3 matches found
CVE-2026-39971 Serendipity: Host Header Injection leads to SMTP header injection via unvalidated HTTP_HOST
Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without validation, and the existing sanitization function serendipityisResponseClean is not...
CVE-2026-1664
Summary An Insecure Direct Object Reference has been found to exist in createHeaderBasedEmailResolver function within the Cloudflare Agents SDK. The issue occurs because the Message-ID and References headers are parsed to derive the target agentName and agentId without proper validation or origin...
PT-2026-6054
Name of the Vulnerable Software and Affected Versions Cloudflare Agents SDK versions prior to 0.3.7 Description An Insecure Direct Object Reference exists in the createHeaderBasedEmailResolver function. The issue arises because the Message-ID and References headers are parsed to determine the...