Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory owned by a non-root user, an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution...

CVE-2026-1323

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...

Remote Code Execution (RCE)

cpsit/typo3-mailqueue is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper restriction of allowed classes during deserialization of transport failure metadata, which allows an attacker to execute arbitrary code if they can write to the configured spool directory...

GHSA-2PM6-9FHX-VVG3 The mailqueue TYPO3 extension has Insecure Deserialization in `TransportFailure` class

Description The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...

The mailqueue TYPO3 extension has Insecure Deserialization in `TransportFailure` class

Description The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...

EUVD-2026-12548

The mailqueue TYPO3 extension has Insecure Deserialization in TransportFailure class...

Deserialization of Untrusted Data

Overview cpsit/typo3-mailqueue is a TYPO3 CMS extension to improve TYPO3's mail spooler with additional components. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the deserialization process. An attacker can execute arbitrary code by providing malicious...

CVE-2026-1323

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...

CVE-2026-1323

CVE-2026-1323 highlights an insecure deserialization flaw in the TYPO3 mailqueue extension, specifically in the TransportFailure class. An attacker could execute untrusted serialized code, but an active exploit requires write access to the directory configured by $GLOBALS['TYPO3_CONF_VARS']['MAIL...

CVE-2026-1323

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...

CVE-2026-1323 Insecure Deserialization in extension "Mailqueue" (mailqueue)

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...

CVE-2026-1323 Insecure Deserialization in extension "Mailqueue" (mailqueue)

The extension fails to properly define allowed classes used when deserializing transport failure metadata. An attacker may exploit this to execute untrusted serialized code. Note that an active exploit requires write access to the directory configured at...

📄 Qualys Security Advisory - Exim 21Nails Advisory

Qualys audited central parts of the Exim mail server and discovered 21 vulnerabilities, with 11 being local vulnerabilities and 10 being remote vulnerabilities. This is older research from 2021 that was missing from the archive. Qualys Security Advisory 21Nails: Multiple vulnerabilities in Exim...

mailqueue TYPO3 extension affected by Insecure Deserialization in QueueableFileTransport

Description The extension extends TYPO3’s FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004. Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core version still allows for Insecure Deserialization,...

EUVD-2026-3591

mailqueue TYPO3 extension affected by Insecure Deserialization...

CVE-2026-0895

The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core...

Deserialization of Untrusted Data

Overview cpsit/typo3-mailqueue is a TYPO3 CMS extension to improve TYPO3's mail spooler with additional components. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the FileSpool component. An attacker can execute arbitrary code by providing crafted...

CVE-2026-0895 Insecure Deserialization in extension "Mailqueue" (mailqueue)

The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core...

CVE-2026-0895

CVE-2026-0895 affects the TYPO3 mailqueue extension. The extension extends TYPO3’s FileSpool component, and the vulnerability is an Insecure Deserialization issue that existed in core TYPO3 prior to TYPO3-CORE-SA-2026-004. The core fix was overwritten by the extension, meaning that even patched T...

CVE-2026-0895

The extension extends TYPO3’ FileSpool component, which was vulnerable to Insecure Deserialization prior to TYPO3-CORE-SA-2026-004 https://typo3.org/security/advisory/typo3-core-sa-2026-004 . Since the related fix is overwritten by the extension, using the extension with a patched TYPO3 core...