CVE-2025-50340 – SOGo Webmail IDOR Email Spoofing

August 4, 2025

CVE ID : CVE-2025-50340

Published : Aug. 4, 2025, 8:15 p.m. | 3 hours, 28 minutes ago

Description : An Insecure Direct Object Reference (IDOR) vulnerability was discovered in SOGo Webmail thru 5.6.0, allowing an authenticated user to send emails on behalf of other users by manipulating a user-controlled identifier in the email-sending request. The server fails to verify whether the authenticated user is authorized to use the specified sender identity, resulting in unauthorized message delivery as another user. This can lead to impersonation, phishing, or unauthorized communication within the system.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-55014 – Youdao StarDict X11 Selection Information Disclosure

Next Article CVE-2025-8522 – Givanz Vvvebjs Node.js File Path Traversal Vulnerability

Highlights

CVE-2025-37820 – Xen-netfront NULL Pointer Dereference and Memory Leak Vulnerability

May 8, 2025

CVE ID : CVE-2025-37820

Published : May 8, 2025, 7:15 a.m. | 58 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

xen-netfront: handle NULL returned by xdp_convert_buff_to_frame()

The function xdp_convert_buff_to_frame() may return NULL if it fails
to correctly convert the XDP buffer into an XDP frame due to memory
constraints, internal errors, or invalid data. Failing to check for NULL
may lead to a NULL pointer dereference if the result is used later in
processing, potentially causing crashes, data corruption, or undefined
behavior.

On XDP redirect failure, the associated page must be released explicitly
if it was previously retained via get_page(). Failing to do so may result
in a memory leak, as the pages reference count is not decremented.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-50340 – SOGo Webmail IDOR Email Spoofing

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

I test a lot of AI coding tools, and this stunning new OpenAI release just saved me days of work

UNC1151 Exploits Roundcube Flaw in Spear Phishing Attack

CVE-2025-46722 – VLLM Image Hash Collision Vulnerability

CVE-2025-1411 – IBM Security Verify Directory Container Privilege Escalation Vulnerability

CVE-2025-37820 – Xen-netfront NULL Pointer Dereference and Memory Leak Vulnerability

CVE-2025-3055 – WordPress User Frontend Pro File Deletion Vulnerability

DevSecOps Phase 4B: Manual Penetration Testing

Free After Effect Templates – 49 Stunning Intros, Logo Reveals, Titles & More

CVE-2025-50340 – SOGo Webmail IDOR Email Spoofing

Related Posts