1631 matches found
Astra Linux – Vulnerability in sendmail
Sendmail in version 8.17.2 allows for SMTP smuggling in certain configurations. Remote attackers can utilize a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, thereby bypassing an SPF protection mechanism. This issue arises because Sendmail supports...
EUVD-2026-36778
An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...
CVE-2026-50880
An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...
CVE-2026-50880
CVE-2026-50880 affects YouTransfer v1.0.6, specifically the sendmail transport integration component. The issue allows an attacker to execute arbitrary code by sending a crafted request. The cybersecurity metadata indicates a critical impact (CVSS 3.1: 9.8, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). C...
CVE-2026-50880
An issue in the sendmail transport integration component of YouTransfer v1.0.6 allows attackers to execute arbitrary code via supplying a crafted request...
PT-2026-49321
Name of the Vulnerable Software and Affected Versions YouTransfer version 1.0.6 Description An issue in the sendmail transport integration component allows attackers to execute arbitrary code by supplying a crafted request. Recommendations At the moment, there is no information about a newer...
Medium: sendmail
Issue Overview: sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because sendmail...
Amazon Linux 2023 : sendmail, sendmail-cf, sendmail-milter (ALAS2023-2026-1818)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1818 advisory. sendmail through at least 8.14.7 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address,...
Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
Description Symfony Mailer selects a transport via the MAILERDSN environment variable / configuration e.g. smtp://..., sendmail://..., native://default. SendmailTransport invokes the local sendmail binary and supports two modes: -bs speak SMTP over stdin: the default and -t read the message on...
GHSA-XX3C-QF5G-HC39 Symfony has an Argument Injection in SendmailTransport via Dash-Prefixed Recipient Address
Description Symfony Mailer selects a transport via the MAILERDSN environment variable / configuration e.g. smtp://..., sendmail://..., native://default. SendmailTransport invokes the local sendmail binary and supports two modes: -bs speak SMTP over stdin: the default and -t read the message on...
PT-2026-44137
Description Symfony Mailer selects a transport via the MAILER DSN environment variable / configuration e.g. smtp://..., sendmail://..., native://default. SendmailTransport invokes the local sendmail binary and supports two modes: -bs speak SMTP over stdin: the default and -t read the message on...
Arbitrary Argument Injection
Overview Affected versions of this package are vulnerable to Arbitrary Argument Injection via recipient handling in SendmailTransport when using sendmail -t mode. An attacker can inject arbitrary sendmail command-line options by supplying a recipient address beginning with -, as recipient address...
VulnCheck KEV: CVE-2017-7692
SquirrelMail 1.4.22 and other versions before 201704270200-SVN allows post-authentication remote code execution via a sendmail.cf file that is mishandled in a popen call. It's possible to exploit this vulnerability to execute arbitrary shell commands on the remote server. The problem is in the...
MiracleLinux 3 : sendmail-8.13.8-8.0.1.AXS3 (AXSA:2010-193:01)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2010-193:01 advisory. The Sendmail program is a very widely used Mail Transport Agent MTA. MTAs send mail from one machine to another. Sendmail is not a client program,...
CVE-2026-22601
OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2...
CVE-2026-22601
OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2...
EUVD-2026-1886
OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2...
CVE-2026-22601
OpenProject CVE-2026-22601 affects OpenProject 16.6.1 and earlier. A registered administrator can trigger arbitrary command execution by configuring the sendmail binary path and sending a test email, exploiting the email functionality. Root cause: insecure handling of the sendmail binary path in ...
CVE-2026-22601 OpenProject is Vulnerable to Code Execution in E-Mail function
OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2...
CVE-2026-22601 OpenProject is Vulnerable to Code Execution in E-Mail function
OpenProject is an open-source, web-based project management software. For OpenProject version 16.6.1 and below, a registered administrator can execute arbitrary command by configuring sendmail binary path and sending a test email. This issue has been patched in version 16.6.2...