CVE-2026-41132

CVE-2026-41132 affects CKAN prior to versions 2.10.10 and 2.11.5, where the SMTP connection lacks certificate validation. This allows a MITM attacker to spoof the SMTP server and potentially access credentials and email contents. The issue is mitigated by upgrading CKAN to 2.10.10 or 2.11.5 (or n...

Important: nginx

Issue Overview: When the ngxmailauthhttpmodule module is enabled on NGINX Plus or NGINX Open Source, undisclosed requests can cause worker processes to terminate. This issue may occur when 1 CRAM-MD5 or APOP authentication is enabled, and 2 the authentication server permits retry by returning the...

CVE-2019-25652 UniFi Network Controller Improper Certificate Validation Leading to Credential Theft via MITM

UniFi Network Controller before version 5.10.22 and 5.11.x before 5.11.18 contains an improper certificate verification vulnerability that allows adjacent network attackers to conduct man-in-the-middle attacks by presenting a false SSL certificate during SMTP connections. Attackers can intercept...

CVE-2019-25646 Tabs Mail Carrier 2.5.1 Buffer Overflow via MAIL FROM

Tabs Mail Carrier 2.5.1 contains a buffer overflow vulnerability in the MAIL FROM SMTP command that allows remote attackers to execute arbitrary code by sending a crafted MAIL FROM parameter. Attackers can connect to the SMTP service on port 25 and send a malicious MAIL FROM command with an...

EUVD-2026-3297

Mailpit has an SMTP Header Injection via Regex Bypass...

Unity Linux 20.1070e Security Update: netty (UTSA-2025-991102)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-991102 advisory. Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP...

OESA-2025-2526 netty security update

Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...

CVE-2025-59419 Netty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email Forgery

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

PT-2025-42370

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.128.Final and 4.2.7.Final Description Netty is an asynchronous, event-driven network application framework. A SMTP command injection vulnerability exists in the SMTP codec due to insufficient input validation for...

EUVD-2002-2100

Malware in sbrugna...

EUVD-2006-3212

Malware in sbrugna...

EUVD-2004-2320

Malware in sbrugna...

EUVD-2002-2059

Malware in sbrugna...

EUVD-1999-1024

Malware in sbrugna...

EUVD-2021-7919

Malicious code in bioql PyPI...

EUVD-2023-28009

Malicious code in bioql PyPI...

EUVD-2022-48687

Malicious code in bioql PyPI...

EUVD-2023-46575

Malicious code in bioql PyPI...

EUVD-2025-3004

Malicious code in bioql PyPI...

EUVD-2024-0681

Malicious code in bioql PyPI...