CVE-1999-0250

Denial of service in Qmail through long SMTP commands...

CVE-1999-0203

In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program...

CVE-1999-0873

Buffer overflow in Skyfull mail server via MAIL FROM command...

CVE-1999-0114

Local users can execute commands as other users, and read other users' files, through the filter command in the Elm elm-2.4 mail package using a symlink attack...

CVE-1999-0284

Denial of service to NT mail servers including Ipswitch, Mdaemon, and Exchange through a buffer overflow in the SMTP HELO command...

CVE-1999-0512

A mail server is explicitly configured to allow SMTP mail relay, which allows abuse by spammers...

CVE-1999-0404

Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution...

CVE-1999-0242

Remote attackers can access mail files via POP3 in some Linux systems that are using shadow passwords...

CVE-2019-16698

The directmail aka Direct Mail extension through 5.2.2 for TYPO3 has a missing access check in the backend module, allowing a user with restricted permissions to the feusers table to view and export data of frontend users who are subscribed to a newsletter...

CVE-2019-12361

EmpireCMS 7.5.0 has XSS via the from parameter to e/member/doaction.php, as demonstrated by a CSRF payload that changes the dynamic page template. The attacker can choose to resend the e/template/member/regsend.php registered activation mail page...

CVE-2006-3108

Cross-site scripting XSS vulnerability in EmailArchitect Email Server 6.1 allows remote attackers to inject arbitrary Javascript via an HTML div tag with a carriage return between the onmouseover attribute and its value, which bypasses the mail filter...

CURL-CVE-2025-14524 bearer token leak on cross-protocol redirect

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

Security Bulletin: IBM SPSS Analytic Server is affected by SMTP injection due to Jakarta Mail in IBM WebSphere Application Server Liberty (CVE-2025-7962)

Summary IBM SPSS Analytic Server is affected by SMTP injection due to Jakarta Mail in IBM WebSphere Application Server Liberty CVE-2025-7962. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform ...

Security Bulletin: IBM Operations Analytics - Log Analysis is affected by SMTP injection due to Jakarta Mail in IBM WebSphere Application Server Liberty

Summary Jakarta Mail in IBM WebSphere Application Server Liberty is used by IBM Operations Analytics - Log Analysis as part of sending and receiving emails. CVE-2025-7962. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it is possible to preform a SMTP Injection by...

CVE-2025-14524

When an OAuth2 bearer token is used for an HTTPS transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host...

GHSA-4C5F-9MJ4-M247 flagd: Multiple Go Runtime CVEs Impact Security and Availability

Summary In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd the evaluation engine for OpenFeature. These CVEs primarily focus on Denial of Service DoS through resource exhaustion and Race Conditions in database handling. | CVE ID ...

Security Bulletin: IBM® IBM Common Licensing using WebSphere Application Server and WebSphere Application Server Liberty are affected by SMTP injection due to Jakarta Mail (CVE-2025-7962)

Summary Vulnerability in javaMail-1.5, javaMail-1.6, mail-2.0, or mail-2.1 features affects IBM WebSphere Application Server Liberty 17.0.0.3 - 25.0.0.11 with specific features enabled. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, and addressed in this...

firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2025-7962)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas, and Maximo for Utilities, Maximo Adapter for Primavera,...

Improper Validation of Specified Type of Input

Overview yara-mail is an A Python package and command line utility for scanning emails with YARA rules Affected versions of this package are vulnerable to Improper Validation of Specified Type of Input due to the automatic treatment of string input as a filesystem path in the...