112 matches found
[BSA-135] Security Update for exim4
Andreas Metzler uploaded new packages for exim4 which fixed the following security problems: CVE-2026-48840 PROXYv2 parser: reject PROXY frames whose declared payload length is too short for the claimed address family 12 bytes for TCPv4/0x11, 36 bytes for TCPv6/0x21. Previously a frame with...
Hiding Bluetooth Trackers in Mail
It was used to track a Dutch naval ship: Dutch journalist Just Vervaart, working for regional media network Omroep Gelderland, followed the directions posted on the Dutch government website and mailed a postcard with a hidden tracker inside. Because of this, they were able to track the ship for...
Credit Resources Vault: Why this credit email set off our scam alarms
If there is anything that annoys me more than a scammer, it's companies that behave like one, while staying just on the right side of the law. They manage to linger and disappoint customers for years. It's also why sometimes people think that Malwarebytes Scam Guard can be overly cautious when...
CVE-2026-32757
Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject...
CVE-2026-32757
Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject...
CVE-2026-32757
Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject...
Cross-site Scripting (XSS)
Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the ecardmessage handling process. An attacker can inject arbitrary HTML and JavaScript into greeting car...
PT-2026-25855
Summary The eCard send handler in Admidio uses the raw $ POST'ecard message' value instead of the HTMLPurifier-sanitized $formValues'ecard message' when constructing the greeting card HTML. This allows an authenticated attacker to inject arbitrary HTML and JavaScript into greeting card emails sen...
A Bootiful Podcast: Spring community legend and friend Simon Martinelli
Hi, Spring fans! Happy Thanksgiving from me, and I am sure the entire Spring team, to you! We are, it should be clear, oh so very grateful.. thankful.. for you, the community. This week it is my great pleasure to chat with Spring community legend Simon Martinelli...
curl: Hi Hacker
Hi Hacker Impact Summary:...
EUVD-2008-2205
Malware in sbrugna...
EUVD-2008-2206
Malware in sbrugna...
EUVD-2025-12085
Malicious code in bioql PyPI...
Malicious code in @espace-client-axafr/greeting-message (npm)
The package communicates with a domain associated with malicious activity...
MAL-2025-41389 Malicious code in greeting-agent (npm)
The package communicates with a domain associated with malicious activity...
Malicious code in greeting-agent (npm)
The package communicates with a domain associated with malicious activity...
CVE-2025-51462
Stored Cross-site Scripting XSS vulnerability in api.apps.dialogapp.setdialog in RAGFlow 0.17.2 allows remote attackers to execute arbitrary JavaScript via crafted input to the assistant greeting field, which is stored unsanitised and rendered using a markdown component with rehype-raw...
TelegAI Cross Site Scripting
TelegAI, a web application for constructing and chatting with AI Characters, is vulnerable to persistent cross site scripting vulnerabilities in its chat component and character container component. An attacker can achieve arbitrary client-side script execution by crafting an AI Character with SV...
CVE-2025-46435
Cross-Site Request Forgery CSRF vulnerability in Yash Binani Time Based Greeting time-based-greeting allows Stored XSS.This issue affects Time Based Greeting: from n/a through = 2.2.2...
WordPress Time Based Greeting plugin <= 2.2.2 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Time Based Greeting versions = 2.2.2...