CVE-2026-40569

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

EUVD-2026-24171

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a mass assignment vulnerability in the mailbox connection settings endpoints of FreeScout connectionIncomingSave at app/Http/Controllers/MailboxesController.php:468 and connectionOutgoingSave at line 398...

Fake PayPal invoice from Geek Squad is a tech support scam

One of our employees received this suspicious email and showed it to me. Although it's a pretty straightforward attempt to lure targets into calling the scammers, it's worth writing up because it looks like it was sent out in bulk. Let's look at the red flags. Firstly, the sender address : PayPal...

EUVD-2004-1618

Malware in sbrugna...

Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security

Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models LLMs to obfuscate payloads and evade security defenses. "Appearing to be aided by a large language model LLM, the activity...

Malicious code in postmark-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b71142d16d8ed2a6e96b93be35b1378bad054d735c90ce0ab7b20979a8c40ba4 This package turned malicious in v1.0.16 and exfiltrates email data via BCC...

MAL-2025-47604 Malicious code in postmark-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b71142d16d8ed2a6e96b93be35b1378bad054d735c90ce0ab7b20979a8c40ba4 This package turned malicious in v1.0.16 and exfiltrates email data via BCC...

SUSE CVE-2024-49393

In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality...

SUSE CVE-2024-49395

In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info...

Design/Logic Flaw

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta15 on the beta and tests-passed branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is n...

CVE-2022-46168 Group SMTP user emails are exposed in CC email header

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta15 on the beta and tests-passed branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is n...

PT-2023-14816 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 2.8.14 on the stable branch and version 2.9.0.beta15 on the beta and tests-passed branches Description: Discourse is an open-source discussion platform. Prior to the specified versions, recipients of a group SMTP...

UBUNTU-CVE-2021-21435

Article Bcc fields and agent personal information are shown when customer prints the ticket PDF via external interface. This issue affects: OTRS AG OTRS 7.0.x version 7.0.23 and prior versions; 8.0.x version 8.0.10 and prior versions...

CVE-2020-1775

BCC recipients in mails sent from OTRS are visible in article detail on external interface. This issue affects OTRS: 8.0.3 and prior versions, 7.0.17 and prior versions...

DEBIAN-CVE-2017-8825

A null dereference vulnerability has been found in the MIME handling component of LibEtPan before 1.8, as used in MailCore and MailCore 2. A crash can occur in low-level/imf/mailimf.c during a failed parse of a Cc header containing multiple e-mail addresses...

CVE-2008-7281

Open Ticket Request System OTRS before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field...

CVE-2004-1624

CVE-2004-1624 affects Carbon Copy 6.0.5257. The issue: CCW32.exe (help topic interface) launches external programs (Notepad) without dropping system privileges, and the Carbon Copy Scheduler (CCSched.exe) help button similarly spawns external processes. Root cause: failure to drop privileges when...

CVE-2004-1624

Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via 1 the help topic interface in CCW32.exe, which launches Notepad, or 2 the help button in the Carbon Copy Scheduler CCSched.exe...

carboncopy.txt

The only reason this was never disclosed was originally in hopes of proper vendor response... I spoke to their tech support about 5 times but they were just total morons. I eventually gave up. I was going to write a shatter like attack so this could be exploited ala .exe file but I never had time...

CVE-2004-1624

Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via 1 the help topic interface in CCW32.exe, which launches Notepad, or 2 the help button in the Carbon Copy Scheduler CCSched.exe...