Lucene search
K

68 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.7 views

CVE-2026-57657

Unauthenticated Cross Site Request Forgery CSRF in Gmail SMTP = 1.2.3.19 versions...

4.3CVSS0.00098EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 6:1 p.m.5 views

CVE-2026-56766

Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules when processing malicious NTLM Type-2 challenges. A malicious server can send a crafted NTLM Type-2 challenge with an...

8.8CVSS6.8AI score0.01325EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.12 views

PT-2026-52540

Name of the Vulnerable Software and Affected Versions Hydra versions prior to 9.7 commit 9cc84c2 Description A stack buffer overflow exists in the NTLM authentication process across the SMTP, POP3, IMAP, NNTP, HTTP, HTTP-Proxy, and HTTP-Proxy-Urlenum modules. The issue occurs when the software...

8.8CVSS6.6AI score0.01325EPSS
Exploits2References6
Hacker One
Hacker One
added 2026/05/30 7:56 a.m.20 views

curl: SMTP connection reuse ignores --ssl-reqd / CURLOPT_USE_SSL and reuses a clear-text STARTTLS session on current master

Summary: Current master reintroduces a STARTTLS connection-reuse bug in SMTP. After commit 91dcf4e610 url: urlmatchdestination fix, curl/libcurl can reuse an already-established clear-text smtp:// session for a later logical request that explicitly requires TLS via --ssl-reqd or CURLOPTUSESSL =...

5.8AI score
Exploits0
Snyk
Snyk
added 2026/05/20 3:35 p.m.12 views

CRLF Injection

Overview symfony/mime is a library to manipulate MIME messages. Affected versions of this package are vulnerable to CRLF Injection due to improperly validating user input specifically carriage return and line feed bytes within the Symfony\Component\Mime\Address constructor. The constructor accept...

5.4CVSS5.8AI score0.00062EPSS
Exploits0References2
NVD
NVD
added 2026/04/21 5:16 p.m.9 views

CVE-2026-40566

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...

4.1CVSS0.00291EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/03/24 2:13 p.m.3 views

CVE-2026-28753 NGINX ngx_mail_proxy_module vulnerability

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

6.3CVSS5.9AI score0.00264EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/03/10 9:48 p.m.13 views

K000160292: Curl vulnerability CVE-2025-14524

Security Advisory Description When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host. CVE-2025-14524 Impact The...

5.3CVSS5.8AI score0.00611EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/02/17 12:55 a.m.6 views

pybind: Improper use of Pybind

A flaw was found in Ceph. An attacker can allow Ceph to accept any certificate because no certificate context is passed via Pybind to the constructors imaplib.IMAP4SSL or smtplib.SMTPSSL. As a result, pybind pybind does not check the server's X.509 certificate, instead accepting any certificate...

5.8AI score0.00029EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/01/18 11:20 a.m.3 views

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.9AI score0.00611EPSS
Exploits1References1
OSV
OSV
added 2026/01/08 10:15 a.m.9 views

ALPINE-CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS6.4AI score0.00611EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/08 10:7 a.m.3 views

CVE-2025-14524 bearer token leak on cross-protocol redirect

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

6.5AI score0.00611EPSS
Exploits1References3
curl security advisories
curl security advisories
added 2026/01/07 8:0 a.m.20 views

bearer token leak on cross-protocol redirect

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

5.3CVSS5.9AI score0.00611EPSS
Exploits1References1Affected Software2
Snyk
Snyk
added 2025/10/15 5:39 p.m.12 views

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength via the SMTP process. An attacker can intercept sensitive information by performing a man-in-the-middle attack that prevents the use of TLS, causing data to be sent over an unencrypted connection...

8.2CVSS6.6AI score0.00671EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/10/15 5:12 p.m.9 views

Netty has SMTP Command Injection Vulnerability that Allows Email Forgery

Summary An SMTP Command Injection CRLF Injection vulnerability in Netty's SMTP codec allows a remote attacker who can control SMTP command parameters e.g., an email recipient to forge arbitrary emails from the trusted server. This bypasses standard email authentication and can be used to...

6.9CVSS7.7AI score0.01617EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2000-0653

Malware in sbrugna...

5CVSS6.4AI score0.01975EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2025/09/29 4:28 p.m.7 views

go-mail has insufficient address encoding when passing mail addresses to the SMTP client

Impact Due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, this could lead to a possible wrong address routing or even to ESMTP parameter smuggling. Vulnerability details Instead ...

9.1CVSS7.2AI score0.00505EPSS
Exploits1References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/08/07 12:0 a.m.8 views

The vulnerability of the SMTP protocol implementation in the software platform for managing identification and access control in Keycloak allows a perpetrator to execute arbitrary commands.

The vulnerability of the SMTP protocol implementation for managing identities and access control in Keycloak relates to the failure to neutralize CRLF sequences. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

6.5CVSS5.9AI score0.00411EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/04/01 10:23 p.m.29 views

GHSA-C2C3-PQW5-5P7C Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times

Summary The PROXY command is accepted multiple times, allowing a client to spoof its IP address when the proxy protocol is being used. Details When ProxyOn is enabled, it looks like the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protoc...

5.3CVSS7.3AI score0.00356EPSS
Exploits0References5
Fedora
Fedora
added 2024/04/19 9:38 p.m.28 views

[SECURITY] Fedora 40 Update: opensmtpd-7.4.0p1-1.fc40

OpenSMTPD is a FREE implementation of the server-side SMTP protocol as defined by RFC 5321, with some additional standard extensions. It allows ordinary machines to exchange e-mails with other systems speaking the SMTP protocol. Started out of dissatisfaction with other implementations, OpenSMTPD...

7.8CVSS7.6AI score0.00279EPSS
Exploits0
Rows per page
Query Builder