CVE-2026-7621

The SMTP2GO for WordPress – Email Made Easy plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.16.0. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers,...

More PayPal emails hijacked to deliver tech support scams

Scammers have found another way to get deceptive messages delivered through PayPal’s legitimate services. In December 2025, we reported that PayPal closed a loophole that let scammers send real emails with fake purchase notices. In those cases, scammers created a PayPal subscription and then paus...

CVE-2018-25309 MyBB Recent threads 17.0 Persistent Cross-Site Scripting

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

EUVD-2018-21830

MyBB Recent threads 17.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by creating threads with crafted subject lines. Attackers can create threads with script tags in the subject parameter to execute arbitrary JavaScript in the browser...

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from a flaw that allowed attackers to hide security labels for...

Security update for MozillaThunderbird (important)

openSUSE Security Update: Security update for MozillaThunderbird Announcement ID: openSUSE-SU-2021:0093-1 Rating: important References: 1180623 Cross-References: CVE-2020-16044 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update...

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft's customer support portal an...

Stack overflow

Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines...

CVE-2014-0469

Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines...

CVE-2014-0469

Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subject lines...

Adobe Warns of Phishing Attacks Likely Stemming From Breach

When hackers breached Adobe in October and spilled millions of its customers’ IDs and encrypted passwords, it was all but certain the attack would result in a wave of subsequent phishing attacks. It wasn’t exactly clear how soon the attacks would come or what form they’d come in, but after two...

RoundCube Webmail cross-site request forgery vulnerability

Overview RoundCube Webmail from the RoundCube Project contains a cross-site request forgery vulnerability. RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information...

JVN#33820033 RoundCube Webmail cross-site request forgery vulnerability

RoundCube Webmail is an open source webmail client from the RoundCube Project. RoundCube Webmail contains a cross-site request forgery vulnerability that may allow disclosure of information such as email subject lines. Impact Information such as email subject lines may be disclosed on the web...

Design/Logic Flaw

Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service memory exhaustion and interrupted mail recovery via malformed e-mail header information, possibly related to 1 long subject lines or 2 large numbers of recipients in To or CC headers...

CVE-2006-5902

viksoe GMail Drive shell extension allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by 1 a GMAILFS: 13;a;1 message with a new filename and a file attachment, which injects a new file into the filesystem; 2 a GMAILFS:...

CVE-2006-5902

viksoe GMail Drive shell extension allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by 1 a GMAILFS: 13;a;1 message with a new filename and a file attachment, which injects a new file into the filesystem; 2 a GMAILFS:...