42 matches found
CVE-2026-35389
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, S/MIME signature verification did not validate the certificate trust chain checkChain: false. Any email signed with a self-signed or untrusted certificate was displayed as having a valid signature. This...
EUVD-2026-19480
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP function in lib/admin/session.ts trusted the first leftmost entry of the X-Forwarded-For header, which is fully controlled by the client. An attacker could forge their source IP address to...
CVE-2026-35391
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP function in lib/admin/session.ts trusted the first leftmost entry of the X-Forwarded-For header, which is fully controlled by the client. An attacker could forge their source IP address to...
EUVD-2026-19479
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...
PT-2026-30729
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the getClientIP function in lib/admin/session.ts trusted the first leftmost entry of the X-Forwarded-For header, which is fully controlled by the client. An attacker could forge their source IP address to...
EUVD-2026-18531
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings vi...
CVE-2026-26312
Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested message/rfc822 MIME parts via IMAP or JMAP causes excessive CPU and memory consumption...
CVE-2026-26312 Stalwart Mail Server has Out-of-Memory Denial of Service via Malformed Nested MIME Messages
Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested message/rfc822 MIME parts via IMAP or JMAP causes excessive CPU and memory consumption...
CVE-2026-26312 Stalwart Mail Server has Out-of-Memory Denial of Service via Malformed Nested MIME Messages
Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested message/rfc822 MIME parts via IMAP or JMAP causes excessive CPU and memory consumption...
CVE-2026-26312
Stalwart Mail Server vulnerable in versions 0.13.0–0.15.4 to an out-of-memory Denial-of-Service when processing specially crafted emails with malformed nested message/rfc822 MIME parts via IMAP or JMAP. The issue stems from the mail-parser crate producing cyclical references that the server then ...
CVE-2026-26312 Stalwart Mail Server has Out-of-Memory Denial of Service via Malformed Nested MIME Messages
Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested message/rfc822 MIME parts via IMAP or JMAP causes excessive CPU and memory consumption...
Stalwart Mail Server 安全漏洞
Stalwart Mail Server is an integrated email server developed by Stalwart Labs. Vulnerabilities exist in versions 0.13.0 to 0.15.4 of Stalwart Mail Server. These vulnerabilities stem from processing specially crafted emails that contain malformed message/rfc822 MIME parts. This can lead to excessi...
EUVD-2025-27571
Malicious code in bioql PyPI...
EUVD-2025-32215
Malicious code in bioql PyPI...
EUVD-2024-35230
Malicious code in bioql PyPI...
CVE-2025-61600
Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory OOM killer and causing a denial of...
CVE-2025-61600
CVE-2025-61600 affects Stalwart mail server: versions 0.13.3 and earlier have an unbounded memory allocation vulnerability in the IMAP protocol parser due to missing validation in several state handlers, potentially allowing remote attackers to exhaust server memory and trigger OOM, causing a den...
CVE-2025-61600 Unbounded Memory Allocation in Stalwart IMAP parser
Stalwart is a mail and collaboration server. Versions 0.13.3 and below contain an unbounded memory allocation vulnerability in the IMAP protocol parser which allows remote attackers to exhaust server memory, potentially triggering the system's out-of-memory OOM killer and causing a denial of...
Stalwart 安全漏洞
stalwart is a versatile email and collaboration server open-sourced by Stalwart Labs. A security vulnerability exists in Stalwart 0.13.3 and earlier versions, which stems from a lack of validation checks in multiple state handlers in the IMAP protocol parser, which could lead to an unbounded memo...
PT-2025-40430
Name of the Vulnerable Software and Affected Versions Stalwart versions 0.13.3 and below Description Stalwart, a mail and collaboration server, has an issue where the IMAP protocol parser can allocate an unlimited amount of memory. This can allow a remote attacker to exhaust server memory,...