PT-2026-28600

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 2.8.0 Description Stirling-PDF is a locally hosted web application designed for PDF file operations. The /api/v1/convert/eml/pdf API endpoint, when used with the downloadHtml=true parameter, returns unsanitized...

EUVD-2025-199813

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

CVE-2025-59025

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

CVE-2025-59025

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

CVE-2025-59025

Technical details about CVE-2025-59025 are not publicly available in the provided documents; monitor for updates from vendors and security portals.

CVE-2025-59025

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

PT-2025-48257

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

PT-2025-44595

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Malicious content delivered via email can be leveraged to conduct a redressing attack. This allows attackers to deceive users into performing unintended actions or disclosing sensitive information to...

CVE-2025-62527 Taguette vulnerable to password reset link poisoning

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been...

CVE-2025-61541

Webmin 2.510 is vulnerable to a Host Header Injection in the password reset functionality forgotsend.cgi. The reset link sent to users is constructed using the HTTP Host header via getwebminemailurl. An attacker can manipulate the Host header to inject a malicious domain into the reset email. If ...

EUVD-2018-8394

Malware in sbrugna...

EUVD-2020-30701

Malware in sbrugna...

EUVD-2018-7338

Malware in sbrugna...

Phishers target 1Password users with convincing fake breach alert

In a very recent and well-targeted phishing attempt, scammers tried to get hold of the 1Password credentials belonging to a Malwarebytes’ employee. Stealing someone’s 1Password login would be like hitting the jackpot for cybercriminals, because they potentially export all the saved logins the...

Claude Code vulnerable to arbitrary code execution caused by maliciously configured git email

At startup, Claude Code constructed a shell command that interpolated the value of git config user.email from the current workspace. If an attacker controlled the repository’s Git config e.g., via a malicious .git/config and set user.email to a crafted payload, the unescaped interpolation could...

PT-2025-35857

🚨 Critical Ubuntu security update: USN-7730-1 patches multiple high-severity CVEs CVE-2024-54944, CVE-2024-54945, CVE-2024-54946 in pim-messagelib. Impact: Arbitrary Code Execution & DoS via malicious email. Read more: 👉 https://t.co/V5mT0mH48S https://t.co/WCyLrhUwsD...

PT-2025-35855

🚨 Critical Ubuntu security update: USN-7730-1 patches multiple high-severity CVEs CVE-2024-54944, CVE-2024-54945, CVE-2024-54946 in pim-messagelib. Impact: Arbitrary Code Execution & DoS via malicious email. Read more: 👉 https://t.co/V5mT0mH48S https://t.co/WCyLrhUwsD...

Linux Distros Unpatched Vulnerability : CVE-2018-16586

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Open Ticket Request System OTRS 4.0.x before 4.0.32, 5.0.x before 5.0.30, and 6.0.x before 6.0.11, an attacker could send a malicious email to an OTRS system...