CVE-2026-43859

mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP authcram MD5 digest...

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

dotnet: Dotnet: SMTP Command Injection and Header Injection via MailAddress parsing flaw

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

PT-2026-36772

Name of the Vulnerable Software and Affected Versions mutt versions prior to 2.3.2 Description The software sometimes uses the strfcpy function instead of memcpy when handling the IMAP auth cram MD5 digest. This occurs during the authentication process for IMAP servers using the CRAM-MD5 mechanis...

PT-2026-36986

Name of the Vulnerable Software and Affected Versions Net::IMAP affected versions not specified Description Net::IMAP::ResponseReader exhibits quadratic time complexity when processing large responses containing numerous string literals. A hostile server can send specially crafted responses that...

Astra Linux - уязвимость в exim4

The STARTTLS feature in Exim up to 4.94.2 allows for response injection buffering during MTA SMTP sending...

Astra Linux - уязвимость в expat, firefox, thunderbird

In libexpat before version 2.7.4, the doContent function does not properly determine the buffer size bufSize, as there is no check for integer overflow during the reallocation of the tag buffer...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 has an improper neutralization of line delimiters. An authenticated remote SMTP client can insert newline characters into a spool file which indirectly leads to remote code execution as root via the AUTH= parameter in the MAIL FROM command...

CVE-2026-6963

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

EUVD-2026-26736

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

CVE-2026-6963 WP Mail Gateway <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification via 'wmg_save_provider_config' AJAX Action

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

CVE-2026-6963

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

CVE-2026-6963 WP Mail Gateway <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification via 'wmg_save_provider_config' AJAX Action

The WP Mail Gateway plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wmgsaveproviderconfig AJAX action in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update...

WordPress plugin WP Mail Gateway 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-36568

Name of the Vulnerable Software and Affected Versions WP Mail Gateway versions prior to 1.9 Description The plugin is subject to unauthorized access because of a missing capability check on the 'wmg save provider config' AJAX action. Authenticated attackers with Subscriber-level access or higher...

[SECURITY] Fedora 44 Update: emacs-30.2-23.fc44

GNU Emacs is a powerful, customizable, self-documenting, modeless text editor. It contains special code editing features, a scripting language elisp, and the capability to read mail, news, and more without leaving the editor...

[SECURITY] Fedora 42 Update: emacs-30.2-2.fc42

GNU Emacs is a powerful, customizable, self-documenting, modeless text editor. It contains special code editing features, a scripting language elisp, and the capability to read mail, news, and more without leaving the editor. This package provides an emacs binary with support for Wayland, using t...

CVE-2026-33454

A flaw was found in the Camel-Mail component. An attacker can exploit this by sending a specially crafted email to a mailbox monitored by a Camel application. Due to a missing inbound filter, malicious headers within the email are not properly filtered, allowing them to alter the behavior of othe...