GHSA-8CR7-R8QW-GP3C baserCMS has Mail Form Acceptance Bypass via Public API

Summary A public mail submission API allows unauthenticated users to submit mail form entries even when the corresponding form is not accepting submissions. This bypasses administrative controls intended to stop form intake and enables spam or abuse via the API. Details In baserCMS, mail form...

USN-8136-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...

USN-8136-1 dovecot vulnerabilities

It was discovered that Dovecot incorrectly handled invalid base64 SASL data. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10. CVE-2025-59028 It was discovered that Dovecot script decode2text.sh incorrectly handled zip files. An attacke...

Linux Distros Unpatched Vulnerability : CVE-2026-27859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery...

EUVD-2014-9007

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2021-44143

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in mbsync in isync 1.4.0 through 1.4.3. Due to an unchecked condition, a malicious or compromised IMAP server could use a crafted mail message...

CVE-2024-3192

A vulnerability, which was classified as problematic, was found in MailCleaner up to 2023.03.14. Affected is an unknown function of the component Admin Interface. The manipulation as part of Mail Message leads to cross site scripting. It is possible to launch the attack remotely. The exploit has...

CVE-2014-9182

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header...

CVE-2024-42010

modcssstyles in Roundcube through 1.5.7 and 1.6.x through 1.6.7 allows a insufficiently filters Cascading Style Sheets CSS token sequences in rendered e-mail messages, allowing a remote attacker to obtain sensitive information...

RHEL 5 : mailman (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mailman: directory traversal in MTA transports that deliver programmatically CVE-2015-2775 - mailman:...

ROS-20240408-16

A vulnerability in SendMail SMTP Server software is related to insufficient data authentication data. Exploitation of the vulnerability could allow a remote attacker to bypass the security mechanism and inject e-mail messages with a spoofed MAIL FROM address. security mechanism and inject e-mail...

USN-6611-1: Exim vulnerability

It was discovered that Exim incorrectly handled certain requests. A remote attacker could possibly use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism...

CVE-2021-37845

Removed by vendor...

SUSE CVE-2022-22589

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript...

Design/Logic Flaw

The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusteddomains config useless. This could be abused to spoof the URL in password-reset e-mail messages...

CVE-2022-26114

An improper neutralization of input during web page generation vulnerability CWE-79 in the Webmail of FortiMail before 7.2.0 may allow an unauthenticated attacker to trigger a cross-site scripting XSS attack via sending specially crafted mail messages...

FortiMail - Cross-site scripting (XSS) in Webmail

An improper neutralization of input during web page generation vulnerability CWE-79 in FortiMail Webmail may allow an unauthenticated attacker to trigger a cross-site scripting XSS attack via sending specially crafted mail messages...

CVE-2020-15955

In s/qmail through 4.0.07, an active MitM can inject arbitrary plaintext commands into a STARTTLS encrypted session between an SMTP client and s/qmail. This allows e-mail messages and user credentials to be sent to the MitM attacker...

Denial Of Service (DoS)

fetchmail is vulnerable to denial of service. A flaw was found in fetchmail. When fetchmail is run in double verbose mode "-v -v", it could crash upon receiving certain, malformed mail messages with long headers. A remote attacker could use this flaw to cause a denial of service if fetchmail was...

CVE-2018-7701

Multiple cross-site request forgery CSRF vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that 1 delete e-mail messages via a delete action in a request to secmail/getmessage.exe or 2 spoof arbitrary users a...