Astra Linux - уязвимость в python3.11, python2.7, python3.7

There is a medium-severity vulnerability affecting CPython. The email module does not properly quote newlines for email headers when serializing an email message, allowing for header injection when an email is serialized...

Astra Linux - уязвимость в python3.11, python3.7

The email module, specifically the “BytesGenerator” class, did not properly quote newlines for email headers when serializing an email message. This issue occurs only when using “LiteralHeader” to write headers that do not follow email folding rules. The new behavior will reject incorrectly folde...

Important: python3.9

Issue Overview: When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email messages where addresses are user-controlled and not sanitized. CVE-2025-11468 User-controlled...

CVE-2026-34975

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment filenames were interpolated directly into raw MIME...

plunk 注入漏洞

Plunk is an open-source email sending and management platform developed by Plunk. Versions of Plunk prior to 0.8.0 had a vulnerability related to injection attacks. This vulnerability stemmed from the CRLF header injection in the SESService.ts file, which could allow authenticated API users to...

CVE-2026-2442

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 2.0.7. This is due to the contact form handler performing placeholder substitution on...

CVE-2026-2442

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 2.0.7. This is due to the contact form handler performing placeholder substitution on...

CLSA-2026-1774438452 python3.11: Fix of 3 CVEs

CVE-2026-1299: Fix header injection; quote newlines in email headers and reject incorrectly folded LiteralHeader values during serialization with BytesGenerator. - CVE-2026-0865: Fix header injection via user-controlled header names and values containing newlines; sanitize and reject header names...

CLSA-2026-1774022191 python3.9: Fix of 4 CVEs

CVE-2026-0865: reject control characters in wsgiref headers - CVE-2025-15366: reject control characters in IMAP commands - CVE-2025-15367: reject control characters in POP3 commands - CVE-2026-1299: verify headers are sound in email BytesGenerator...

AlmaLinux 8 : python3.11 (ALSA-2026:4473)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4473 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

SEPPmail Secure Email Gateway 安全漏洞

SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.1 contained security vulnerabilities. These vulnerabilities stemmed from incorrect interpretation of email addresses in email header...

SUSE-SU-2026:0642-1 Security update for python313

This update for python313 fixes the following issues: Update to Python 3.13.12 - CVE-2026-0672: Fixed a HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel. bsc1257031 - CVE-2026-0865: Fixed a bug where a user-controlled header containing newlines...

SUSE-SU-2026:0645-1 Security update for python3

This update for python3 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

SUSE-SU-2026:0613-1 Security update for python310

This update for python310 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using...

CLSA-2026-1771925958 python2: Fix of 2 CVEs

CVE-2026-1299: reject email header values containing newlines without whitespace to prevent header injection and info leak via the buffer protocol - CVE-2024-6923: ensure email headers are encoded and verified correctly, raising exceptions for malformed input to prevent processing of invalid or...

Amazon Linux 2023 : python3.12, python3.12-devel, python3.12-idle (ALAS2023-2026-1444)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1444 advisory. When folding a long comment in an email header containing exclusively unfoldable characters, the parenthesis would not be preserved. This could be used for injecting headers into email message...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 : Python vulnerabilities (USN-8018-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8018-1 advisory. Denis Ledoux discovered that Python incorrectly parsed email message headers. An...

USN-8018-1: Python vulnerabilities

Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this issue to inject arbitrary headers into email messages. This issue only affected python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and...

USN-8018-1 python3.14, python3.13, python3.12, python3.11, python3.10, python3.9, python3.8, python3.7, python3.6, python3.5, python3.4 vulnerabilities

Denis Ledoux discovered that Python incorrectly parsed email message headers. An attacker could possibly use this issue to inject arbitrary headers into email messages. This issue only affected python3.6, python3.7, python3.8, python3.9, python3.10, python3.11, python3.12, python3.13, and...

Authorization Bypass Through User-Controlled Key

Overview agents is an A home for your AI agents Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the createHeaderBasedEmailResolver function. An attacker can redirect inbound email to arbitrary internal objects by manipulating the Message-ID...