44 matches found
CVE-2026-57215
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and route time but are missing from Khepri-backed deletion checks,...
CVE-2026-57215 RabbitMQ: Direct-reply-to binding persistence can lead to unauthorized reply-channel injection and persistent phantom
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and route time but are missing from Khepri-backed deletion checks,...
CVE-2026-57215 RabbitMQ: Direct-reply-to binding persistence can lead to unauthorized reply-channel injection and persistent phantom
RabbitMQ is a messaging and streaming broker. Prior to 3.13.15, 4.0.20, 4.1.11, and 4.2.6, RabbitMQ allows foreign bindings to amq.rabbitmq.reply-to destinations because volatile direct-reply-to queues can be accepted at bind and route time but are missing from Khepri-backed deletion checks,...
CVE-2026-57215
RabbitMQ vulnerability CVE-2026-57215 affects the broker’s binding logic for amq.rabbitmq.reply-to destinations. Before fixes, volatile direct-reply-to queues could be bound and routed even if not properly checked by Khepri-backed deletion checks, leaving persistent route entries after unbind. Af...
CVE-2026-12127
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...
EUVD-2026-40907
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...
CVE-2026-12127
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...
CVE-2026-12127 WPForms <= 1.10.2 - Improper Neutralization of CRLF Sequences to Unauthenticated Email Header Injection via Reply-To Display Name
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Improper Neutralization of CRLF Sequences 'CRLF Injection' in all versions up to, and including, 1.10.2 This is due to getreplytoaddress processing the Reply-To...
CVE-2026-12127
WPForms – Easy Form Builder for WordPress (WordPress plugin WPForms Lite) versions up to 1.10.2 are vulnerable to CRLF header injection in outgoing notification emails. The root cause is improper neutralization of CRLF sequences: get_reply_to_address() expands the Reply-To display name with conte...
BIT-DISCOURSE-2026-44785 Discourse: Hidden reply-to post raw can be disclosed through AI explain prompts
Discourse is an open-source discussion platform. From versions 2026.1.0 to before 2026.1.4, 2026.3.0 to before 2026.3.1, and 2026.4.0 to before 2026.4.1, the AI "explain" helper only checks cansee? on the post being explained, not its replytopost, so any authenticated user with access to the AI...
CVE-2026-40999 Spring WS SSRF via unvalidated WS-Addressing reply destinations
When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...
CVE-2026-40999 Spring WS SSRF via unvalidated WS-Addressing reply destinations
When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...
EUVD-2026-36209
When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to. Affect...
CVE-1999-0207
Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command...
EUVD-1999-0207
Malware in sbrugna...
CVE-2024-6224
The Send email only on Reply to My Comment WordPress plugin through 1.0.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-49394
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender...
CVE-2024-49394
CVE-2024-49394 affects mutt and neomutt: the In-Reply-To header is not cryptographically signed, enabling an attacker to impersonate the sender by reusing an unencrypted but signed email. Public references in the connected documents show multiple advisories addressing this issue and releasing fix...
CVE-2024-49394 Mutt: neomutt: in-reply-to email header field it not protected by cryptograpic signing
In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender...
Mutt 安全漏洞
Mutt is a text-based e-mail client for Unix-like systems developed by Michael Elkins. A security vulnerability exists in Mutt that stems from the In-Reply-To email header field not being protected by a cryptographic signature, which allows an attacker to reuse unencrypted but signed email message...