MiracleLinux 8 : gnupg2-2.2.20-2.el8 (AXSA:2021-1082:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1082:01 advisory. GnuPG: interaction between the sks-keyserver code and GnuPG allows for a Certificate Spamming Attack which leads to persistent DoS CVE-2019-13050 Tenable has...

EUVD-2007-4477

Malware in sbrugna...

CVE-2025-35432

CVE-2025-35432 (CISA Thorium): Thorium versions prior to 1.1.1 did not rate limit account verification email requests, allowing a remote unauthenticated attacker to flood a user pending verification with unlimited messages. The issue is resolved in 1.1.1 by enabling a default rate limit of 10 min...

pixiv: Bypassing Inbox Privacy Settings and Enabling Spam on Pixiv.net

A vulnerability was discovered in the messaging system of Pixiv.net. The vulnerability allowed any user to bypass the inbox privacy settings and send messages to another user who had disabled their inbox. The vulnerability was triggered by manipulating the id parameter in the message-sending POST...

Using application logic to create an email spam attack

Description On every 3 invalid attempts the application sends a new code to the email associate with the account . An attacker can misuse this functionality of the code to create a spam attack Proof of Concept Pre-Requisites: 2FA must be enabled for your account 1 Go to...

No rate limit on email triggering during "resend email" action results in email flooding or a spam attack or a financial loss to the company itself

Description When a user is setting up 2FA , a verification code will be sent to the registered email . There is no rate limit on email triggering that will result in an email flood / does attack or will also increase the expenses on your mail server as an attacker can send 1 million emails throug...

New Spam Attack Abusing OAuth Apps to Target Microsoft Exchange Servers

By Deeba Ahmed According to Microsoft 365 Defender Research Team, in an incident they analyzed, malicious OAuth applications were deployed on compromised cloud tenants, and eventually, attackers took over Exchange servers to carry out spam campaigns. This is a post from HackRead.com Read the...

Improper Access Control in liangliangyy/djangoblog

Description "formvalid" function in comments/views.py file performs the task of saving user comments. However, this function doesn't check the status of article, so users can leave comments on draft article or public article with commentstatus is off. Proof of Concept - Step 1: Login as admin in...

Did a Security Researcher Guess Trump’s Twitter Password?

Plus: An Among Us spam attack, China’s favorite vulnerabilities, and more of the week’s top security news...

Weblate: No Rate Limiting at /contact

Hi Weblate Security Team, How are you? Hope you all have a good day and doing well just like me. : I've found a No Rate Limiting in contact directory of your site because there is no mitigation in there like adding a captcha, In this case the attacker can spam you...

Locky Ransomware Now Part Of Massive Spam Attack

Researchers are tracking a massive spam campaign pelting inboxes with Locky ransomware downloaders in the form of JavaScript attachments. The huge spike, reported by security firm Trustwave, represents an extraordinary uptick in the attempted distribution of the Locky ransomware. Trustwave said...

Facebook Password-Reset Spam is Botnet Attack

Virus hunters are raising the alarm for a large-scale spam attack that uses fake Facebook password-reset messages to trick PC users into downloading a dangerous piece of malware. The malicious executable is linked to the Bredolab botnet, which has been linked to massive spam runs and identity-the...

Accellion File Transfer Appliance Error Report Message - Open Email Relay

Accellion File Transfer Appliance Error Report Message - Open Email Relay source: https://www.securityfocus.com/bid/31178/info Accellion File Transfer Appliance is prone to an open-email-relay vulnerability. An attacker could exploit this issue by constructing a script that would send unsolicited...

Accellion File Transfer Appliance Error Report Message - Open Email Relay

source: https://www.securityfocus.com/bid/31178/info Accellion File Transfer Appliance is prone to an open-email-relay vulnerability. An attacker could exploit this issue by constructing a script that would send unsolicited spam to an unrestricted amount of email addresses from a forged email...

CVE-2006-0114

The CVE-2006-0114 entry concerns Joomla! 1.0.5 vCard handling. The affected component is Joomla!’s vCard functionality, which uses predictable, sequential vCard IDs and does not restrict access, enabling remote attackers to discover valid e-mail addresses by altering the contact_id parameter to i...