PT-2026-1290

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration ZCS versions prior to 10.0.18 Zimbra Collaboration ZCS versions prior to 10.1.13 Description The software contains a stored cross-site scripting XSS issue within the Classic UI. This occurs due to Cascading Style Sheets CS...

CVE-2025-66376

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

EUVD-2026-0850

Zimbra Collaboration ZCS 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets CSS @import directives in an HTML e-mail message...

CVE-2025-66376

Zimbra Collaboration (ZCS) is affected in versions prior to 10.0.18 and prior to 10.1.13. The issue is a stored XSS in the Classic UI triggered by CSS @import directives in HTML emails, caused by improper handling of CSS imports. Impact is stored cross-site scripting within email rendering. Remed...

CVE-2025-12460

Summary: CVE-2025-12460 describes a Stored XSS vulnerability in Afterlogic Aurora webmail. Affected versions: 9.8.3 and earlier. ** vulnerability mechanism:** an attacker can embed JavaScript in an HTML email via an img tag, which may execute in the recipient’s webmail browser context. Impact (pe...

PT-2025-44626

Name of the Vulnerable Software and Affected Versions Afterlogic Aurora webmail versions 9.8.3 and below Description A cross-site scripting XSS issue exists in Afterlogic Aurora webmail. An attacker can send a specially crafted HTML email message containing JavaScript within an img HTML tag. This...

Afterlogic Aurora 安全漏洞

Afterlogic Aurora is an enterprise mail server platform written in PHP by Afterlogic Inc. in the United States. The platform includes features such as e-mail, file storage and address book management. A security vulnerability exists in Afterlogic Aurora 9.8.3 and prior versions, which stems from...

EUVD-2008-5704

Malware in sbrugna...

EUVD-2009-0417

Malware in sbrugna...

EUVD-2010-4731

Malware in sbrugna...

EUVD-2025-14281

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2023-5631

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube before 1.4.15, 1.5.x before 1.5.5, and 1.6.x before 1.6.4 allows stored XSS via an HTML e-mail message with a crafted SVG document because of...

thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...

thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is...

CVE-2025-5986

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...

Mozilla Thunderbird < 139.0.2

The version of Thunderbird installed on the remote Windows host is prior to 139.0.2. It is, therefore, affected by a vulnerability as referenced in the mfsa2025-50 advisory. - A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's...

Security Vulnerabilities fixed in Thunderbird 128.11.1 — Mozilla

A crafted HTML email using mailbox:/// links can trigger automatic, unsolicited downloads of .pdf files to the user's desktop or home directory without prompting, even if auto-saving is disabled. This behavior can be abused to fill the disk with garbage data e.g. using /dev/urandom on Linux or to...

CVE-2024-23330

Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be...

CVE-2022-31049

TYPO3 is an open source web content management system. Prior to versions 9.5.34 ELTS, 10.4.29, and 11.5.11, user submitted content was used without being properly encoded in HTML emails sent to users. The actually affected components were mail clients used to view those messages. TYPO3 versions...

CVE-2025-3877

CVE-2025-3877 is rejected/not used; this entry does not represent an active vulnerability.