Lucene search
K

30 matches found

EUVD
EUVD
added 2026/06/09 6:30 p.m.12 views

EUVD-2026-35488

Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...

6.2CVSS5.5AI score0.0019EPSS
Exploits0References3
NVD
NVD
added 2026/06/09 5:17 p.m.11 views

CVE-2026-42771

Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...

6.2CVSS0.0019EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/09 4:3 p.m.9 views

CVE-2026-42771 Possible Out of Bounds Read in X509_VERIFY_PARAM_set1_email()

Issue summary: When the X509VERIFYPARAMset1email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Impact summary: This out of bounds read will not directly exfiltrate the data read to the attacker so the...

5.5AI score0.0019EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/04 1:27 p.m.7 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS7.1AI score0.00606EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2026/05/19 4:21 p.m.16 views

crypto/x509: Incorrect enforcement of email constraints in crypto/x509

A certificate validation flaw has been discovered in the golang crypto/x509 module. When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly...

7.5CVSS7.1AI score0.00606EPSS
Exploits0References8
OSV
OSV
added 2026/04/16 12:47 a.m.7 views

GHSA-VMJJ-QR7V-PXM6 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index Allows Cross-Customer Email Spoofing

Summary In EmailSender::add, the domain ownership validation for full email sender aliases uses the wrong array index when splitting the email address, passing the local part instead of the domain to validateLocalDomainOwnership. This causes the ownership check to always pass for non-existent...

5CVSS5.9AI score0.00231EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/03/08 1:44 a.m.5 views

CVE-2026-30227

MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...

6.9CVSS5.7AI score0.01085EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/07 12:30 a.m.4 views

EUVD-2026-10085

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...

5.8AI score0.00606EPSS
Exploits0References5
OSV
OSV
added 2026/03/06 10:16 p.m.5 views

AZL-79613 CVE-2026-27137 affecting package golang 1.25.7-1

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...

7.5CVSS7.3AI score0.00606EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/06 9:28 p.m.19 views

CVE-2026-27137 Incorrect enforcement of email constraints in crypto/x509

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...

0.00606EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/03/06 9:28 p.m.9 views

CVE-2026-27137

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...

5.8AI score0.00606EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/06 9:28 p.m.4 views

CVE-2026-27137 Incorrect enforcement of email constraints in crypto/x509

When verifying a certificate chain which contains a certificate containing multiple email address constraints which share common local portions but different domain portions, these constraints will not be properly applied, and only the last constraint will be considered...

5.8AI score0.00606EPSS
Exploits0References4
NVD
NVD
added 2026/03/06 9:16 p.m.6 views

CVE-2026-30227

MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...

6.9CVSS0.01085EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/06 9:7 p.m.3 views

CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery

MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...

6.9CVSS5.7AI score0.01085EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/06 9:7 p.m.5 views

CVE-2026-30227

MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...

6.9CVSS5.7AI score0.01085EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/06 9:7 p.m.23 views

CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery

MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...

6.9CVSS0.01085EPSS
Exploits1References1
OSV
OSV
added 2026/03/06 9:7 p.m.6 views

CVE-2026-30227 MimeKit: CRLF Injection in Quoted Local-Part Enables SMTP Command Injection and Email Forgery

MimeKit is a C library which may be used for the creation and parsing of messages using the Multipurpose Internet Mail Extension MIME, as defined by numerous IETF specifications. Prior to version 4.15.1, a CRLF injection vulnerability in MimeKit allows an attacker to embed \r\n into the SMTP...

6.9CVSS5.7AI score0.01085EPSS
Exploits1References3
CVE
CVE
added 2026/03/06 9:7 p.m.16 views

CVE-2026-30227

MimeKit prior to 4.15.1 contains a CRLF injection vulnerability in the SMTP envelope local-part when it is a quoted-string, allowing injection of \r\n into mailbox addresses via MailboxAddress . This can lead to SMTP command injection (e.g., extra RCPT TO/DATA/RSET) and potentially header injecti...

6.9CVSS5.7AI score0.01085EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2026/03/05 9:50 p.m.26 views

MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery

Summary A CRLF Injection vulnerability in MimeKit 4.15.0 allows an attacker to embed \r\n into the SMTP envelope address local-part when the local-part is a quoted-string. This is non-compliant with RFC 5321 and can result in SMTP command injection e.g., injecting additional RCPT TO / DATA / RSET...

6.9CVSS6AI score0.01085EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/03/05 9:50 p.m.22 views

GHSA-G7HC-96XR-GVVX MimeKit has CRLF Injection in Quoted Local-Part that Enables SMTP Command Injection and Email Forgery

Summary A CRLF Injection vulnerability in MimeKit 4.15.0 allows an attacker to embed \r\n into the SMTP envelope address local-part when the local-part is a quoted-string. This is non-compliant with RFC 5321 and can result in SMTP command injection e.g., injecting additional RCPT TO / DATA / RSET...

6.9CVSS6AI score0.01085EPSS
Exploits1References3
Rows per page
Query Builder