RockyLinux 10 : .NET 8.0 (RLSA-2026:8470)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:8470 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203 dotne...

Fedora 43 : roundcubemail (2026-2decd38070)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-2decd38070 advisory. Version 1.6.14 Fix Postgres connection using IPv6 address 10104 Security: Fix pre-auth arbitrary file write via unsafe deserialization in redis/memcache...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by SMTP injection due to Jakarta Mail in IBM WebSphere Application Server Liberty

Summary Jakarta Mail in IBM WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of sending and receiving emails. CVE-2025-7962. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by...

Security Bulletin: Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard.

Summary Security vulnerabilities may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard. IBM WebSphere Liberty has been updated within IBM CICS TX Standard to address these vulnerabilities. Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before...

📄 Zimbra Collaboration Suite Postjournal 8.8.15 Remote Code Execution

Zimbra Collaboration Suite Postjournal version 8.8.15 unauthenticated proof of concept remote code execution exploit that leverages SMTP injection. ============================================================================================================================================= | Title...

Security Bulletin: IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)

Summary IBM WebSphere Application Server, which is bundled with IBM Enterprise Application Runtimes, is affected by an SMTP injection vulnerability in the Jakarta Mail library. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and...

Security Bulletin: IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an SMTP injection vulnerability due to Jakarta Mail (CVE-2025-7962)

Summary IBM WebSphere Application Server Liberty, which is bundled with IBM Cloud Pak for Applications, is affected by an SMTP injection vulnerability in the Jakarta Mail library with the javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 feature enabled. Vulnerability Details Refer to the securit...

EUVD-2025-28622

Malicious code in bioql PyPI...

org.keycloak/keycloak-services: Keycloak SMTP Inject Vulnerability

A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters limited local part of the email, so the attack is limited to very shorts emails subject...

Keycloak 注入漏洞

Keycloak is an open source identity and access management solution from Keycloak Open Source. Keycloak suffers from an injection vulnerability that stems from the fact that the use of special characters during the email registration process could lead to SMTP injection, sending unsolicited short...

SUSE CVE-2025-7962

In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages...

DEBIAN-CVE-2025-7962

In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by utilizing the \r and \n UTF-8 characters to separate different messages...

CVE-2010-4071

Cross-site scripting XSS vulnerability in AgentTicketZoom in OTRS 2.4.x before 2.4.9, when RichText is enabled, allows remote attackers to inject arbitrary web script or HTML via JavaScript in an HTML e-mail...

CVE-2024-25214

An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html...

CVE-2023-51765

sendmail through 8.17.2 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail supports . but some other...

CVE-2018-20898

CVE-2018-20898 affects cPanel before 71.9980.37, where e-mail injection is possible during cPAddons moderation (SEC-396). Multiple connected records (NVD, Red Hat, PRION) corroborate the vendor-facing nature of the issue and the same description. The available documents do not provide exploit cod...

Open-Xchange: [XSS] Mail <style> v2.0

Hi. New way for 269116. Testing rev17. OX check data before remove / /, therefore a filter bypass: html .a font-family: ; font-family: ; font-family: ; For example: json "content": ".a font-family: ", Result: html ox-c3a5f76596 .ox-c3a5f76596-a font-family: Impact malicious code injection...

CVE-2017-2257

Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 allows an attacker to inject arbitrary web script or HTML via mail function...

Design/Logic Flaw

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header...

CVE-2014-9182

models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header...