SUSE SLES15 Security Update : sudo (SUSE-SU-2026:1309-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1309-1 advisory. This update for sudo fixes the following issue: - CVE-2026-35535: Fixed potential privilege escalation when running the mailer bsc1261420...

WordPress SMTP Mailer plugin <= 1.1.24 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin SMTP Mailer versions = 1.1.24...

@perfood/couch-auth has a host header injection vulnerability

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header...

CVE-2025-70948

Summary: CVE-2025-70948 is a host header injection in the mailer component of @perfood/couch-auth v0.26.0, leading to reset-token exposure and possible account takeover via Host header spoofing. Multiple sources (Red Hat, NVD, EUVD, OSV, GHSA, Snyk, and others) corroborate the same vulnerability ...

CVE-2025-70948

A host header injection vulnerability in the mailer component of @perfood/couch-auth v0.26.0 allows attackers to obtain reset tokens and execute an account takeover via spoofing the HTTP Host header...

CVE-2025-23453 WordPress Stars SMTP Mailer plugin <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Myriad Solutionz Stars SMTP Mailer stars-smtp-mailer allows Reflected XSS.This issue affects Stars SMTP Mailer: from n/a through = 1.7...

Regular Expression Denial Of Service (ReDoS)

Action Mailer is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to the blockformat helper taking an unexpected amount of time when processing carefully crafted text, potentially resulting in a DoS condition...

DANGEROUS MAILER-CLONED 2.0 Information Disclosure

==================================================================================================================================== | Title : DANGEROUS MAILER-CLONED V2.0 information disclosure Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), cf.pgmann.plugins:url-auth-sso (=1.0) +128 more potentially affected by CVE-2020-2252 via org.jenkins-ci.plugins:mailer (>=1.10 <=1.23)

org.jenkins-ci.plugins:mailer MAVEN version =1.10, =1.9.2-beta, =1.14.0, =4.1.1, =2.30.2, =1.0.22, =1.3.0, =0.11.0, =1.0, =1.0.0, =1.0.1 and more Source cves: CVE-2020-2252 Source advisory: OSV:GHSA-6FR3-286Q-Q3CR...

br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1), cf.pgmann.plugins:url-auth-sso (=1.0) +150 more potentially affected by CVE-2022-20614 via org.jenkins-ci.plugins:mailer (>=1.10 <=1.32.1)

org.jenkins-ci.plugins:mailer MAVEN version =1.10, =1.0.0, =1.9.2-beta, =1.14.0, =4.1.1, =2.30.2, =1.0.22, =1.3.0, =0.11.0, =0.13.0 - com.testinium.jenkins:testinium =1.0 and more Source cves: CVE-2022-20614 Source advisory: OSV:GHSA-558X-H7RG-997V...

CVE-2004-0800

Format string vulnerability in CDE Mailer dtmail on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv0 value...