CVE-2026-42268

A flaw was found in ModSecurity, an open-source web application firewall WAF. This vulnerability occurs when an administrator configures a rule that uses @verifySSN, @verifyCPF, or @verifySVNR functions. An unhandled exception, specifically an unsigned integer underflow, can lead to a denial of...

Lucy-XSS security vulnerability

Lucy-XSS is a cross-site scripting protection library open-sourced by NAVER. Lucy-XSS has a security vulnerability, which stems from improper configuration of the default super-set rule file, leading to inadequate cleanup and potentially allowing malicious JavaScript to be executed...

CVE-2024-58321

A stored cross-site scripting vulnerability in Kentico Xperience allows attackers to inject malicious scripts via form validation rule configuration. Attackers can exploit this vulnerability to execute malicious scripts that will run in users' browsers...

CVE-2025-25527

Buffer overflow vulnerability in Ruijie RG-NBR2600S Gateway 10.34b12 due to the lack of length verification, which is related to the configuration of source address NAT rules. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary...

ROS-2-918

2.918 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

Oracle Linux 8 : spamassassin (ELSA-2021-4315)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-4315 advisory. 3.4.4-4.el4 - Fix header parsing Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has no...

RHEL 8 : spamassassin (RHSA-2021:4315)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:4315 advisory. The SpamAssassin tool provides a way to reduce unsolicited commercial email spam from incoming email. Security Fixes: spamassassin: Malicious rule...

Clash - A Rule-Based Tunnel In Go

Clash A rule-based tunnel in Go. Features Local HTTP/HTTPS/SOCKS server with authentication support VMess, Shadowsocks, Trojan, Snell protocol support for remote connections Built-in DNS server that aims to minimize DNS pollution attack impact, supports DoH/DoT upstream and fake IP. Rules based o...

ROS-2-1468

2.1468 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

ROS-2-2143

2.2143 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

ROS-2-1383

2.1383 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

ROS-2-2239

2.2239 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

ROS-2-1255

2.1255 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

ROS-2-2214

2.2214 Vulnerability in SpamAssassin spam filtering tool CVE-2020-1946 1. Vulnerability Description: CVE-2020-1946 A vulnerability in the SpamAssassin spam filtering tool, is related to improper input validation when processing rule configuration .cf files. Exploitation of the vulnerability could...

Design/Logic Flaw

Apache Dubbo supports various rules to support configuration override or traffic routing called routing in Dubbo. These rules are loaded into the configuration center eg: Zookeeper, Nacos, ... and retrieved by the customers when making a request in order to find the right endpoint. When parsing...

EulerOS 2.0 SP5 : spamassassin (EulerOS-SA-2021-2230)

According to the version of the spamassassin package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Apache SpamAssassin before 3.4.5, malicious rule configuration .cf files can be configured to run system commands without any output or...

Huawei EulerOS: Security Advisory for spamassassin (EulerOS-SA-2021-1851)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-4879-1 : spamassassin - security update

Damian Lukowski discovered a flaw in spamassassin, a Perl-based spam filter using text analysis. Malicious rule configuration files, possibly downloaded from an updates server, could execute arbitrary commands under multiple scenarios. C Tenable Network Security, Inc. The descriptive text and...

Vulnerability fixed in SpamAssassin

The Apache SpamAssassin Project has fixed a vulnerability in SpamAssassin. The vulnerability is in the way rule configuration files are processed. When SpamAssassin is configured to use rule configuration files from an untrusted external source, this source could potentially exploit the...

Apache SpamAssassin Injection Vulnerability

Apache SpamAssassin is an open source spam filter from the Apache USA Foundation. The product provides system administrators with a filter and support for categorizing email to block spam. An injection vulnerability exists in Apache SpamAssassin versions prior to 3.4.5 that allows configuration o...