Mailpit has an SMTP Header Injection via Regex Bypass

Vulnerability Report: SMTP Header Injection via Regex Bypass Vulnerable Code: mailpit/internal/smtpd/smtpd.go Executive Summary Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can injec...

EUVD-2001-1425

Malware in sbrugna...

EUVD-2004-1111

Malware in sbrugna...

EUVD-2004-1127

Malware in sbrugna...

EUVD-2006-4926

Malware in sbrugna...

CVE-2025-59937

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

45 Previously Unreported Domains Expose Longstanding Salt Typhoon Cyber Espionage

Threat hunters have discovered a set of previously unreported domains, some going back to May 2020, that are associated with China-linked threat actors Salt Typhoon and UNC4841. "The domains date back several years, with the oldest registration activity occurring in May 2020, further confirming...

BIT-DJANGO-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...

CVE-2024-49193

Zendesk pre-2024-07-02 is affected. The issue arises from processing incoming emails where Cc fields are extracted to grant extra ticket-viewing privileges, combined with an insufficient spoof-detection mechanism and predictable per-ticket support emails. This allows remote attackers to read tick...

CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...

CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...

CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...

CVE-2024-45231

Django CVE-2024-45231: Affects Django v5.1.1, v5.0.9, and v4.2.16. PasswordResetForm could reveal user email addresses during password-reset attempts when email sending fails, allowing remote enumeration through response outcomes. Public details in Debian/IBM advisories confirm exploitation requi...

CVE-2024-45231

An issue was discovered in Django v5.1.1, v5.0.9, and v4.2.16. The django.contrib.auth.forms.PasswordResetForm class, when used in a view implementing password reset flows, allows remote attackers to enumerate user e-mail addresses by sending password reset requests and observing the outcome only...

Updated python3 packages fix security vulnerabilities

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “certstorestats” and “getcacerts”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such as durin...

EulerOS 2.0 SP8 : python3 (EulerOS-SA-2024-2485)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects serve...

SUSE SLES15: libpython2_7-1_0 / python / python-base / python-curses / etc (SUSE-SU-2024:0329-2)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0329-2 advisory. - CVE-2023-27043: Fixed incorrectly parses e-mail addresses which contain a special character bsc1210638. Tenable has extracted the preceding descripti...

CVE-2024-21725

Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components...

Fedora 38 : mingw-python3 (2024-94e0390e4e)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-94e0390e4e advisory. Update to python3.11.8, backport fix for CVE-2023-27043. Tenable has extracted the preceding description block directly from the Fedora security advisory. No...

SUSE: Security Advisory (SUSE-SU-2024:0595-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...