CVE-2026-24423

SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API method. The attacker could point the SmarterMail to the malicious HTTP server, which serves the malicious OS command. This command will be executed by the...

PT-2026-4520

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to build 9511 Description An issue exists in the 'ConnectToHub' API method, specifically at the endpoint '/api/v1/settings/sysadmin/connect-to-hub', due to missing authentication for a critical function...

EUVD-2000-0352

Malware in sbrugna...

EUVD-2005-2057

Malware in sbrugna...

CVE-2023-46218

This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a...

python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server

A denial of service flaw was found in Python Charmers Future. This flaw allows an attacker to send a specially crafted Set-Cookie header in an HTTP request, resulting in a loss of system availability...

CVE-2023-3782 DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response...

MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

Summary A malicious web server can read arbitrary files on the client using a inside HTML form. Details This affects the extremely common pattern of form submission: python b = mechanicalsoup.StatefulBrowser b.selectform... b.submitselected The problem is with the code in...

GHSA-X456-3CCM-M6J4 MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form

Summary A malicious web server can read arbitrary files on the client using a inside HTML form. Details This affects the extremely common pattern of form submission: python b = mechanicalsoup.StatefulBrowser b.selectform... b.submitselected The problem is with the code in...

CVE-2023-34457

MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took...

CVE-2022-40899

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server...

Code injection

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server...

CVE-2022-40899

An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server...

Fortinet FortiOS Information Disclosure Vulnerability (CNVD-2022-50947)

Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, Inc. Fortinet FortiOS is vulnerable to an information leakage vulnerability that results from excessive data output in server-generated error messages, which can be exploited by...

Code injection

Selenium Selenium Grid formerly Selenium Standalone Server Fixed in 4.0.0-alpha-7 is affected by: DNS rebinding. The impact is: execute arbitrary code remote. The component is: WebDriver endpoint of Selenium Grid / Selenium Standalone Server. The attack vector is: Triggered by browsing to to a...

buildah: Crafted input tar file may lead to local file overwrite during image build process

A path traversal flaw was found in Buildah. This flaw allows an attacker to trick a user into building a malicious container image hosted on an HTTPs server and then write files to the user's system anywhere that the user has permissions...

DEBIAN-CVE-2019-13114

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service crash due to a NULL pointer dereference by returning a crafted response that lacks a space character...

Updated nmap packages fix security vulnerability

Nmap developer nnposter found a security flaw directory traversal vulnerability in the way the non-default http-fetch script sanitized URLs. If a user manualy ran this NSE script against a malicious web server, the server could potentially depending on NSE arguments used cause files to be saved...

F5 Networks BIG-IP : cURL and libcurl vulnerability (K01006862)

A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.CVE-2016-8615 Impact When a cURL connection stores a...

Foscam C1 Indoor HD Camera DDNS Client Buffer Overflow Vulnerability (CNVD-2017-34263)

Foscam C1 Indoor HD Camera is a wireless high-definition IP camera from Foscam, China.DDNS client is one of the dynamic domain name service clients. A buffer overflow vulnerability exists in the DDNS client in the Foscam C1 Indoor HD Camera. When DDNS is turned on, an attacker can exploit this...