820 matches found
CVE-2026-59246
The CVE concerns elixir-mint mint: an unbounded chain of zero-length HTTP/2 CONTINUATION frames can bypass the header-block size cap in Mint.HTTP2.handle_continuation/3, causing unbounded memory growth on the client and eventual out-of-memory termination. The vulnerability arises because each CON...
CVE-2026-59246 Zero-length HTTP/2 CONTINUATION frames bypass Mint's header-block byte-size cap and exhaust client memory
Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...
EUVD-2026-43643
Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP/2 server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP2.handlecontinuation/3 function in lib/mint/http2.ex accumulates the header-block fragment carried by each HTTP/2...
CVE-2026-58229
The CVE-2026-58229 issue affects the Elixir Mint HTTP client. Mint.HTTP1.decode_headers/5 and Mint.HTTP1.decode_trailer_headers/4 accumulate all parsed response headers and trailer fields into a request.headers_buffer without a cap, and decoding uses unlimited per-line/packet limits. A malicious ...
CVE-2026-58229 Unbounded HTTP/1 response-header and chunked-trailer accumulation in Mint causes memory-exhaustion DoS
Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decodeheaders/5 and Mint.HTTP1.decodetrailerheaders/4 functions in lib/mint/http1.ex accumulate every parsed...
EUVD-2026-43642
Allocation of resources without limits vulnerability in elixir-mint mint allows a remote HTTP server to exhaust memory on the client host and cause a denial of service. The Mint.HTTP1.decodeheaders/5 and Mint.HTTP1.decodetrailerheaders/4 functions in lib/mint/http1.ex accumulate every parsed...
Mail Mint < 1.19.5 - Unauthenticated Email Disclosure
Mail Mint WordPress plugin 1.19.5 contains an information disclosure vulnerability caused by lack of authorization in a REST API endpoint, letting unauthenticated users retrieve email addresses of blog users, exploit requires no authentication. id: CVE-2026-2025 info: name: Mail Mint 1.19.5 -...
CVE-2026-12918
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...
EUVD-2026-42862
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-12918
Summary of CVE-2026-12918 (Mail Mint WordPress plugin) : The plugin (versions up to and including 1.24.1) is vulnerable to a general SQL Injection via the recipients parameter due to insufficient escaping and unsafe query construction. This is a second-order injection: an attacker with authentica...
CVE-2026-12918 Mail Mint <= 1.24.1 - Authenticated (Administrator+) SQL Injection via 'recipients' Parameter
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to generic SQL Injection via the 'recipients' parameter in all versions up to, and including, 1.24.1 due to insufficient escaping on the user supplied parameter and lack of...
CVE-2026-49753
creationtimestamp| type| source ---|---|--- 2026-07-10 00:35:19+00:00| published-proof-of-concept| https://github.com/elixir-mint/mint/security/advisories/GHSA-mjqx-c6f6-7rc2 2026-07-10 03:41:59+00:00| seen| https://gist.github.com/alon710/bc442ee88dc103da228f4212da5b648e...
CVE-2026-49754
creationtimestamp| type| source ---|---|--- 2026-07-10 00:35:16+00:00| published-proof-of-concept| https://github.com/elixir-mint/mint/security/advisories/GHSA-2p26-p43x-fhp8 2026-07-10 03:12:07+00:00| seen| https://gist.github.com/alon710/e074ac5405ee20f6dd8bded11414265c...
EUVD-2026-34013
Tesla vulnerable to atom exhaustion via untrusted URL scheme...
EUVD-2026-33939
mint: Unbounded streams map growth via PUSHPROMISE without follow-up HEADERS...
EUVD-2026-33940
mint: Unbounded CONTINUATION/HEADERS frame accumulation CONTINUATION flood...
EUVD-2026-33941
mint: Content-Length header accepts non-RFC "+" sign prefix...
EUVD-2026-33938
mint has potential CRLF injection in its HTTP request line via unvalidated method/target...
WordPress Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin <= 1.24.1 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by PRISM in WordPress Plugin Mail Mint versions = 1.24.1...
CVE-2026-14342
The Mail Mint – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to time-based SQL Injection via the 'contactids' parameter in all versions up to, and including, 1.24.2 due to insufficient escaping on the user supplied parameter and lack of...