Lucene search
K

9 matches found

OSV
OSV
added 2026/03/03 1:29 p.m.10 views

BIT-DISCOURSE-2026-26077 Discourse doesn't ensure webhooks require a token

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/04/07 7:29 a.m.24 views

PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks

A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management CRM tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims' digital wallets. "Recipients of the bulk sp...

7.1AI score
Exploits0
ThreatPost
ThreatPost
added 2020/08/27 12:0 p.m.16 views

Malicious Attachments Remain a Cybercriminal Threat Vector Favorite

While attachment threat vectors are one of the oldest malware-spreading tricks in the books, email users are still clicking on malicious attachments that hit their inbox, whether it’s a purported “job offer” or a pretend “critical invoice.” The reason why threat actors are still relying on this...

7AI score
Exploits0References16
Schneier on Security
Schneier on Security
added 2020/04/22 2:12 p.m.37 views

New iPhone Zero-Day Discovered

Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said "we were a bit surprised about who was...

2AI score
Exploits0
The Hacker News
The Hacker News
added 2019/04/03 6:44 a.m.4 views

Facebook Caught Asking Some Users Passwords for Their Email Accounts

Facebook has been caught practicing the worst ever user-verification mechanism that could put the security of its users at risk. Generally, social media or any other online service asks users to confirm a secret code or a unique URL sent to the email address they provided for the account...

6.7AI score
Exploits0
Pen Test Partners Blog
Pen Test Partners Blog
added 2018/07/11 7:19 a.m.41 views

Data exfiltration techniques

Data exfiltration is the last stage of the kill chain in a generally targeted attack on an organisation. Whilst many excellent papers and tools are available for various techniques this is our attempt to pull all these together. This could also be used as a crib sheet for fellow pen testers who a...

6.9AI score
Exploits0
hackapp
hackapp
added 2016/04/01 8:54 a.m.10 views

All Email Providers - GPL license, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application All Email Providers published at the 'play' market has multiple vulnerabilities...

1.1AI score
Exploits0References1Affected Software1
hackapp
hackapp
added 2016/02/25 8:47 a.m.13 views

All Emails Providers MoboSpace - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application All Emails Providers MoboSpace published at the 'play' market has multiple vulnerabilities...

2.9AI score
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2003/02/19 12:0 a.m.31 views

EMUMAIL5.x.txt

1EMUMAIL 5.x parameter validation vulnerability. --------------------------- Summary -------- Parameter validation bugs exist in 2 of the most popular Greek Free e-mail providers. The problem also there is on many other servers worldwide.The affected software is EMUMAIL 5.x used by Mail.gr and th...

7.4AI score
Exploits0
Rows per page
Query Builder