EUVD-2025-34696

The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode...

EUVD-2019-5869

Malware in sbrugna...

EUVD-2004-1515

Malware in sbrugna...

EUVD-2009-0277

Malware in sbrugna...

EUVD-2019-5875

Malware in sbrugna...

EUVD-2019-5871

Malware in sbrugna...

EUVD-2002-0994

Malware in sbrugna...

EUVD-2022-30656

Malicious code in bioql PyPI...

EUVD-2023-27598

Malicious code in bioql PyPI...

CVE-2019-14724

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to edit an e-mail forwarding destination of a victim's account via an attacker account...

CVE-2019-14722

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to delete an e-mail forwarding destination from a victim's account via an attacker account...

CVE-2019-14728

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.851, an insecure object reference allows an attacker to add an e-mail forwarding destination to a victim's account via an attacker account...

CVE-2023-23498

A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iPadOS 15.7.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account...

BMC Software BMC Remedy 跨站脚本漏洞

BMC Software BMC Remedy is a software application from BMC Software, Inc. It provides off-the-shelf IT Information Library ITIL service support functionality. A security vulnerability exists in BMC Software BMC Remedy prior to version 22.1, which stems from an email-based event forwarding that...

CVE-2022-26088

An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML such as an SSRF payload into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field...

Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud

While researching a recent large-scale bot campaign with CQ Prime Threat Research team lead, Dean Lendrum, we found attackers using domain parking and monetization services to register multiple domains, creating a large number of fake eCommerce accounts per domain. TL; DR ------ Analysis of...

New Microsoft Exchange 'ProxyToken' Flaw Lets Attackers Reconfigure Mailboxes

Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information PII. The issue, tracked as...

HackerOne: CSRF allows to test email forwarding

Summary: It is possible to send email forwarding emails in the name of victim. The main problem is that you don't verify the X-CSRF-Token in the endpoint /securityemailforwarding/testforwarding.json?id=$id. Steps To Reproduce: - Login as an program user who has access to the Email Forwarding -...

CVE-2020-18723

Stored cross-site scripting XSS in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities...

CVE-2020-18723

Stored cross-site scripting XSS in file attachment field in MDaemon webmail 19.5.5 allows an attacker to execute code on the email recipient side while forwarding an email to perform potentially malicious activities...