CVE-2026-40574

A flaw was found in OAuth2 Proxy, a reverse proxy providing authentication using OAuth2 providers. A remote attacker can exploit an authorization bypass vulnerability by crafting a malicious email claim. This allows the attacker to bypass emaildomain restrictions, which are used to limit access t...

CVE-2026-34071 Stirling-PDF has Stored Cross Site Scripting (XSS) via EML-to-HTML Export

Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An attacker who sends a...

PT-2026-28600

Name of the Vulnerable Software and Affected Versions Stirling-PDF versions prior to 2.8.0 Description Stirling-PDF is a locally hosted web application designed for PDF file operations. The /api/v1/convert/eml/pdf API endpoint, when used with the downloadHtml=true parameter, returns unsanitized...

Email Address Parsing Vulnerability

next-auth is vulnerable to email address parsing vulnerability. The vulnerability is due to an incorrect address parsing behavior in Nodemailer, which allows an attacker to craft a malicious email input that redirects authentication or verification emails to an attacker-controlled mailbox instead...

EUVD-2025-199813

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

CVE-2025-59025

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

CVE-2025-59025

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

CVE-2025-59025

Technical details about CVE-2025-59025 are not publicly available in the provided documents; monitor for updates from vendors and security portals.

CVE-2025-59025

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

Open-Xchange OX App Suite 安全漏洞

Open-Xchange OX App Suite is a productivity application suite from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite that originates from malicious email content executable script code that could lead to the disclosure of sensitive information...

PT-2025-48257

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

EUVD-2025-37316

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

CVE-2025-30191

Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to perform unintended actions or provide sensitive information to a third party which would enable further threats. Attribute values containing HTML fragments are now denied by the sanitization procedur...

CVE-2025-30191

Open-Xchange OX App Suite is affected by CVE-2025-30191. The issue involves malicious email content exploited to trigger redressing attacks, allowing users to perform unintended actions or disclose information. The underlying cause, as stated, is the sanitization procedure that now denies attribu...

Open-Xchange OX App Suite 安全漏洞

Open-Xchange OX App Suite is a productivity application suite from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite that stems from malicious email content that can be used to perform redirection attacks, potentially causing users to perform unintended actions or...

PT-2025-44595

Name of the Vulnerable Software and Affected Versions affected versions not specified Description Malicious content delivered via email can be leveraged to conduct a redressing attack. This allows attackers to deceive users into performing unintended actions or disclosing sensitive information to...

PT-2025-44034

🚨 CRITICAL PATCH ALERT for RockyLinux users! CVE-2025-18320 is a high-severity RCE flaw in Thunderbird. Exploitable via a malicious email. Read more: 👉 https://t.co/XnHuPpfWQ0 Security https://t.co/lb1R6uFUvt...

PYSEC-2025-187

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been...

CVE-2025-62527 Taguette vulnerable to password reset link poisoning

Taguette is an open source qualitative research tool. An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim. This issue has been...