CVE-2026-41904

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

CVE-2026-41904 FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

CVE-2026-41904 FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

CVE-2026-41904

FreeScout (PHP/Laravel) prior to version 1.8.217 is affected by a Stored XSS in the mailbox auto-reply feature. A user with updateAutoReply permission can store an XSS payload in the auto-reply message, which is rendered unescaped in auto-reply emails sent to customers. As email clients do not en...

CVE-2026-41904

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, a user with updateAutoReply permission can store an XSS payload in the mailbox auto-reply message. The payload is rendered unescaped in the auto-reply email sent to every customer who...

PT-2026-38549

Name of the Vulnerable Software and Affected Versions FreeScout versions prior to 1.8.217 Description A user with updateAutoReply permission can store a Cross-Site Scripting XSS payload in the mailbox auto-reply message. This payload is rendered without escaping in the auto-reply emails sent to...

CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

CVE-2026-28467 OpenClaw < 2026.2.2 - SSRF via Attachment Media URL Hydration

OpenClaw versions prior to 2026.2.2 contain a server-side request forgery vulnerability in attachment and media URL hydration that allows remote attackers to fetch arbitrary HTTPS URLs. Attackers who can influence media URLs through model-controlled sendAttachment or auto-reply mechanisms can...

EUVD-2005-0847

Malware in sbrugna...

EUVD-2005-2747

Malware in sbrugna...

CVE-2005-2746

Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages...

WordPress AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply. Plugin <= 1.0.1 is vulnerable to Cross Site Scripting (XSS)

Software AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply. Type Plugin Vulnerable versions = 1.0.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim...

WordPress AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply plugin versions = 1.0.0. Solution Update the WordPress AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply plugin to...

Watch out as new Android malware spreads through WhatsApp

By Sudais Asif The malware takes advantage of WhatsApp's auto-reply feature to spread itself. Here's the video showing what the malware does. This is a post from HackRead.com Read the original post: Watch out as new Android malware spreads through WhatsApp...

Beware — A New Wormable Android Malware Spreading Through WhatsApp

A newly discovered Android malware has been found to propagate itself through WhatsApp messages to other contacts in order to expand what appears to be an adware campaign. "This malware spreads via victim's WhatsApp by automatically replying to any received WhatsApp message notification with a li...

CVE-2005-2746

Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages...

CVE-2005-2746

Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages...

CVE-2005-2746

CVE-2005-2746 affects Mail.app on Apple Mac OS X 10.3.9 and 10.4.2. The issue arises when using auto-reply rules, causing Mail.app to include decrypted message contents in replies, potentially exposing plaintext from encrypted messages. The vulnerability’s concrete impact is exposure of decrypted...

CVE-2005-0846

Multiple cross-site scripting XSS vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the 1 message subject or 2 message header field...

CVE-2005-0846

Multiple cross-site scripting XSS vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the 1 message subject or 2 message header field...