CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

EUVD-2026-10423

flarum/nicknames extension has display name injection in notification emails autolink & markdown...

EUVD-2026-10422

flarum/nicknames extension has display name injection in notification emails autolink & markdown...

CVE-2026-30913

Flarum is open-source forum software. When the flarum/nicknames extension is enabled, a registered user can set their nickname to a string that email clients interpret as a hyperlink. The nickname is inserted verbatim into plain-text notification emails, and recipients may be misled into visiting...

PT-2026-24146

Name of the Vulnerable Software and Affected Versions Flarum affected versions not specified Description The Flarum forum software, when used with the flarum/nicknames extension, allows a registered user to set a nickname that email clients may interpret as a hyperlink. This nickname is directly...

Linux Distros Unpatched Vulnerability : CVE-2023-43770

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of...

DEBIAN-CVE-2020-35730

An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkrefaddindex in rcubestringreplacer.php...

Microsoft Office Information Disclosure Vulnerability (CNVD-2018-08640)

Microsoft Office 2010 SP2 and others are products of Microsoft Corporation.Microsoft Office 2010 SP2 is an office software suite product.Word 2007 SP3 is a word processing software. An information disclosure vulnerability exists in Microsoft Word and Office. A remote attacker can exploit this...

Anonymous Hacker took down over 10,000 Dark Web Sites; Leaked User Database

Dark Web is right now going through a very rough time. Just two days ago, a hacker group affiliated with Anonymous broke into the servers of Freedom Hosting II and took down more than 10,000 Tor-based .onion dark websites with an alarming announcement to its visitors, which said: "Hello, Freedom...

HackerOne: HackerOne Important Emails Notification are sent in clear-text

Our e-mail provider at the time had problems where some e-mails would not be sent out over TLS. Based on data from Google Postmaster Tools, we were seeing as high as 12% of our e-mail from our provider to Google mail servers not encrypted. We opened a case with them on March 31st, 2016, about thi...

Osama Bin Laden-Themed Phishing

Summary The intent of this advisory is to provide general guidance to public and private sector organizations and individuals on potential targeted phishing attacks often referred to as “spear phishing” with respect to the Osama Bin Laden related media reporting, and to offer some suggested metho...

security flaw

Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line...

DEBIAN-CVE-2006-0040

GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service CPU and memory consumption via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml...