CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

100 matches found

AstraLinux•added 2026/06/19 11:10 a.m.•7 views

Astra Linux – Vulnerability in exim4

Exim 4 before 4.94.2 has an improper restriction on write operations within the bounds of a memory buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands...

9.8CVSS7.6AI score0.02959EPSS

Exploits1References1

Positive Technologies•added 2026/03/24 12:0 a.m.•6 views

PT-2026-27441

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration Suite ZCS version 8.8.15 Description A security issue exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows unauthenticated attackers to execute arbitrary system commands. This is possible due to...

9.8CVSS6.7AI score0.00462EPSS

Exploits3References4

CVE•added 2026/01/18 11:23 p.m.•21 views

CVE-2026-23829

CVE-2026-23829 — Mailpit SMTP header injection via regex bypass. Mailpit’s SMTP server (prior to v1.28.3) fails to properly filter control characters in RCPT TO/MAIL FROM addresses due to a regex with an incomplete character class, allowing CR/LF bypass and header injection. The flaw stems from G...

5.3CVSS5.8AI score0.01441EPSS

Exploits4References3Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2005-2388

Malware in sbrugna...

7.5CVSS6.4AI score0.03145EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2002-2059

Malware in sbrugna...

5CVSS6.4AI score0.01591EPSS

Exploits0References6

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2000-0958

Malware in sbrugna...

10CVSS6.4AI score0.05575EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2000-0972

Malware in sbrugna...

10CVSS6.4AI score0.05417EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-1999-1513

Malware in sbrugna...

5CVSS6.4AI score0.02459EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2001-0260

Malware in sbrugna...

7.5CVSS6.4AI score0.03948EPSS

Exploits1References5

Hacker One•added 2023/11/27 11:54 a.m.•83 views

SideFX: Port 587 SMPT Open: Can send any mail remotely from the internal mail users to company mail id's.

Port 587 SMTP open. Attacker can send emails remotely to company email addresses. This allows phishing, spamming, or other malicious emails to be sent from what appears to be a legitimate internal company email account...

7AI score

Exploits0

SUSE CVE•added 2023/02/15 6:21 a.m.•2 views

SUSE CVE-2003-0540

The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service lock via 1 a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or 2 v...

5CVSS6.8AI score0.21261EPSS

Exploits4References4

SUSE CVE•added 2023/02/15 5:10 a.m.•2 views

SUSE CVE-2015-9097

The mail gem before 2.5.5 for Ruby aka A Really Ruby Mail Library is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

6.1CVSS9.6AI score0.03358EPSS

Exploits1References3

SUSE CVE•added 2023/02/15 5:10 a.m.•3 views

SUSE CVE-2015-9096

Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring...

5.3CVSS9.1AI score0.03645EPSS

Exploits1References5

Tenable Nessus•added 2022/04/17 12:0 a.m.•27 views

FreeBSD : Nextcloud Calendar -- SMTP Command Injection (2a314635-be46-11ec-a06f-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a314635-be46-11ec-a06f-d4c9ef517024 advisory. - Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in...

9.8CVSS8.5AI score0.32348EPSS

Exploits0References3

Prion•added 2022/04/11 9:15 p.m.•19 views

Command injection

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...

7.5CVSS9.8AI score0.32348EPSS

Exploits0References3Affected Software1

OSV•added 2022/04/11 8:25 p.m.•29 views

CVE-2022-24838 Command Injection in Appointment Emails for Nextcloud Calendar

5.3CVSS9.2AI score0.32348EPSS

Exploits0References5

Nextcloud•added 2022/04/11 1:51 p.m.•417 views

Command Injection in Appointment Emails for Calendar

None...

9.8CVSS8.6AI score0.32348EPSS

Exploits0References2Affected Software1

FreeBSD•added 2022/04/11 12:0 a.m.•25 views

Nextcloud Calendar -- SMTP Command Injection

reports: SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO: SMTP command and begin injecting arbitrary SMTP commands...

9.8CVSS7.4AI score0.32348EPSS

Exploits0References1

Hacker One•added 2022/03/13 12:24 p.m.•30 views

Nextcloud: SMTP Command Injection in Appointment Emails via Newlines

Summary: Users can create appointment calendars for other users to book slots on their calendar. When booking a slot, the following request is made: POST /apps/calendar/appointment/1/book HTTP/2 Host: 192.168.92.132 "start":1647306900,"end":"1647307200","displayName":"Test...

0.4AI score

Exploits0

NVD•added 2021/05/06 1:15 p.m.•14 views

CVE-2020-28022

Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands...

9.8CVSS0.02959EPSS

Exploits1References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by