MAL-2026-4557 Malicious code in ezymail (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ea463f516048086ec4acfc2733edc9561dac749d19c2e47381fc170c451cd53c The package advertises itself as a Gmail/SMTP sender library. The README documents that callers pass their SMTP user and pass Gmail App Password to a...

Malicious code in saas-common-lib-473815 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0142a19ba91410cc19470321caba04aa48633df937b0ed66439cccf31877a333 utils/sendemailotp.py exposes otpEmailServicetoemail, emailbody, which authenticates to smtp.gmail.com using a hardcoded sender address...

CVE-2025-67513

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. This is the apppassword parameter. Depending on local...

CVE-2025-67513

FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through 17.0.9 have a weak default password. By default, this is a 6 digit numeric value which can be brute forced. This is the apppassword parameter. Depending on local...

EUVD-2019-9299

Malware in sbrugna...

EUVD-2021-23384

Malware in sbrugna...

CVE-2023-39963

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 20.0.0 and prior to versions 20.0.14.15, 21.0.9.13, 22.2.10.14, 23.0.12.8, 24.0.12.5, 25.0.9, 26.0.4, and 27.0.1, a missing password confirmation allowed an attacker, after successfully steali...

CVE-2021-36808

A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115...

CVE-2019-19690

Trend Micro Mobile Security for Android Consumer versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature...

WordPress 4.3.x < 4.3.32 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

Nextcloud 安全漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud iOS versions prior to 4.7.0, which stems from the ability to bypass the app password of an iOS app...

PT-2022-19492 · Nextcloud +1 · Nextcloud Server +1

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 22.2.7 Nextcloud Server versions prior to 23.0.4 Description: The issue is related to missing input-size validation of new session names in Nextcloud Server, allowing users to create app passwords with long...

CVE-2021-36808

A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115...

CVE-2021-36808

CVE-2021-36808 affects Sophos Secure Workspace for Android; a race condition before version 9.7.3115 allows a local attacker to bypass the app password. Reported by multiple sources (NVD entry and Red Hat/CNVD/CVE lists). Notable details: attack is local with no user interaction required (per CVS...

CVE-2021-36808

A local attacker could bypass the app password using a race condition in Sophos Secure Workspace for Android before version 9.7.3115...

Sophos Secure Workspace For Android 竞争条件问题漏洞

Sophos Secure Workspace For Android is an application from Sophos UK for Android. Used to manage documents stored in the cloud and view documents published via Sophos Mobile servers, Sophos Secure Workspace For Android is vulnerable to a contention issue that could be exploited by a local attacke...

PT-2021-9029 · Sannce · Sannce Smart Hd Wifi Security Camera

Name of the Vulnerable Software and Affected Versions: Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 affected versions not specified Description: An issue was discovered in the Sannce Smart HD Wifi Security Camera, where the device offers multiple streaming services. Although the servi...

Security update for nextcloud (moderate)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2020:1652-1 Rating: moderate References: 1171572 1171579 1177346 Cross-References: CVE-2020-8154 CVE-2020-8155 CVE-2020-8183 CVE-2020-8228 CVE-2020-8233 Affected Products: openSUSE Leap 15.2 openSUSE Leap 15.1...

CVE-2019-19690

Trend Micro Mobile Security for Android Consumer versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature...

CVE-2019-19690

Trend Micro Mobile Security for Android Consumer versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature...