Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1063 matches found

EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2023-36544

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0042EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2022-4341

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.01054EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2021-33507

Malicious code in bioql PyPI...

5.9CVSS5.8AI score0.00841EPSS
Exploits0References4
Tenable Nessus
Tenable Nessusadded 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-38372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS. CVE-2021-383...

4.3CVSS5.2AI score0.00788EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/09/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2021-37845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTL...

3.7CVSS5.2AI score0.00665EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/09/10 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2021-33900

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI...

7.5CVSS7.2AI score0.00793EPSS
Exploits0References2
Microsoft CVE
Microsoft CVEadded 2025/09/03 10:44 p.m.4 views

An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.

...

5.9CVSS7AI score0.01105EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2025/08/30 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2020-15917

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. CVE-2020-15917 Note that Nessus relies o...

9.8CVSS8.1AI score0.02592EPSS
Exploits0References2
Tenable Nessus
Tenable Nessusadded 2025/08/26 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2020-15953

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server...

7.4CVSS7.1AI score0.02393EPSS
Exploits1References2
Tenable Nessus
Tenable Nessusadded 2025/08/21 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2024-34083

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiosmptd is a reimplementation of the Python stdlib smtpd.py based on asyncio. Prior to version 1.4.6, servers based on aiosmtpd accept extra unencrypted comman...

5.4CVSS6AI score0.00228EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/23 3:48 a.m.14 views

CVE-2023-32290

The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server...

7.5CVSS6.7AI score0.0042EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 1:4 a.m.4 views

CVE-2022-28220

Apache James prior to release 3.6.3 and 3.7.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. Fix of CVE-2021-38542, which solved similar problem fron Apache James 3.6.1, is subject to a parser differential and do not take into account concurrent requests...

7.5CVSS6.7AI score0.02347EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:36 p.m.9 views

CVE-2021-25376

An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed...

5.3CVSS6.8AI score0.00786EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:26 p.m.5 views

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

5.9CVSS6.8AI score0.02347EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 9:7 p.m.18 views

CVE-2021-33900

While investigating DIRSTUDIO-1219 it was noticed that configured StartTLS encryption was not applied when any SASL authentication mechanism DIGEST-MD5, GSSAPI was used. While investigating DIRSTUDIO-1220 it was noticed that any configured SASL confidentiality layer was not applied. This issue...

7.5CVSS7AI score0.00793EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:53 p.m.5 views

CVE-2021-37845

An issue was discovered in Citadel through webcit-932. A meddler-in-the-middle attacker can fixate their own session during the cleartext phase before a STARTTLS command a violation of "The STARTTLS command is only valid in non-authenticated state." in RFC2595. This potentially allows an attacker...

3.7CVSS5.9AI score0.00665EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:39 p.m.2 views

CVE-2021-26911

core/imap/MCIMAPSession.cpp in Canary Mail before 3.22 has Missing SSL Certificate Validation for IMAP in STARTTLS mode...

7.4CVSS7.1AI score0.0109EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:9 p.m.6 views

CVE-2021-38370

In Alpine before 2.25, untagged responses from an IMAP server are accepted before STARTTLS...

5.9CVSS6.8AI score0.01565EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 8:9 p.m.4 views

CVE-2021-38372

In KDE Trojita 0.7, man-in-the-middle attackers can create new folders because untagged responses from an IMAP server are accepted before STARTTLS...

4.3CVSS6.9AI score0.00788EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2025/05/22 6:41 p.m.2 views

CVE-2021-38371

The STARTTLS feature in Exim through 4.94.2 allows response injection buffering during MTA SMTP sending...

7.5CVSS7AI score0.01996EPSS
Exploits0
Rows per page
Query Builder