Python Library Django 5.2.x < 5.2.15 / 6.0.x < 6.0.6 Multiple Vulnerabilities

The detected version of the Django Python package is 5.2.x prior to 5.2.15 or 6.0.x prior to 6.0.6. It is, therefore, affected by multiple vulnerabilities, including: - django.middleware.cache.UpdateCacheMiddleware does not add Authorization to the Vary response header for requests bearing that...

EUVD-2007-6670

Malware in sbrugna...

EUVD-2022-48995

Malicious code in bioql PyPI...

CVE-2025-1123 Solid Mail – SMTP email and logging made by SolidWP <= 2.1.5 - Unauthenticated Stored Cross-Site Scripting via Email

The Solid Mail – SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escaping. This makes it possible for...

PT-2025-22669 · WordPress · Solid Mail

Name of the Vulnerable Software and Affected Versions: The Solid Mail – SMTP email and logging made by SolidWP plugin for WordPress versions up to, and including, 2.1.5 Description: The issue is related to Stored Cross-Site Scripting via email Name, Subject, and Body due to insufficient input...

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-45298 Disabled user can bypass lockout by requesting password reset in wiki.js

Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said e-mails by performing a password reset with my test user. To my shock, not only did it let me res...

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2024-33470

The CVE-2024-33470 entry affects AVTECH Room Alert 4E v4.4.0, with a root cause in the SMTP Email Settings that can expose credentials in plaintext via a passback attack. The issue is documented across multiple sources (including PT-2024-25275) and is tied to products that are no longer supported...

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2022-46168 Group SMTP user emails are exposed in CC email header

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 2.9.0.beta15 on the beta and tests-passed branches, recipients of a group SMTP email could see the email addresses of all other users inside the group SMTP topic. Most of the time this is n...

MGASA-2021-0082 Updated trojita packages fix security vulnerability

Damian Poddebniak discovered a TLS verification failure in Trojitá. When sending e-mails over SMTP, all TLS errors were ignored CVE-2020-15047...

Packet Trace Parser: Sniffer

Sniffer is a C program that parses and interprets captured Ethernet traffic containing IP datagrams UDP/TCP, and stores the captured payloads, email messages and HTTP cookies sent into files. General Supply any pcap file, produced by tcpdump, that contains a packet trace for the program to use as...

Enemies of Carlotta Shell参数命令执行漏洞

Enemies of Carlotta是一款简单的邮件列表管理器。 Enemies of Carlotta在处理用户参数时存在漏洞，攻击者可能利用此漏洞在用户机器上执行任意命令。 在被用作其他应用程序的shell参数之前，Enemies of Carlotta没有正确地过滤SMTP级的邮件地址，允许远程攻击者在邮件地址中嵌入shell元字符导致执行任意命令。 Lars Wirzenius Enemies of Carlotta 1.2.3 Debian已经为此发布了一个安全公告（DSA-1236-1）以及相应补丁: DSA-1236-1：New enemies-of-carlotta...