CVSS6.1AI score0.00276EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/01 5:15 p.m.31 views

CVE-2026-10277 j3k0 mcp-google-workspace MCP Gmail Tool gmail.ts saveToDisk access control

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initia...

6.5CVSS0.00276EPSS
Exploits0References8
CVE
CVE
added 2026/06/01 5:15 p.m.21 views

CVE-2026-10277

CVE-2026-10277 affects the MCP Gmail Tool in j3k0/mcp-google-workspace (up to commit 831790e7d5c2663325733d9f5579cc339a267c4c). The vulnerability resides in the saveToDisk function of src/tools/gmail.ts and leads to improper access controls when a manipulation is performed, with remote initiation...

6.5CVSS6.1AI score0.00276EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

MCP Google Workspace Server 访问控制错误漏洞

MCP Google Workspace Server is an integrated Gmail and calendar service tool developed by Jean-Christophe Hoelt. There is a security vulnerability in MCP Google Workspace Server, which stems from incorrect operations in the saveToDisk function of the src/tools/gmail.ts file within the MCP Gmail...

6.5CVSS6.4AI score0.00276EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45498

A vulnerability was found in j3k0 mcp-google-workspace up to 831790e7d5c2663325733d9f5579cc339a267c4c. This issue affects the function saveToDisk of the file src/tools/gmail.ts of the component MCP Gmail Tool. Performing a manipulation results in improper access controls. It is possible to initia...

6.5CVSS5.4AI score0.00276EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/23 1:25 a.m.16 views

Malicious code in tax4all-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 411707aa243c516b714830da4805c4abacaa4d5f7e2e8959773cd93468dd78aa The exported ContactForm Vue component in deploy/dist/index.js hardcodes form submissions to https://formsubmit.co/ajax/[email protected] — the...

5.8AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/05/20 2:5 a.m.12 views

Malicious code in ezymail (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea463f516048086ec4acfc2733edc9561dac749d19c2e47381fc170c451cd53c The package advertises itself as a Gmail/SMTP sender library. The README documents that callers pass their SMTP user and pass Gmail App Password to a...

5.9AI score
Exploits0References6
Rows per page
Query Builder