CVE-2025-70948

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header...

HTTP Header Injection

Overview @perfood/couch-auth is an Easy and secure authentication for CouchDB/Cloudant. Based on SuperLogin, updated and rewritten in Typescript. Affected versions of this package are vulnerable to HTTP Header Injection via the mailer component. An attacker can gain unauthorized access to reset...

EUVD-2025-208327

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header...

GHSA-QW8V-34WW-6Q9P @perfood/couch-auth has a host header injection vulnerability

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header...

CVE-2025-70948

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header...

CVE-2025-70948

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header...

CVE-2025-70948

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header...

Creative Contact Form 4.6.2 Directory Traversal

Directory Traversal in Creative Contact Form Overview Identifier: AIT-SA-20200301-01 Target: Creative Contact Form for Joomla Vendor: Creative Solutions Version: 4.6.2 before Dec 03 2019 CVE: CVE-2020-9364 Accessibility: Remote Severity: Critical Author: Wolfgang Hotwagner AIT Austrian Institute ...

CVE-2009-1631

The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by reading these files...

CVE-2009-1631

Evolution 2.26.1 and earlier contains a local information‑disclosure issue in the Mailer component: .evolution directory (and related subpaths) has world‑readable permissions, enabling local users to read sensitive mail-related files. Root cause is file/directory permissions, not a remote/vector-...

Code injection

Camel camel-imap-folder.c in the mailer component for Evolution Data Server 1.11 allows remote IMAP servers to execute arbitrary code via a negative SEQUENCE value in GData, which is used as an array index...

CVE-2007-3257

Concretely affected: Evolution Data Server (imap-folder.c in the mailer component). The flaw arises from handling a negative SEQUENCE value used as an array index in GData, enabling remote IMAP servers to potentially execute arbitrary code. This is evidenced in CVE-2007-3257 with public advisorie...