Lucene search
K

163 matches found

Rockylinux
Rockylinux
added 2 days ago5 views

ruby:4.0 security update

An update is available for module.rubygem-pg, module.rubygem-mysql2, rubygem-mysql2, rubygem-pg. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is an...

7.6CVSS5.8AI score0.00813EPSS
Exploits0
RedHat Linux
RedHat Linux
added 3 days ago5 views

ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments

A flaw was found in Net::IMAP, a Ruby library that provides Internet Message Access Protocol IMAP client functionality. This vulnerability allows a remote attacker to inject arbitrary IMAP commands. This is achieved by passing specially crafted symbol arguments to IMAP commands. Successful...

7.1CVSS6AI score0.00813EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 3 days ago5 views

Important: Red Hat Security Advisory: ruby security update

An update for ruby is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

7.6CVSS5.8AI score0.00813EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/18 2:25 p.m.5 views

Arbitrary Command Injection

Overview praisonaiagents is a Praison AI agents for completing complex tasks with Self Reflection Agents Affected versions of this package are vulnerable to Arbitrary Command Injection via unsanitized input in the searchemails, replyemail, and archiveemail functions. An attacker can execute...

8.6CVSS6AI score
Exploits0References2
Snyk
Snyk
added 2026/06/09 8:31 p.m.8 views

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection via the handling of raw data arguments in IMAP commands id and enable. An attacker can inject arbitrary IMAP commands by supplying specially crafted input containing CRLF sequences as arguments. This may allo...

5.9CVSS5.9AI score0.00131EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/29 7:23 p.m.15 views

AgenticMail API/storage and outbound relay hardening fixes

The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...

5.8AI score0.00014EPSS
Exploits0References8Affected Software2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.7 views

RockyLinux 8 : python3 (RLSA-2026:2128)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:2128 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

6CVSS5.8AI score0.0056EPSS
Exploits0References9
OSV
OSV
added 2026/05/21 4:24 p.m.16 views

RLSA-2026:2128 Moderate: python3 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS7.1AI score0.0056EPSS
Exploits0References5
OSV
OSV
added 2026/05/14 9:15 a.m.5 views

CLSA-2026-1778750122 Fix CVE(s): CVE-2026-27857

SECURITY UPDATE: imap-login excessive memory usage DoS ELSCVE-123445 - debian/patches/CVE-2026-27857.patch: limit IMAP parser open list count via new imapparserparams struct; cap pre-auth IMAPLOGINLISTCOUNTLIMIT to 1. Squashes upstream commits 825bc297, d0f67b52, af1fb4da, 3435e0d44. -...

7.5CVSS5.8AI score0.00667EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2026/05/13 12:0 a.m.7 views

FreeBSD : zeek -- potential DoS vulnerability (e665f0a2-fe6d-44b0-ba9e-d383f055a8a3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e665f0a2-fe6d-44b0-ba9e-d383f055a8a3 advisory. Wojtulewicz of Corelight reports: A specially-crafted series of MIME headers sent via SMTP or HTTP coul...

5.9AI score
Exploits0References2
NVD
NVD
added 2026/05/12 9:16 p.m.50 views

CVE-2026-35504

PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...

5.5CVSS0.00268EPSS
Exploits0References2
CVE
CVE
added 2026/05/12 8:19 p.m.20 views

CVE-2026-35504

CVE-2026-35504 affects PowerSYSTEM Center's email notification service, with a CRLF injection vulnerability when using SMTPS. The available data provides CVSS 4.0/3.1 base metrics (MEDIUM) and does not specify affected versions, root cause details, exploitation status, or remediation. The descrip...

5.5CVSS5.8AI score0.00268EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/12 2:17 p.m.8 views

CVE-2026-40020

Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...

4.3CVSS5.8AI score0.00271EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/12 1:28 p.m.15 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

7.5CVSS5.7AI score0.00667EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/12 1:28 p.m.11 views

CVE-2026-42006

An attacker can cause uncontrolled memory usage with excessive bracing over IMAP. The fix in CVE-2026-27857 was incomplete, only blocking one way of doing this, so there was still another way left open. In particular, the fix was for closing braces, but you could still use open braces to bypass t...

4.3CVSS5.7AI score0.00454EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 1:28 p.m.20 views

CVE-2026-42006

CVE-2026-42006 affects Dovecot IMAP servers; the issue is uncontrolled memory usage caused by excessive bracing over IMAP, arising from an incomplete fix to CVE-2026-27857. Public advisories across multiple distros (Debian, Ubuntu, Fedora, SUSE) document vulnerable dovecot packages and partial/ne...

7.5CVSS5.7AI score0.00454EPSS
Exploits0References4Affected Software2
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.13 views

PT-2026-40030

Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can cause uncontrolled memory usage via excessive bracing over IMAP. A previous fix was incomplete as it only blocked closing braces, allowing the memory limit to be bypassed using op...

9.1CVSS5.8AI score0.00454EPSS
Exploits0References30
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.21 views

PT-2026-40431

PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication...

5.5CVSS5.8AI score0.00268EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: fetchmail (UTSA-2026-017438)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017438 advisory. Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH. Tenable has extracted...

5.9CVSS6.3AI score0.00925EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.6 views

Unity Linux 20.1060e / 20.1070e Security Update: curl (UTSA-2026-017570)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017570 advisory. When curl = 7.20.0 and = 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back...

5.9CVSS6.8AI score0.02799EPSS
Exploits1References4
Rows per page
Query Builder