@bgord/bun (>=1.0.2 <=1.2.4), @devix-tecnologia/utils-ts (=1.0.0) +38 more potentially affected by CVE-2025-14874 via nodemailer (=7.0.10)

nodemailer NPM version =7.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on nodemailer and may be impacted: - @bgord/bun =1.0.2, =32.0.0, =4.0.1, =4.9.5, =8.0.1, =8.0.2, =11.3.0, =5.8.38, =1.9.0, =2.1.6, =1.8.0, =0.3.2, =2.17.15 and more Source cves...

CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

Exploit for CVE-2024-27448

MailDev 2.1.0 RCE Exploit CVE-2024-27448 MailDev 2 throu...

Remote Code Execution

maildev is vulnerable to Remote Code Execution. The vulnerability is due to insufficient input validation and sanitization of crafted Content-ID header for an e-mail attachment, resulting in lib/mailserver.js writing arbitrary code into the routes.js file...

GHSA-VC6Q-CCJ9-9R89 MailDev Remote Code Execution

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

MailDev Remote Code Execution

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

CVE-2024-27448

MailDev versions 2 through 2.1.0 are vulnerable to Remote Code Execution via a crafted Content-ID header in an email attachment, causing lib/mailserver.js to write arbitrary code into routes.js. This is a network-borne vulnerability with high impact (CRITICAL CVSS 3.1), and there is public exploi...

PT-2024-21904 · Maildev · Maildev

Name of the Vulnerable Software and Affected Versions: MailDev versions 2 through 2.1.0 Description: The issue allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file. Recommendations: For...

MailDev 安全漏洞

MailDev is a simple way to test project-generated emails during development in MailDev open source. A security vulnerability exists in MailDev versions 2 through 2.1.0, which stems from a vulnerability that allows an attacker to remotely perform code execution via a carefully crafted Content-ID...

CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

CVE-2024-27448

MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file...

Exploit for CVE-2024-27448

MailDev 2.1.0 RCE Exploit Tested against the latest version...