Allocation of Resources Without Limits or Throttling

Overview std/net/mail is a Go standard library package std/net/mail Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. Go Vulnerability Report: Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger...

Important: Red Hat Security Advisory: nginx security update

An update for nginx is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Security Bulletin: IBM Maximo Application Suite - Predict Component was affected by SMTP injection due to Jakarta Mail which was vulnerable to CVE-2025-7962

Summary IBM Maximo Application Suite - Predict Component was was affected by SMTP injection due to Jakarta Mail which was vulnerable to CVE-2025-7962. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-7962 DESCRIPTION: In Jakarta Mail 2.0.2 it i...

CLSA-2026-1778147239 exim: Fix of CVE-2026-40685

CVE-2026-40685: fix OOB heap write in dewrap during JSON expansion...

CVE-2026-43862

A flaw was found in mutt, an email client. The imapauthgss security level, which is used for secure IMAP Internet Message Access Protocol authentication, is mishandled. This vulnerability could allow an attacker to bypass certain security protections, potentially leading to a low impact on data...

CVE-2026-43860

A flaw was found in mutt. During the IMAP CRAM-MD5 Challenge-Response Authentication Mechanism - Message-Digest Algorithm 5 authentication, the password hash is truncated by one byte. This issue could allow a remote attacker to potentially bypass authentication, leading to unauthorized access...

CLSA-2026-1778129870 nginx: Fix of 2 CVEs

CVE-2026-27651: fix null pointer dereference in ngxmailauthhttpmodule when authentication retry is enabled with CRAM-MD5 or APOP - CVE-2026-32647: fix buffer over-read/write in ngxhttpmp4module when processing crafted mp4 files with empty stco/co64 atoms...

ROS-20260507-73-0006

Vulnerability in roundcubemail related to failure to take measures to protect web page structure. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260507-73-0003

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260507-73-0002

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

ROS-20260507-73-0001

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

RHEL 9 : nginx (RHSA-2026:14836)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:14836 advisory. nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage...

ROS-20260507-73-0008

Vulnerability in roundcubemail related to a flaw in the deserialization mechanism. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20260507-73-0007

Vulnerability in roundcubemail related to argument injection or modification. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands...

ROS-20260506-73-0004

Vulnerability in roundcubemail related to lack of validation of received requests. Exploitation of the vulnerability could allow a remote attacker to disclose protected information...

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...

CVE-2026-40684

A flaw was found in Exim, specifically on systems utilizing musl libc. A remote attacker can exploit this vulnerability by providing malformed DNS data within PTR records. This can lead to the mail transfer agent MTA connection instance crashing, resulting in a Denial of Service DoS for affected...

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

Important: Red Hat Security Advisory: .NET 8.0 security update

An update for .NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled

A flaw was found in NGINX, specifically within the ngxmailauthhttpmodule. When this module is enabled, and CRAM-MD5 or APOP authentication is active with an authentication server that permits retries, undisclosed requests can cause NGINX worker processes to terminate. This can lead to a Denial of...