CRLF Injection

Overview nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the name configuration configuration option. An attacker can inject arbitrary SMTP commands by supplying carriage return and line feed...

CRLF Injection

Overview nodemailer is an Easy as cake e-mail sending from your Node.js applications Affected versions of this package are vulnerable to CRLF Injection via the envelope.size parameter in the sendMail function. An attacker can inject arbitrary SMTP commands by supplying CRLF characters in the size...

CVE-2025-56425

An issue was discovered in the AppConnector component version 10.10.0.183 and earlier of enaio 10.10, in the AppConnector component version 11.0.0.183 and earlier of enaio 11.0, and in the AppConnctor component version 11.10.0.183 and earlier of enaio 11.10. The vulnerability allows authenticated...

EUVD-1999-0250

Malware in sbrugna...

EUVD-2001-1059

Malware in sbrugna...

EUVD-2009-1597

Malware in sbrugna...

EUVD-2006-5298

Malware in sbrugna...

EUVD-2000-1009

Malware in sbrugna...

EUVD-2004-2186

Malware in sbrugna...

EUVD-2005-1518

Malware in sbrugna...

EUVD-2022-52717

Malicious code in bioql PyPI...

CVE-2025-59937

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong...

K23284054: The BIG-IP SMTPS virtual server may fail to properly restrict I/O buffering, allowing attackers to insert commands into encrypted SMTP sessions

Security Advisory Description This issue occurs the following condition is met: A virtual server is configured with a Client SSL profile and an SMTPS profile that has the STARTTLS Activation Mode setting enabled Allow or Require for processing SMTPS traffic. Impact When system receives these SMTP...

FreeBSD : Nextcloud Calendar -- SMTP Command Injection (2a314635-be46-11ec-a06f-d4c9ef517024)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 2a314635-be46-11ec-a06f-d4c9ef517024 advisory. - Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in...

Command injection

Nextcloud Calendar is a calendar application for the nextcloud framework. SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO:...

Command Injection in Appointment Emails for Calendar

None...

Nextcloud Calendar -- SMTP Command Injection

reports: SMTP Command Injection in Appointment Emails via Newlines: as newlines and special characters are not sanitized in the email value in the JSON request, a malicious attacker can inject newlines to break out of the RCPT TO: SMTP command and begin injecting arbitrary SMTP commands...

Downgrade Attack

thunderbird is vulnerable to downgrade attack. Remote attacker is able to take control of the authenticated session and execute SMTP commands resulting in a man in the middle attack...

CVE-2021-38189

An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two sequences and then inject arbitrary SMTP commands...

CVE-2021-38189

An issue was discovered in the lettre crate before 0.9.6 for Rust. In an e-mail message body, an attacker can place a . character after two sequences and then inject arbitrary SMTP commands...