Ledger Bitcoin app 安全漏洞

The Ledger Bitcoin app is an open-source application developed by Ledger, which runs on the Ledger hardware wallet. There are security vulnerabilities in the 2.1.0 and 2.1.1 versions of the Ledger Bitcoin app. These vulnerabilities stem from improper handling of miniscripts containing the ‘a’...

CVE-2026-6675

The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions up to, and including, 2.2.0. This is due to insufficient authorization checks and missing server-side validation of the recipient email address supplie...

CVE-2026-29131 PGP Decryption Recipient LDAP Injection

SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users...

EUVD-2025-208960

Zimbra Collaboration Suite ZCS PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting improper sanitization of the RCPT TO parameter via SMTP injection. Attackers can inject shell...

GHSA-54WQ-72MP-CQ7C Mailpit has an SMTP Header Injection via Regex Bypass

Vulnerability Report: SMTP Header Injection via Regex Bypass Vulnerable Code: mailpit/internal/smtpd/smtpd.go Executive Summary Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can injec...

CVE-2026-23829

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

CVE-2026-23829

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

PT-2026-3406

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.28 Description Mailpit, an email testing tool and API for developers, has a header injection issue in its SMTP server. This is due to a flawed regular expression used to validate RCPT TO and MAIL FROM addresses,...

📄 Zimbra Collaboration Suite Postjournal 9.0.0 Remote Command Execution

A critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. The vulnerability is triggered through SMTP injection using a malicious RCPT TO parameter. This exploit provides full remote...

CVE-2025-13033 Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict

A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the emai...

CVE-2025-13033

The CVE-2025-13033 entry concerns Nodemailer’s email parsing library. A flaw in handling specially formatted recipient addresses allows an attacker to craft a recipient that embeds an external address within quotes, causing misdirection of mail to the attacker’s external address rather than the i...

curl: SMTP CRLF Injection in curl/libcurl via MAIL FROM/RCPT TO parameters

SMTP CRLF Injection Vulnerability in curl/libcurl Vulnerability ID: CURL-SMTP-CRLF-2024 CWE-93: Improper Neutralization of CRLF Sequences Executive Summary curl/libcurl contains a CRLF injection vulnerability in its SMTP implementation that allows attackers to inject arbitrary SMTP commands by...

The recipient address check during handling register events will confuse users and block the users contracts registering

Lines of code Vulnerability details Impact The check about if the receiver account exists in the evm store doesn't make sense and will cause users to encounter a confusing exception. And the RegisterEvent function will not throw an exception to revert the tx, the source contract will be wrote in...

The _recipient address has no limits to the amount of tokenID (NFTs) it can own

Lines of code Vulnerability details Impact Since the recipient address has no limit to the number of tokenIds it can hold, this makes it possible for an attacker to call the register function many times with different addresses and send many tokenIds to the same recipient, which could cause a...

CVE-2021-31739

The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...

Cross site scripting

The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...

CVE-2021-31739

The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...

CVE-2021-31739

The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...

PT-2022-10050 · Seppmail · Seppmail

Name of the Vulnerable Software and Affected Versions: SEPPmail version 11.1.10 Description: The issue arises from incorrect encoding of user input in HTML attributes when returned by the server, leading to a Cross-Site Scripting XSS vulnerability. This allows XSS via a recipient address...

CVE-2020-28015

Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character...