76 matches found
EUVD-2000-0396
Malware in sbrugna...
EUVD-2017-9786
Malware in sbrugna...
EUVD-2018-13589
Malware in sbrugna...
EUVD-2019-5870
Malware in sbrugna...
EUVD-2002-1717
Malware in sbrugna...
EUVD-2011-0703
Malware in sbrugna...
EUVD-2020-3817
Malware in sbrugna...
EUVD-2022-51667
Malicious code in bioql PyPI...
EUVD-2024-45922
Malicious code in bioql PyPI...
EUVD-2021-8784
Malicious code in bioql PyPI...
EUVD-2022-46681
Malicious code in bioql PyPI...
CVE-2022-43699
OX App Suite before 7.10.6-rev30 allows SSRF because e-mail account discovery disregards the deny-list and thus can be attacked by an adversary who controls the DNS records of an external domain found in the host part of an e-mail address...
CVE-2019-14723
In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete a victim's e-mail account via an attacker account...
CVE-2018-20934
cPanel before 70.0.23 does not prevent e-mail account suspensions from being applied to unowned accounts SEC-411...
One Time Password - Moderately critical - Access bypass - SA-CONTRIB-2025-061
This module enables you to allow users to include a second authentication method in addition to password authentication. The module doesn't sufficiently prevent one time login links from bypassing TFA. This vulnerability is mitigated by the fact that an attacker must have access to an email accou...
CVE-2025-30150
Shopware 6 is an open commerce platform based on Symfony Framework and Vue. Through the store-api it is possible as a attacker to check if a specific e-mail address has an account in the shop. Using the store-api endpoint /store-api/account/recovery-password you get the response, which indicates...
A week in security (November 4 – November 10)
Last week on Malwarebytes Labs: Hello again, FakeBat: popular loader returns after months-long hiatus TikTok ordered to close Canada offices following "national security review" Air fryers are the latest surveillance threat you didn’t consider Malwarebytes acquires AzireVPN to fuel additional VPN...
FBI: Spike in Hacked Police Emails, Fake Subpoenas
The Federal Bureau of Investigation FBI is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to...
BIT-WORDPRESS-MULTISITE-2020-11027 Password reset links invalidation issue in WordPress
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password. Access would be needed to the email account of the user by a malicious party for successful execution. This has been patched in version 5.4.1, along with all the previously...
CVE-2024-21654
Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover...