Debian dla-4617 : dovecot-auth-lua - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4617 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4617-1 [email protected]...

CVE-2026-30878

CVE-2026-30878 affects baserCMS. Before 5.2.3, the public mail submission API allowed unauthenticated users to submit mail form entries even when the form was not accepting submissions, bypassing administrative controls and enabling spam via the API. This issue is patched in version 5.2.3 . The C...

CVE-2025-65925

An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...

PT-2025-54195

Name of the Vulnerable Software and Affected Versions Zeroheight versions prior to 2025-06-13 Description A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, th...

CVE-2025-65925

An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...

CVE-2025-65925

CVE-2025-65925 affects Zeroheight SaaS prior to 2025-06-13, where a legacy user-creation API path allowed accounts to be created without completing email verification. Unverified accounts could not access product functionality, but the bypassed verification controls enabled unintended account cre...

MAL-2025-51672 Malicious code in eko-kue16-sluey (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aef7b827774b98dd4e95a80b6fcfd89934d17196becf3dcfc30df636ab30154e The package eko-kue16-sluey was found to contain malicious code. This package appears to be part of the tea.xyz token reward campaign that flooded np...

EUVD-2021-24182

Malware in sbrugna...

EUVD-2025-16166

Malicious code in bioql PyPI...

EUVD-2024-0596

Malicious code in bioql PyPI...

EUVD-2025-6994

Malicious code in bioql PyPI...

EUVD-2023-1778

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2016-5013

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound spam. CVE-2016-5013 Note that Nessus relies on the presence of...

CVE-2025-49583 XWiki provides no warning when granting XWiki.Notifications.Code.NotificationEmailRendererClass admin right

XWiki is a generic wiki platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can ...

PT-2025-5636 · Tshock · Tshock

Name of the Vulnerable Software and Affected Versions: TShock affected versions not specified Description: This issue allows malicious clients to connect to a server without completing the connection handshake, occupying a player slot, and receiving data from the server, even if they are banned...

PT-2024-35958 · Unknown · Sp-Php-Email-Handler

Name of the Vulnerable Software and Affected Versions: sp-php-email-handler versions prior to 1.0.0 Description: The sp-php-email-handler PHP package is vulnerable to abuse, allowing malicious actors to specify arbitrary email recipients and include user-provided content in confirmation emails...

Broken Access Control in Alert manager: Viewer can send test alerts

Grafana is an open-source platform for monitoring and observability. The option to send a test alert is not available from the user panel UI for users having the Viewer role. It is still possible for a user with the Viewer role to send a test alert using the API as the API does not check access t...

Postfix mail server IPv6 configuration unauthorized mail relaying

In specific configurations, for example if ran in chroot environment on IPv6 network, message relaying is not limited allowing relay to be used for SPAM sending...

MTA Open Mail Relaying Allowed

Nessus has detected that the remote SMTP server allows mail relaying. This issue allows any spammer to use your mail server to send their mail to the world, thus flooding your network bandwidth and possibly getting your mail server blacklisted. C Tenable Network Security, Inc. include'compat.inc'...