mailcow: dockerized 安全漏洞

mailcow: dockerized is a dockerized version of the mailcow open-source application. Versions of mailcow before dockerized 2026-03b contained security vulnerabilities. These vulnerabilities stemmed from the lack of HTML encoding for client IP addresses in the user dashboard login history, and the...

PT-2026-29693

SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails...

CVE-2026-2469

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

CVE-2026-2469

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

CVE-2026-2469

Versions of the package directorytree/imapengine before 1.22.3 are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the id function in ImapConnection.php due to improperly escaping user input before including it in IMAP ID commands...

EUVD-2026-4914

The New User Approve plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on multiple REST API endpoints in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to approve or deny use...

EUVD-2025-37413

The Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the construct function in all versions up to, and including, 3.6.0. This makes it possible for unauthenticated...

PT-2025-44700

Name of the Vulnerable Software and Affected Versions Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App versions prior to 3.6.1 Description The Post SMTP plugin for WordPress has a flaw due to a missing capability check within the construct function. This allows...

UBUNTU-CVE-2020-27742

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else's emails via the msgconfirmmove template. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" threa...

CVE-2018-21071

An issue was discovered on Samsung mobile devices with M6.0 software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 May 2018...

Reminder—Third Party Gmail Apps Can Read Your Emails, "Allow" Carefully!

Reminder—If you've forgotten about any Google app after using it once a few years ago, be careful, it may still have access to your private emails. When it comes to privacy on social media, we usually point fingers at Facebook for enabling third-party app developers to access users personal...

CVE-2018-7706

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. dot dot in the option2 parameter in an attachment action to secmail/getmessage.exe...

CVE-2018-7704

SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe...

SecurEnvoy SecurMail Insecure Direct Object Reference Vulnerability

SecurEnvoy SecurMail allows you to send email securely. An insecure direct object reference vulnerability exists in SecurEnvoy SecurMail before 9.2.501. A remote authenticated user can exploit this vulnerability to read arbitrary email messages via the option1 parameter in the reply action of...

CVE-2017-13860

An issue was discovered in certain Apple products. iOS before 11.2 is affected. macOS before 10.13.2 is affected. The issue involves the "Mail Drafts" component. It allows man-in-the-middle attackers to read e-mail content by leveraging mishandling of S/MIME credential encryption...

CVE-2017-2165

GroupSession versions 4.6.4 and earlier allows remote authenticated attackers to bypass access restrictions to obtain sensitive information such as emails via unspecified vectors...

Samsung SM-G920F Information Disclosure Vulnerability

The Samsung SM-G920F Galaxy S6 is a smartphone from the South Korean company Samsung.SecEmailSync is one of the email synchronization plugins available. An information disclosure vulnerability exists in SecEmailSync in Samsung SM-G920F build G920FXXU2COH2. An attacker can exploit the vulnerabilit...

Cybozu Garoon Email Read Vulnerability

Cybozu Garoon is a portal-type OA office system of Cybozu Japan. The system provides portal, e-mail, bookmarks, scheduling, bulletin board, document management, etc. and supports free switching among three languages Chinese, Japanese, and English. A security vulnerability exists in Cybozu Garoon...

Exim <= 4.41 dns_build_reverse Local Exploit

No description provided by source. / ripped straight off iDEFENSE advisory - so lazy I just picked up GDB... bored on a weeknight : nothing to write home to mother about due to the fact that you need a local user account on a server and all you get is to read other people's emails .... not even m...

PT-2007-4995 · Apple · Iphone

Name of the Vulnerable Software and Affected Versions: Apple iPhone version 1.1.1 Description: The issue allows remote attackers to steal credentials and read email via a man-in-the-middle MITM attack because Mail in Apple iPhone does not warn the user when the mail server changes or is not trust...