70 matches found
Apache Camel: Camel-Mail: Camel-Mail: Altered application behavior via header injection
A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...
PT-2026-40827
Name of the Vulnerable Software and Affected Versions OPNsense versions prior to 26.1.8 Description An authenticated Remote Code Execution issue in the core of this FreeBSD-based firewall and routing platform allows a user with user-management privileges to execute arbitrary system commands as...
CVE-2026-33454
A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...
OAuth2 Proxy 安全漏洞
OAuth2 Proxy is a product offered by OAuth2 Proxy organizations that can provide a reverse proxy for authentication with Google, Github, or other providers. Versions of OAuth2 Proxy prior to 7.15.2 had security vulnerabilities. These vulnerabilities stemmed from the emaildomain enforcement option...
CVE-2026-35390
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...
CVE-2026-35390
Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to 1.4.11, the reverse proxy proxy.ts set the Content-Security-Policy-Report-Only header instead of the enforcing Content-Security-Policy header. This means cross-site scripting XSS attacks were logged but not blocked...
SEPPmail Secure Email Gateway 安全漏洞
SEPPmail Secure Email Gateway is an email security gateway developed by the German company SEPPmail. Versions of SEPPmail Secure Email Gateway prior to version 15.0.3 contained security vulnerabilities. These vulnerabilities stemmed from a flaw that allowed attackers with specially crafted email...
CVE-2026-26266
AliasVault is a privacy-first password manager with built-in email aliasing. A stored cross-site scripting XSS vulnerability was identified in the email rendering feature of AliasVault Web Client versions 0.25.3 and lower. When viewing received emails on an alias, the HTML content is rendered in ...
Stalwart Mail Server 安全漏洞
Stalwart Mail Server is an integrated email server developed by Stalwart Labs. Vulnerabilities exist in versions 0.13.0 to 0.15.4 of Stalwart Mail Server. These vulnerabilities stem from processing specially crafted emails that contain malformed message/rfc822 MIME parts. This can lead to excessi...
pearweb SQL注入漏洞
PearWeb is a PHP extension and application repository developed by PEAR. Versions of PearWeb prior to 1.33.0 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect subscription deletion operations, which allowed attackers to inject SQL commands through specially crafte...
MiracleLinux 8 : spamassassin-3.4.2-10.el8 (AXSA:2021-1182:01)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1182:01 advisory. spamassassin: crafted configuration files can run system commands without any output or errors CVE-2018-11805 spamassassin: crafted email message ca...
BIT-KIBANA-2026-0543 Improper Input Validation in Kibana Email Connector Leading to Excessive Allocation
Improper Input Validation CWE-20 in Kibana's Email Connector can allow an attacker to cause an Excessive Allocation CAPEC-130 through a specially crafted email address parameter. This requires an attacker to have authenticated access with view-level privileges sufficient to execute connector...
Elastic Kibana Email Connector 安全漏洞
Elastic Kibana Email Connector is an email service connection component from Elastic Netherlands. A security vulnerability exists in the Elastic Kibana Email Connector that stems from improper input validation, which could lead to over-assignment via specially crafted email address parameters,...
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
A new agentic browser attack targeting Perplexity's Comet browser that's capable of turning a seemingly innocuous email into a destructive action that wipes a user's entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecti...
EUVD-2017-5985
Malware in sbrugna...
EUVD-2021-28055
Malicious code in bioql PyPI...
thorium 安全漏洞
thorium is an extensible file analysis and data generation platform from mjcarson personal developer. A security vulnerability exists in thorium that stems from the use of unwrap handling errors that could lead to a crash by an unauthenticated remote attacker via a specially crafted email address...
Linux Distros Unpatched Vulnerability : CVE-2020-7769
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport...
Discourse 授权问题漏洞
Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from an authorization issue vulnerability that stems from the presence of maliciously crafted email addresses that allow an...
python-pydantic: regular expression denial of service via crafted email string
A flaw was found in Pydantic, where it did not properly validate regular expressions containing white spaces. This flaw allows remote users to cause a denial of service attack via a crafted email string...