Lucene search
K

165 matches found

redhat
redhat
added 2026/04/15 10:54 a.m.5 views

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

8.2CVSS7.2AI score0.0036EPSS
Exploits0References5
redhat
redhat
added 2026/04/07 9:38 p.m.2 views

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

8.2CVSS7.1AI score0.0036EPSS
Exploits0References5
hackerone
hackerone
added 2026/04/05 8:31 p.m.121 views

curl: SMTP Command Injection via CRLF in libcurl MAIL_FROM / MAIL_RCPT (lib/smtp.c)

Summary libcurl’s SMTP implementation fails to properly sanitize CRLF sequences in user-controlled inputs passed via CURLOPTMAILFROM and CURLOPTMAILRCPT. The function smtpparseaddress lib/smtp.c:277 extracts any data following the closing character as a raw suffix and incorporates it directly int...

6.2AI score
Exploits0
osv
osv
added 2026/04/03 6:31 a.m.4 views

GHSA-8JR8-V43G-5C57 Roundcube Webmail: Unsanitized IMAP SEARCH command arguments

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search...

3.1CVSS5.9AI score0.00283EPSS
Exploits0References9
cve
cve
added 2026/04/03 3:35 a.m.23 views

CVE-2026-35538

This CVE affects Roundcube Webmail prior to 1.5.14 and prior to 1.6.14. The issue is unsanitized IMAP SEARCH arguments that can lead to IMAP injection or CSRF bypass during mail search. The connected sources indicate fixed releases: Roundcube 1.5.14 and 1.6.14 (and related security updates), so u...

3.1CVSS5.9AI score0.00283EPSS
Exploits0References7Affected Software1
euvd
euvd
added 2026/04/02 2:21 p.m.5 views

EUVD-2026-18243

Suricata is a network IDS, IPS and NSM engine. From version 8.0.0 to before version 8.0.4, there is a quadratic complexity issue when searching for URLs in mime encoded messages over SMTP leading to a performance impact. This issue has been patched in version 8.0.4...

7.5CVSS5.7AI score0.00272EPSS
Exploits0References2
redhat
redhat
added 2026/03/31 9:11 a.m.5 views

Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

6CVSS5.9AI score0.0056EPSS
Exploits0References5
snyk
snyk
added 2026/03/30 4:19 p.m.2 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in the Mail Settings configuration fields. An attacker can execute arbitrary JavaScript in the browser context of an...

7.2CVSS6AI score0.00358EPSS
Exploits1References2
redhat
redhat
added 2026/03/30 4:5 p.m.1 views

thunderbird: Out of bounds read in IMAP parsing

A flaw was found in Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer. If a mail server or connection to a mail server were...

8.2CVSS5.8AI score0.0036EPSS
Exploits0References5
cve
cve
added 2026/03/24 8:27 p.m.18 views

CVE-2026-4371

CVE-2026-4371 concerns Thunderbird's IMAP parsing. A malicious mail server could send malformed strings with negative lengths, causing the parser to read memory outside the buffer and potentially crash Thunderbird or leak data. Affected are Thunderbird versions prior to 149 and prior to 140.9. Th...

8.2CVSS7.2AI score0.0036EPSS
Exploits0References18Affected Software1
vulnrichment
vulnrichment
added 2026/03/24 3:21 p.m.8 views

CVE-2025-71275 Zimbra Collaboration Suite PostJournal 8.8.15 Unauthenticated Remote Code Execution via SMTP Injection

Zimbra Collaboration Suite ZCS PostJournal service version 8.8.15 contains a command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by exploiting improper sanitization of the RCPT TO parameter via SMTP injection. Attackers can inject shell...

9.8CVSS6.8AI score0.00462EPSS
Exploits3References3
redhat
redhat
added 2026/03/23 4:6 p.m.7 views

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

5.9CVSS7AI score0.0036EPSS
Exploits0References7
redhat
redhat
added 2026/03/23 2:43 a.m.7 views

cpython: IMAP command injection in user-controlled commands

A flaw was found in the imaplib module in the Python standard library. The imaplib module does not reject control characters, such as newlines, in user-controlled input passed to IMAP commands. This issue allows an attacker to inject additional commands to be executed in the IMAP server...

5.9CVSS7AI score0.0036EPSS
Exploits0References7
hackerone
hackerone
added 2026/03/22 11:18 p.m.129 views

curl: CVE-2026-4873: connection reuse ignores TLS requirement

A vulnerability was discovered in libcurl's connection reuse for cleartext-upgrade mail protocols. The vulnerability was that the later transfer's CURLOPTUSESSL option was not properly included if a plaintext connection was already open and reusable. This affected the smtp://, pop3://, and imap:/...

5.9CVSS5.3AI score0.00329EPSS
Exploits1
nessus
nessus
added 2026/03/20 12:0 a.m.5 views

AlmaLinux 10 : python3.12 (ALSA-2026:4713)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:4713 advisory. cpython: wsgiref.headers.Headers allows header newline injection in Python CVE-2026-0865 cpython: IMAP command injection in user-controlled commands...

6CVSS7.2AI score0.0056EPSS
Exploits0References6
osv
osv
added 2026/03/17 12:0 a.m.7 views

ALSA-2026:4713 Moderate: python3.12 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

6CVSS7.2AI score0.0056EPSS
Exploits0References10
nessus
nessus
added 2026/03/17 12:0 a.m.8 views

RHEL 9 : python3.12 (RHSA-2026:4746)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4746 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level...

6CVSS6AI score0.0056EPSS
Exploits0References9
osv
osv
added 2026/03/13 12:1 p.m.6 views

RLSA-2026:4473 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS7.2AI score0.0056EPSS
Exploits0References5
rocky
rocky
added 2026/03/12 6:1 p.m.10 views

python3.12 security update

An update is available for python3.12. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming languag...

6CVSS5.8AI score0.0056EPSS
Exploits0
osv
osv
added 2026/03/12 12:4 p.m.11 views

RLSA-2026:4216 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

7.1CVSS7.2AI score0.0056EPSS
Exploits0References4
Rows per page
Query Builder