Lucene search
K

97 matches found

CVE
CVE
added 2026/06/12 2:27 p.m.17 views

CVE-2026-44207

CVE-2026-44207 affects the Frappe full‑stack web framework. It is an insecure direct object reference (IDOR) that allows authenticated users to access other users’ email configuration details. Affected versions are prior to 15.107.0 and 16.17.0. The issue has been patched in 15.107.0 and 16.17.0....

6.9CVSS5.3AI score0.00321EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2012-2359

Malware in sbrugna...

5CVSS6.4AI score0.01504EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2015-3974

Malware in sbrugna...

5.3CVSS5.9AI score0.01765EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2013-6000

Malware in sbrugna...

5.8CVSS7.4AI score0.01457EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-1999-1478

Malware in sbrugna...

7.2CVSS6.4AI score0.01404EPSS
Exploits1References3
HackRead
HackRead
added 2025/08/19 4:54 p.m.5 views

Australian ISP iiNet Reports Data Breach, Customer Accounts Stolen

Australian ISP iiNet confirms data breach as hackers stole 280,000 email accounts, phone numbers and user data using…...

7.3AI score
Exploits0
CVE
CVE
added 2024/11/20 12:0 a.m.64 views

CVE-2024-48533

CVE-2024-48533 affects eSoft Planner 3.24.08271-USA, where the Forgot your Login? module returns different responses for valid vs invalid email addresses, enabling username enumeration. Multiple sources (NVD, Red Hat, CNNVD, CVE lists) confirm the issue and its impact on account discovery. The co...

5.3CVSS6.9AI score0.00399EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2024/10/25 7:21 p.m.18 views

Autolab Misconfigured Reset Password Permissions

Impact For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. Patches This is fixed in v3.0.1. Workarounds No workarounds. For more information If you have any questions or comments about this...

8.8CVSS6.7AI score0.00454EPSS
Exploits0References4Affected Software1
The Hacker News
The Hacker News
added 2024/09/25 7:3 a.m.22 views

Transportation Companies Hit by Cyberattacks Using Lumma Stealer and NetSupport Malware

Transportation and logistics companies in North America are the target of a new phishing campaign that delivers a variety of information stealers and remote access trojans RATs. The activity cluster, per Proofpoint, makes use of compromised legitimate email accounts belonging to transportation an...

7.7AI score
Exploits0
OSV
OSV
added 2024/07/12 11:15 a.m.9 views

CVE-2024-6328

The MStore API – Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.14.7. This is due to insufficient verification on the 'phone' parameter of the 'firebasesmslogin' and 'firebasesmsloginv2' functions...

9.8CVSS5.8AI score0.0067EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/06/27 12:0 a.m.7 views

Lunary Security Breach

Lunary is a production toolkit for LLM that is open sourced by lunary. A security vulnerability exists in Lunary v1.2.11 and earlier versions that stems from allowing the creation of multiple accounts with essentially the same email address, leading to incorrect synchronization and potential...

5.3CVSS6.7AI score0.00338EPSS
Exploits1References2
Malwarebytes
Malwarebytes
added 2024/01/23 1:27 p.m.19 views

Microsoft got hacked by state sponsored group it was investigating

In a spy-vs-spy type of scenario, Microsoft has acknowledged that a group called Midnight Blizzard also known as APT29 or Cozy Bear, gained access to a Microsoft legacy non-production test tenant account. According to Microsoft, the group managed to access the account in November after subjecting...

7.2AI score
Exploits0
Trellix
Trellix
added 2023/12/18 12:0 a.m.9 views

Cybercrooks leveraging anti automation toolkit for phishing campaigns

Cybercrooks Leveraging Anti Automation Toolkit for Phishing Campaigns By Vihar Shah and Rohan Shah · December 18, 2023 Threat actors have a track record of abusing tools hosted on GitHub for malicious purposes. Last year we showed how attackers abused Python’s tarfile module. Trellix Advanced...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/09/07 2:30 p.m.15 views

How Microsoft's highly secure environment was breached

An investigation by Microsoft has finally revealed how China-based hackers circumvented the protections of a "highly isolated and restricted production environment" in May 2023 to unlock sensitive email accounts belonging to US government agencies. The attack was first reported by Microsoft in...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/13 6:14 a.m.37 views

U.S. Government Agencies' Emails Compromised in China-Backed Cyber Attack

An unnamed Federal Civilian Executive Branch FCEB agency in the U.S. detected anomalous email activity in mid-June 2023, leading to Microsoft's discovery of a new China-linked espionage campaign targeting two dozen organizations. The details come from a joint cybersecurity advisory released by th...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/07/12 10:45 a.m.21 views

Microsoft Thwarts Chinese Cyber Attack Targeting Western European Governments

Microsoft on Tuesday revealed that it repelled a cyber attack staged by a Chinese nation-state actor targeting two dozen organizations, some of which include government agencies, in a cyber espionage campaign designed to acquire confidential data. The attacks, which commenced on May 15, 2023,...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:34 a.m.6 views

SUSE CVE-2013-6171

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the...

5.8CVSS7.3AI score0.01457EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2022/12/12 3:45 a.m.161 views

Iranian hacking group uses compromised email accounts to distribute MSP remote access tool

Researchers have uncovered a new campaign by hacking group MuddyWater, aka Static Kitten, in which a legitimate remote access tool is sent to targets from a compromised email account. The targets in this campaign are reportedly in Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar,...

0.4AI score
Exploits0
The Hacker News
The Hacker News
added 2022/12/09 7:43 a.m.97 views

MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics

The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity. "The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan,...

0.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/09/20 2:0 p.m.13 views

[update] American Airlines suffers data breach after phishing incident

Major airline American Airlines has fallen victim to a data breach after a threat actor got access to the email accounts of several employees via a phishing attack. According to a published notice of a security incident, the data breach was discovered in July 2022. How it happened American Airlin...

7.1AI score
Exploits0
Rows per page
Query Builder