Lucene search
K

60 matches found

EUVD
EUVD
added 2026/06/22 12:50 p.m.7 views

EUVD-2026-38237

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 12:50 p.m.3 views

CVE-2026-7167

The vulnerability arises when the system fails to properly validate the 'email' field during the authentication process, allowing unverified or fake email addresses to be accepted. This lack of validation enables the creation of user accounts with fake email addresses, facilitating the mass...

6.9CVSS5.8AI score0.00357EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2025/03/26 11:3 a.m.42 views

Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. Here's how it works: Cybercriminals send a fake Booking.com email to a hotel’s email address, asking...

7.5AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/05/24 6:30 p.m.28 views

Insecure Default Initialization In Liferay Portal

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property...

7.5CVSS6.9AI score0.00737EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/05/24 5:15 p.m.30 views

CVE-2023-33949

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property...

7.5CVSS7.2AI score0.00737EPSS
Exploits0References1
Prion
Prion
added 2023/05/24 5:15 p.m.18 views

Default configuration

In Liferay Portal 7.3.0 and earlier, and Liferay DXP 7.2 and earlier the default configuration does not require users to verify their email address, which allows remote attackers to create accounts using fake email addresses or email addresses which they don't control. The portal property...

5CVSS7.5AI score0.00737EPSS
Exploits0References1Affected Software2
CNNVD
CNNVD
added 2023/05/24 12:0 a.m.15 views

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

7.5CVSS7.3AI score0.00737EPSS
Exploits0References2
Malwarebytes
Malwarebytes
added 2023/04/24 1:0 a.m.12 views

A week in security (April 17 - 23)

Last week on Malwarebytes Labs: Fake Chrome updates spread malware Woman tracks down and turns table on Airbnb scammer Update Chrome now! Google patches actively exploited flaw Beware: Fake IRS tax email wants your Microsoft account Ransomware in Germany, April 2022 - March 2023 Living Off the La...

6.5AI score
Exploits0
hivepro
hivepro
added 2023/03/22 6:43 a.m.22 views

Gozi Malware Spreads through Fake Italian Revenue Agency Email Campaign

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary A fake Italian Revenue Agency email campaign tricks victims into downloading a malicious attachment that installs Gozi, a binary that bypasses Italys geofencing and creates a loader process on the victim...

6.7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/02/24 2:15 p.m.41 views

Fake Amazon Prime email abuses LinkedIn's URL shortener

Over the last few days, scammers have been sending out phishing mails that disguise bogus URLs with something called Slinks--shortened Linkedin URLs. The shortened URLs redirect users to a different URL when they are clicked. If youve ever seen a Tiny URL, or a Bit.ly link, youll already be...

7.3AI score
Exploits0
OSV
OSV
added 2022/06/22 1:15 p.m.20 views

CVE-2022-23079

In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim...

6.8CVSS7.3AI score0.01284EPSS
Exploits1References2
ThreatPost
ThreatPost
added 2021/11/16 10:33 p.m.17 views

FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment

Vinny Troia, the cybersecurity researcher mentioned in a fake alert gushed out to thousands of people from the FBI’s own email system on Friday night, has fingered the guy who allegedly pulled off the exploit. Register now for our LIVE event! Troia – white hat threat hunter, cybercrime investigat...

7.3AI score
Exploits0References22
HackRead
HackRead
added 2021/11/15 7:11 p.m.17 views

Hacker accessed FBI server to send fake email threats

By Waqas The FBI has categorically denied sending spam emails from its server, which according to reports, hit 100,000 inboxes. This is a post from HackRead.com Read the original post: Hacker accessed FBI server to send fake email threats...

7AI score
Exploits0
RubySec
RubySec
added 2020/12/08 12:0 a.m.28 views

omniauth-apple allows attacker to fake their email address during authentication

Impact This vulnerability impacts applications using the omniauth-apple strategy of OmniAuth and using the info.email field of OmniAuth's Auth Hash Schema for any kind of identification. The value of this field may be set to any value of the attacker's choice including email addresses of other...

7.7CVSS7AI score0.01322EPSS
Exploits1References1Affected Software1
Atlassian
Atlassian
added 2020/04/01 4:7 a.m.22 views

Customers created via the Customer Portal do not trigger an email verification

In affected versions of Jira Service Desk Server and Data Centre, it was possible to create customers with fake email addresses via the Customer Portal. This is now resolved with email verification. Affected versions: version 3.16.13 4.0.0 ≤ version 4.5.3 4.6.0 ≤ version 4.7.0 Fixed versions:...

5.4AI score
Exploits0
Hacker One
Hacker One
added 2020/01/09 2:59 p.m.17 views

Ping Identity: No valid SPF record not found

There are no SPF Records found for ort-admin.pingone.com Description: There is an email spoofing vulnerability. Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used i...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2019/09/06 7:14 p.m.52 views

Back-to-School Scams Target Students with Library-Themed Emails

College students settling back into school might want to think twice before clicking on an email prompting them to renew their school library account. Researchers warn that students at hundreds of universities worldwide are being targeted with fake emails this week, which tout attachments or link...

Exploits0References8
Hacker One
Hacker One
added 2019/06/25 12:18 p.m.86 views

Chainlink: No Valid SPF Records.

Hiii, There is any issue No valid SPF Records Desciprition : There is a email spoofing vulnerability.Email spoofing is the forgery of an email header so that the message appears to have originated from someone or somewhere other than the actual source. Email spoofing is a tactic used in phishing...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2019/04/25 7:8 p.m.25 views

Khan Academy: Users can make accounts with a fake email address.

A valid email address is not required to create a Khan Academy account. We do not consider this a security vulnerability...

4AI score
Exploits0
Hacker One
Hacker One
added 2018/07/21 8:20 p.m.24 views

Nextcloud: Missing SPF flags for customerupdates.nextcloud.com

Hey, I just checked for SPF records for the customerupdates.nextcloud.com domain, and there are none. The fake message reaches the inbox from this domain. Not spam. You can validate by testing yourself here: http://www.kitterman.com/spf/validate.html This subdomain too: update.nextcloud.com Impac...

0.3AI score
Exploits0
Rows per page
Query Builder