CVE-2026-25067 SmarterTools SmarterMail < Build 9518 Unauthenticated background-of-the-day Path Coercion

SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows U...

CVE-2026-25067 SmarterTools SmarterMail < Build 9518 Unauthenticated background-of-the-day Path Coercion

SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day preview endpoint. The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. On Windows systems, this allows U...

PT-2026-5247

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to build 9518 Description The application base64-decodes attacker-supplied input and uses it as a filesystem path without validation. This affects the background-of-the-day preview endpoint. On Windows...

SmarterTools SmarterMail security vulnerability

SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Previous versions of SmarterTools SmarterMail, including version 9518,...

MAL-2025-9518 Malicious code in @teamteanpm2024/et-culpa-illum (npm)

The package @teamteanpm2024/et-culpa-illum was found to contain malicious code...

CVE-2020-9518

Login filter can access configuration files vulnerability in Micro Focus Service Manager Web Tier, affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data...

CVE-2017-9518

atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP hostname and hijack all emails...

CVE-2024-9518

creationtimestamp| type| source ---|---|--- 2024-10-10 05:02:37+00:00| seen| https://t.me/cvedetector/7552 2026-06-22 19:37:08+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3movn4bdc5z2i...

CVE-2024-9518 UserPlus <= 2.0 - Unauthenticated Privilege Escalation

The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 2.0 due to insufficient restriction on the 'formactions' and 'userplusupdateuserprofile' functions. This makes it possible for unauthenticated attackers to specify their user role by supplyin...

Security Bulletin: Vulnerability in Netty affects watsonx.data

Summary Netty is vulnerable to a denial of service. For CVE-2019-9518, a remote attacker could cause watsonx.data to consume excessive CPU resources by sending a set of frames without an end-of-stream flag, eventually causing a denial of service condition. This would affect watsonx.data. For...

Security Bulletin: Vulnerabilities in Netty affect watsonx.data

Summary Netty is vulnerable to denial of service attacks and remote attack via restrictions bypass. These can affect watsonx.data. Vulnerability Details CVEID:CVE-2015-2156 DESCRIPTION: Netty could allow a remote attacker to bypass restrictions, caused by the improper validation of characters in ...

CVE-2015-9518

creationtimestamp| type| source ---|---|--- 2024-01-17 17:41:32+00:00| seen| https://t.me/ctinow/169363...

Ubuntu 18.04 ESM : Netty vulnerabilities (USN-4866-1)

The remote Ubuntu 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4866-1 advisory. It was discovered that Netty incorrectly implements HTTP/2. An attacker could possibly use this issue to cause a denial of service. CVE-2019-9512,...

BELL-CVE-2019-9518 CVE-2019-9518 does not affect BellSoft software

Bulletin has no description...

Security Bulletin: IBM Storage Protect is vulnerable to multiple attacks due to http2-server and http2-common

Summary IBM Storage Protect Server uses the http2-server and http2-common components and may be vulnerable to these attacks. Vulnerability Details CVEID:CVE-2019-9511 DESCRIPTION: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request ...

K46011592: HTTP/2 Empty Frames Flood vulnerability CVE-2019-9518

Security Advisory Description Some HTTP/2 implementations are vulnerable to a flood of empty frames, potentially leading to a denial of service. The attacker sends a stream of frames with an empty payload and without the end-of-stream flag. These frames can be DATA, HEADERS, CONTINUATION and/or...

Ubuntu: Security Advisory (USN-4866-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Netty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9514, CVE-2019-9512, CVE-2019-9518, CVE-2019-9515)

Summary Netty denial of service vulnerabilities affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVEID: CVE-2019-9514 DESCRIPTION: Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker...

Security Bulletin: WebSphere Application Server Liberty vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center)

Summary Multiple vulnerabilities in IBM WebSphere Application Server Liberty affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. IBM Spectrum Control has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2019-4304 DESCRIPTION: IBM WebSphere Application Server -...

Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (formerly Tivoli Storage Productivity Center) (CVE-2019-9511, CVE-2019-9512, CVE-2019-9513, CVE-2019-9514, CVE-2019-9515, CVE-2019-9516, CVE-2019-9517, CVE-2019-9518)

Summary Node.js denial of service vulnerabilities affect IBM Spectrum Control formerly Tivoli Storage Productivity Center. Vulnerability Details CVE-ID: CVE-2019-9511 Description: Multiple vendors are vulnerable to a denial of service, caused by a Data Dribble attack. By sending a HTTP/2 request ...