Astra Linux - уязвимость в libksba

A vulnerability was discovered in the Libksba library due to an integer overflow within the CRL parser. This vulnerability can be exploited remotely to execute code on the target system by passing specially crafted data to the application, such as a malicious S/MIME attachment...

EUVD-2019-0528

Malware in sbrugna...

EUVD-2024-1155

Malicious code in bioql PyPI...

EUVD-2022-42884

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-57004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading t...

Linux Distros Unpatched Vulnerability : CVE-2024-42008

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send...

CVE-2025-45055

Silverpeas 6.4.2 is affected in the Event Management module by a stored XSS flaw: an authenticated user can upload a malicious SVG as an event attachment, and when an administrator views it, embedded JavaScript can run in the admin session. This stems from insufficient sanitization of SVG files a...

CVE-2020-14009

Proofpoint Enterprise Protection PPS/PoD before 8.16.4 contains a vulnerability that could allow an attacker to deliver an email message with a malicious attachment that bypasses scanning and file-blocking rules. The vulnerability exists because messages with certain crafted and malformed multipa...

CVE-2019-10076

A carefully crafted malicious attachment could trigger an XSS vulnerability on Apache JSPWiki 2.9.0 to 2.11.0.M3, which could lead to session hijacking...

CVE-2024-10635

Enterprise Protection contains an improper input validation vulnerability in attachment defense that allows an unauthenticated remote attacker to bypass attachment scanning security policy by sending a malicious S/MIME attachment with an opaque signature. When opened by a recipient in a downstrea...

PT-2025-18114 · Unknown · Enterprise Protection

Name of the Vulnerable Software and Affected Versions: Enterprise Protection affected versions not specified Description: The issue is related to an improper input validation vulnerability in the attachment defense of Enterprise Protection. This vulnerability allows an unauthenticated remote...

DEBIAN-CVE-2024-57004

Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session...

UBUNTU-CVE-2024-57004

Cross-Site Scripting XSS vulnerability in Roundcube Webmail 1.6.9 allows remote authenticated users to upload a malicious file as an email attachment, leading to the triggering of the XSS by visiting the SENT session...

Roundcube Webmail 安全漏洞

Roundcube Webmail is a browser-based open source IMAP client from Roundcube Open Source that supports address book management, message searching, spell checking, and more. A security vulnerability exists in Roundcube Webmail version 1.6.9, which stems from the presence of a cross-site scripting X...

Grist 跨站脚本漏洞

Grist is a modern relational spreadsheet open-sourced by Grist. A cross-site scripting vulnerability exists in Grist versions prior to 1.3.2, which stems from a JavaScript in an SVG file that can be executed in the context of the user's current page, thereby compromising the account of a user who...

thorsten/phpmyfaq Unintended File Download Triggered by Embedded Frames

Summary A vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an element without user interaction or explicit consent. Details In...

MMS Client

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MMS Client', 'Description' = %q This module sends an MMS message to multiple phones of the same carrier. You can use it to send a malicious...

SUSE CVE-2024-42008

A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header...

DEBIAN-CVE-2024-42008

A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header...

UBUNTU-CVE-2024-42008

A Cross-Site Scripting vulnerability in rcmailactionmailget-run in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a remote attacker to steal and send emails of a victim via a malicious e-mail attachment served with a dangerous Content-Type header...