115 matches found
SendGrid for WordPress <= 1.4 - SQL Injection
Smackcoders SendGrid for WordPress affected versions 1.4 and below contains a SQL injection caused by improper neutralization of special elements used in an SQL command, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2024-43965 info: name: SendGrid for...
Malicious code in sendgrid-sdk (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 08f1d48bc557c6afa69c74455fe35f34ed0992082dc30fc09d032523d2329f63 Package impersonates the official SendGrid npm packages @sendgrid/ but ships no SDK functionality — index.js exports an empty object. Its sole purpos...
GHSA-7MR4-XJXG-34G6 vulnerabilities
Vulnerabilities for packages: secrets-store-csi-driver-provider-aws, kpt, trillian, envoy-gateway, cloud-provider-aws, tailscale, cert-manager-cmctl, cluster-api, terraform-provider-azuread, eksctl, dex, knative-eventing, kuma, mc, bento, witness, helm-mapkubeapis, apisix-ingress-controller,...
GO-2026-4673 Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go in github.com/arslanbekov/terraform-provider-sendgrid
Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go in github.com/arslanbekov/terraform-provider-sendgrid...
Terraform Provider for SendGrid: TLS Session Resumption Bypasses Certificate Authority Trust Store Modifications in Go
Summary A critical vulnerability has been identified at https://security.snyk.io/package/linux/chainguard:latest/terraform-provider-sendgrid, associated with the underlying Go version. If the server's TLS configuration is mutated between connections — for example, a CA is removed from the trusted...
CVE-2026-26077
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...
CVE-2026-26077
CVE-2026-26077 – Discourse webhook authentication bypass . Affects Discourse prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, where several webhook endpoints (SendGrid, Mailjet, Mandrill, Postmark, SparkPost) in the WebhooksController accepted requests without a valid authentication token whe...
EUVD-2026-8854
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...
CVE-2026-26077
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...
CVE-2026-26077 Discourse doesn't ensure webhooks require a token
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...
CVE-2026-26077 Discourse doesn't ensure webhooks require a token
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...
Pride Month Phishing Targets Employees via Trusted Email Services
Attackers are using Pride Month themed phishing emails to target employees worldwide, abusing trusted email platforms like SendGrid to harvest credentials...
CVE-2025-70841
Dokans Multi-Tenancy Based eCommerce Platform SaaS 3.9.2 allows unauthenticated remote attackers to obtain sensitive application configuration data via direct request to /script/.env file. The exposed file contains Laravel application encryption key APPKEY, database credentials, SMTP/SendGrid API...
PT-2026-5987
Name of the Vulnerable Software and Affected Versions Dokans Multi-Tenancy Based eCommerce Platform version 3.9.2 Description The platform allows unauthenticated remote attackers to obtain sensitive application configuration data by directly requesting the '/script/.env' file. This file contains...
Malicious code in @posthog/sendgrid-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 538f52ec82c02a69031b8b84a1e12b2d22ee68462c722f9dd4a8ea07d4e81d44 The package @posthog/sendgrid-plugin was found to contain malicious code. Source: google-open-source-security...
EUVD-2025-198933
Malicious code in @posthog/sendgrid-plugin npm...
MAL-2025-190892 Malicious code in @posthog/sendgrid-plugin (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 538f52ec82c02a69031b8b84a1e12b2d22ee68462c722f9dd4a8ea07d4e81d44 The package @posthog/sendgrid-plugin was found to contain malicious code. Source: google-open-source-security...
EUVD-2021-21279
Malware in sbrugna...
EUVD-2025-4439
Malicious code in bioql PyPI...
EUVD-2025-3171
Malicious code in bioql PyPI...