Lucene search
K

16 matches found

OSV
OSV
added 2026/07/06 8:2 a.m.2 views

CVE-2026-46584 Apache Camel Mail: The mail producer applied attacker-supplied message headers as JavaMail session properties, allowing an attacker to influence SMTP parameters

Improper Input Validation, Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Camel Mail Component. The camel-mail producer MailProducer.getSender scanned the outgoing Exchange for message headers in the mail.smtp. / mail.smtps. namespace and, when any were present...

3.7CVSS6.1AI score0.00378EPSS
Exploits1References5
CVE
CVE
added 2026/07/06 8:2 a.m.13 views

CVE-2026-46584

CVE-2026-46584 affects Apache Camel’s Mail component. The MailProducer.getSender could read headers from the mail.smtp/mail.smtps namespace and apply them as JavaMail session properties, overriding endpoint config. This allows attacker-controlled inputs to influence SMTP parameters if untrusted i...

3.7CVSS6AI score0.00378EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2026/06/24 10:16 p.m.9 views

CVE-2026-49979

Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This completely bypasses...

5.1CVSS0.00218EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2026/04/15 10:16 a.m.75 views

org.bouncycastle:bcjmail-debug-jdk15to18 (>=1.81 <=1.83), org.bouncycastle:bcmail-debug-jdk15to18 (>=1.81 <=1.83) +4 more potentially affected by CVE-2025-14813 via org.bouncycastle:bcprov-debug-jdk15to18 (>=1.81 <=1.83)

org.bouncycastle:bcprov-debug-jdk15to18 MAVEN version =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.81, =1.83 Source cves: CVE-2025-14813 Source advisory: SNYK:JAVA-ORGBOUNCYCASTLE-16075262...

9.3CVSS5.8AI score0.00313EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.5 views

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : javamail (SUSE-SU-2025:03025-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03025-1 advisory. - Update to version 1.6.2 - CVE-2025-7962: Fixed an improper neutralization of \r and \n UTF-8 character...

7.5CVSS6.2AI score0.00756EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/07/21 6:32 p.m.9 views

app.tozzi.mail:pec-parser (=4.0.0), app.tozzi:uudecoder (=4.0.0) +1257 more potentially affected by CVE-2025-7962 via com.sun.mail:jakarta.mail (>=2.0.0-RC1 <=2.0.1)

com.sun.mail:jakarta.mail MAVEN version =2.0.0-RC1, =0.2.0, =0.2.0, =2.0.1, =2.0.0, =0.1, =0.4, =1.0.0, =2022.3.4.0, =1.0.0-JDK21, =1.0.3.2-JDK21 - cn.sunyblog.easymail:easymail-spring-boot-starter3 =1.0.1 and more Source cves: CVE-2025-7962 Source advisory: SNYK:JAVA-COMSUNMAIL-12028709...

7.5CVSS6.5AI score0.00756EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/11/06 12:0 a.m.22 views

Solaris 5.9 (x86) : 117884-02

Application Server 7.1x86: Java Mail Runtime Patch. Date this patch was last updated by Sun : Feb/18/05 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. i...

0.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2006/11/06 12:0 a.m.14 views

Solaris 5.8 (sparc) : 117883-02

Application Server 7.1: Java Mail Runtime Patch. Date this patch was last updated by Sun : Feb/18/05 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...

0.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2006/11/06 12:0 a.m.12 views

Solaris 5.9 (sparc) : 117883-02

Application Server 7.1: Java Mail Runtime Patch. Date this patch was last updated by Sun : Feb/18/05 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a recommended security fix. Disabled on 2011/09/17. C Tenable Network Security, Inc. if !...

0.1AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2006/11/06 12:0 a.m.20 views

Solaris 8 (sparc) : 116300-21

Sun One Application Server 7.0: Java Mail Runtime Patch. Date this patch was last updated by Sun : May/23/06 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2006/11/06 12:0 a.m.9 views

Solaris 9 (sparc) : 116300-21

Sun One Application Server 7.0: Java Mail Runtime Patch. Date this patch was last updated by Sun : May/23/06 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

7AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2006/11/06 12:0 a.m.9 views

Solaris 9 (x86) : 116301-20

Sun One Application Server 7.0x86: Java Mail Runtime Patch. Date this patch was last updated by Sun : May/23/06 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

7AI score
Exploits0References1
Prion
Prion
added 2006/06/05 5:2 p.m.18 views

Command injection

The SMTP server in Apache Java Mail Enterprise Server aka Apache James 2.2.0 allows remote attackers to cause a denial of service CPU consumption via a long argument to the MAIL command...

7.8CVSS7.1AI score0.06258EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2006/06/05 5:2 p.m.57 views

CVE-2006-2806

The SMTP server in Apache Java Mail Enterprise Server aka Apache James 2.2.0 allows remote attackers to cause a denial of service CPU consumption via a long argument to the MAIL command...

7.8CVSS6.6AI score0.06258EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2006/05/29 12:0 a.m.46 views

JAMES2.2.0.txt

--------------------------------------------------------------------------- ECHOADV31$2006 JAMES 2.2.0 -- Denial Of Service --------------------------------------------------------------------------- Author : y3dips a.k.a Ahmad Muammar W.K Date : April, 27th 2006 Location : Indonesia, Jakarta Web...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2005/05/20 12:0 a.m.8 views

PT-2005-2659 · Oracle · Javamail Api

Name of the Vulnerable Software and Affected Versions: JavaMail API affected versions not specified Description: The issue concerns the JavaMail API, which does not properly validate the message number in the MimeMessage constructor in javax.mail.internet.InternetHeaders. This allows remote...

2.1CVSS6.5AI score0.00686EPSS
Exploits0References3
Rows per page
Query Builder