19 matches found
Ledger Bitcoin app å®å Øę¼ę“
The Ledger Bitcoin app is an open-source application developed by Ledger, which runs on the Ledger hardware wallet. There are security vulnerabilities in the 2.1.0 and 2.1.1 versions of the Ledger Bitcoin app. These vulnerabilities stem from improper handling of miniscripts containing the āaā...
GHSA-54WQ-72MP-CQ7C Mailpit has an SMTP Header Injection via Regex Bypass
Vulnerability Report: SMTP Header Injection via Regex Bypass Vulnerable Code: mailpit/internal/smtpd/smtpd.go Executive Summary Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can injec...
CVE-2026-23829
Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...
PT-2026-3406
Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.28 Description Mailpit, an email testing tool and API for developers, has a header injection issue in its SMTP server. This is due to a flawed regular expression used to validate RCPT TO and MAIL FROM addresses,...
š Zimbra Collaboration Suite Postjournal 9.0.0 Remote Command Execution
A critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. The vulnerability is triggered through SMTP injection using a malicious RCPT TO parameter. This exploit provides full remote...
CVE-2025-13033 Nodemailer: nodemailer: email to an unintended domain can occur due to interpretation conflict
A vulnerability was identified in the email parsing library due to improper handling of specially formatted recipient email addresses. An attacker can exploit this flaw by crafting a recipient address that embeds an external address within quotes. This causes the application to misdirect the emai...
curl: SMTP CRLF Injection in curl/libcurl via MAIL FROM/RCPT TO parameters
SMTP CRLF Injection Vulnerability in curl/libcurl Vulnerability ID: CURL-SMTP-CRLF-2024 CWE-93: Improper Neutralization of CRLF Sequences Executive Summary curl/libcurl contains a CRLF injection vulnerability in its SMTP implementation that allows attackers to inject arbitrary SMTP commands by...
The _recipient address has no limits to the amount of tokenID (NFTs) it can own
Lines of code Vulnerability details Impact Since the recipient address has no limit to the number of tokenIds it can hold, this makes it possible for an attacker to call the register function many times with different addresses and send many tokenIds to the same recipient, which could cause a...
The recipient address check during handling register events will confuse users and block the users contracts registering
Lines of code Vulnerability details Impact The check about if the receiver account exists in the evm store doesn't make sense and will cause users to encounter a confusing exception. And the RegisterEvent function will not throw an exception to revert the tx, the source contract will be wrote in...
CVE-2021-31739
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...
Cross site scripting
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...
CVE-2021-31739
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...
CVE-2021-31739
The SEPPmail solution is vulnerable to a Cross-Site Scripting vulnerability XSS, because user input is not correctly encoded in HTML attributes when returned by the server.SEPPmail 11.1.10 allows XSS via a recipient address...
CVE-2020-28015
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character...
UBUNTU-CVE-2020-28015
Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character...
Exim: Remote command execution
Background Exim is a message transfer agent MTA designed to be a a highly configurable, drop-in replacement for sendmail. Description A vulnerability was discovered in how Exim validates recipient addresses in the delivermessage function. Impact A remote attacker could execute arbitrary commands ...
UBUNTU-CVE-2017-14114
RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in not properly determining the IP address and port number of the legitimate recipient of RTP traffic, which allows remote attackers to obtain sensitive information or cause a denial of service communication outage via crafted RTP...
PT-1995-1011 Ā· Sendmail Ā· Sendmail
Name of the Vulnerable Software and Affected Versions: Sendmail affected versions not specified Description: The issue allows attackers to gain root privileges via SMTP by specifying an improper mail from address and an invalid rcpt to address that would cause the mail to bounce to a program...
CVE-2026-45068: Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
More info at https://symfony.com/cve-2026-45068...