7 matches found
CVE-2026-46584
CVE-2026-46584 affects Apache Camel’s Mail component. The MailProducer.getSender could read headers from the mail.smtp/mail.smtps namespace and apply them as JavaMail session properties, overriding endpoint config. This allows attacker-controlled inputs to influence SMTP parameters if untrusted i...
EUVD-2023-56832
Malicious code in bioql PyPI...
EUVD-2023-53528
Malicious code in bioql PyPI...
go-mail 参数注入漏洞
go-mail is a Golang library with mail sending functionality by the individual developer Winni Neessen. A parameter injection vulnerability exists in go-mail version 0.7.0 and earlier, which stems from mishandling of the mail.Address value, which can lead to incorrect address routing or ESMTP...
CVE-2024-55064
Multiple cross-site scripting XSS vulnerabilities in EasyVirt DC NetScope = 8.6.4 allow remote attackers to inject arbitrary JavaScript or HTML code via the 1 smtpserver, 2 smtpaccount, 3 smtppassword, or 4 emailrecipients parameter to /smtp/update; the 5 ntp or 6 dns parameter to...
CVE-2023-49575
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14, in Sync Breeze Enterprise Server 10.4.18 version, and in Disk Pulse Enterprise 10.4.18 version, that could allow an attacker to execute persistent XSS through /setupsmtp in smtpserver, smtpuser, smtppassword an...
CVE-2023-49575
CVE-2023-49575 affects VX Search Enterprise (v10.2.14) and related Flexense products (Sync Breeze Enterprise Server 10.4.18, Disk Pulse Enterprise 10.4.18). A persistent XSS vulnerability exists via the /setup_smtp API endpoints, specifically in smtp_server, smtp_user, smtp_password, and smtp_ema...