EUVD-2025-209669

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

CVE-2025-31951

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

CVE-2025-31951 HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

CVE-2025-31951

Technical details for CVE-2025-31951 are not publicly available in the provided documents; no specifics on affected versions, root cause, or mitigations are included. Monitor for updates.

CVE-2025-31951

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

PT-2026-37444

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution...

curl: SMTP CRLF Injection & Protocol Desynchronization in libcurl

Executive Summary A critical security vulnerability has been identified in libcurl's SMTP protocol handler. The vulnerability allows for SMTP Command Smuggling and Protocol Desynchronization by injecting CRLF sequences into email address fields. This can be exploited to bypass security controls,...

SMTP Command-smuggling

github.com/wneessen/go-mail is vulnerable to SMTP command-smuggling. The vulnerability is due to incorrect handling of mail.Address values when constructing the MAIL FROM and RCPT TO SMTP commands, which allows an attacker to smuggle extra ESMTP parameters or manipulate recipient routing by...

EUVD-2023-23566

Malicious code in bioql PyPI...

curl: CRLF injection in libcurl's SMTP client via --mail-from and --mail-rcpt allows SMTP command smuggling

Summary: libcurl's SMTP client is vulnerable to CRLF injection via the --mail-from and --mail-rcpt parameters. An attacker can inject newline characters to smuggle SMTP commands like VRFY, potentially enabling user enumeration or protocol abuse. While curl may fail after injection, the injected...