CVE-2026-38728

An issue in Nodemailer smtpserver before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream.write, lib/smtp-stream.js components...

CVE-2026-50205

System log files output unencrypted SMTP server authentication passwords alongside sensitive employee corporate identification data...

CVE-2026-33234

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

CVE-2026-33234 AutoGPT: SendEmailBlock's IP blocklist bypass allows SSRF via user-controlled SMTP server

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

CVE-2026-33234 AutoGPT: SendEmailBlock's IP blocklist bypass allows SSRF via user-controlled SMTP server

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions 0.1.0 through 0.6.51, SendEmailBlock in autogptplatform/backend/backend/blocks/emailblock.py accepts a user-supplied smtpserver string and smtpport integer as...

CVE-2026-38728

An issue in Nodemailer smtpserver before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream.write, lib/smtp-stream.js components...

EUVD-2026-30546

An issue in Nodemailer smtpserver before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream.write, lib/smtp-stream.js components...

smtp-server 资源管理错误漏洞

smtp-server is an open-source Node.js module developed by nodemailer, used to create SMTP and LMTP server instances. Versions of smtp-server prior to 3.18.3 contained a resource management vulnerability. This vulnerability stemmed from issues with the SMTPStream.write and lib/smtp-stream.js...

CVE-2026-38728

An issue in Nodemailer smtpserver before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream.write, lib/smtp-stream.js components...

Haraka 安全漏洞

Haraka is an open-source SMTP email server developed by Haraka. Versions of Haraka prior to 3.1.4 contained security vulnerabilities. These vulnerabilities occurred when sending emails with proto as the header name, which could lead to the crash of the working process...

EUVD-2025-209103

Wazuh wazuh-agent and wazuh-manager versions 2.1.0 before 4.8.0 contain multiple shell injection and untrusted search path vulnerabilities that allow attackers to execute arbitrary commands through various components including logcollector configuration, maild SMTP server tags, and Kaspersky AR...

CVE-2026-23829

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

CVE-2024-34882

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request...

CVE-1999-0404

Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution...

CVE-2025-13052 An improper certificates validation vulnerability was found in the Notification settings of ADM

When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle MITM attack, which may obtain the sensitive...

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...

dotnet: .NET Information Disclosure Vulnerability

A flaw exists in certain .NET builds where a man-in-the-middle MITM attacker can prevent or downgrade TLS between a client and an SMTP server. This may cause the client to send credentials or message data over an unencrypted connection, exposing sensitive information to the attacker...