airflow-clickhouse-plugin (>=1.3.0 <=1.4.0), airflow-dagfactory (=0.19.1) +26 more potentially affected by CVE-2026-41016 via apache-airflow-providers-smtp (>=2.0.1 <=2.4.0rc1)

apache-airflow-providers-smtp PYPI version =2.0.1, =1.3.0, =0.0.1, =0.9.2, =2.9.0, =1.0.0, =0.1.34, =2.10.3, =1.7.3, =1.8.0rc2, =4.3.0, =1.4.10, =0.20.1, =0.30.5rc1 and more Source cves: CVE-2026-41016 Source advisory: OSV:GHSA-X8MH-94WC-33GV...

airflow-clickhouse-plugin (>=1.3.0 <=1.4.0), airflow-dagfactory (=0.19.1) +26 more potentially affected by CVE-2026-41016 via apache-airflow-providers-smtp (>=2.0.1 <=2.4.0rc1)

apache-airflow-providers-smtp PYPI version =2.0.1, =1.3.0, =0.0.1, =0.9.2, =2.9.0, =1.0.0, =0.1.34, =2.10.3, =1.7.3, =1.8.0rc2, =4.3.0, =1.4.10, =0.20.1, =0.30.5rc1 and more Source cves: CVE-2026-41016 Source advisory: SNYK:PYTHON-APACHEAIRFLOWPROVIDERSSMTP-16323333...

CVE-2026-41016 Apache Airflow Providers SMTP: No certificate validation on SMTP STARTTLS connections in SMTP provider

Apache Airflow's SMTP provider SmtpHook called Python's smtplib.SMTP.starttls without an SSL context, so no certificate validation was performed on the TLS upgrade. A man-in-the-middle between the Airflow worker and the SMTP server could present a self-signed certificate, complete the STARTTLS...

apache-airflow-core (>=3.1.0 <=3.1.7), apache-airflow-providers-common-compat (>=1.6.0 <=1.7.3rc1) +14 more potentially affected by CVE-2026-30911 via apache-airflow (>=3.1.0 <=3.1.7)

apache-airflow PYPI version =3.1.0, =3.1.0, =1.6.0, =1.5.3, =1.26.0, =2.0.2, =0.4.0, =1.1.0, =12.0.0, =7.0.0, =1.15.0, =0.34.0, =1.9.0, =1.37.0, =1.26.0, =1.26.18rc1 and more Source cves: CVE-2026-30911 Source advisory: OSV:GHSA-8X34-9Q3V-H7G8...

apache-airflow-core (>=3.1.0 <=3.1.5), apache-airflow-providers-common-compat (>=1.6.0 <=1.7.3rc1) +14 more potentially affected by CVE-2025-68438 via apache-airflow (>=3.1.0 <=3.1.5)

apache-airflow PYPI version =3.1.0, =3.1.0, =1.6.0, =1.5.3, =1.26.0, =2.0.2, =0.4.0, =1.1.0, =12.0.0rc1, =7.0.0rc1, =1.9.0rc1, =1.9.0rc2 - dkist-processing-test =1.37.0rc2 - dkist-processing-vbi =1.26.0rc1 and more Source cves: CVE-2025-68438 Source advisory: OSV:GHSA-3QMM-R55X-HPXX...

apache-airflow-core (>=3.1.0 <=3.1.4), apache-airflow-providers-common-compat (>=1.6.0 <=1.7.3rc1) +6 more potentially affected by CVE-2025-66388 via apache-airflow (>=3.1.0 <=3.1.4)

apache-airflow PYPI version =3.1.0, =3.1.0, =1.6.0, =1.5.3, =1.26.0, =2.0.2, =0.4.0, =1.1.0, =1.1.4 Source cves: CVE-2025-66388 Source advisory: OSV:GHSA-FV47-PQH6-WXGQ...

CVE-2024-9511

The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it...

CVE-2024-9511 FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider <= 2.2.82 - Unauthenticated PHP Object Injection

The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it...

CVE-2024-9511 FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider <= 2.2.82 - Unauthenticated PHP Object Injection

The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it...

CVE-2024-9511

CVE-2024-9511 affects FluentSMTP – WP SMTP Plugin (WordPress) up to version 2.2.82, with unauthenticated PHP Object Injection via deserialization in the formatResult function. Attackers could inject a PHP object if untrusted input is deserialized. Partial mitigation exists in 2.2.82, and PatchSta...

apache-airflow-providers-smtp (>=1.0.0rc1 <=1.8.1rc1) potentially affected by CVE-2024-29735 via apache-airflow (=2.8.2)

apache-airflow PYPI version =2.8.2 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow and may be impacted: - apache-airflow-providers-smtp =1.0.0rc1, =1.8.1rc1 Source cves: CVE-2024-29735 Source advisory: OSV:GHSA-CFF3-5QRP-HQX7...