Lucene search
K

1090 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:16 p.m.9 views

CVE-2026-42246

Net::IMAP implements Internet Message Access Protocol IMAP client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.14, and 0.6.4, a man-in-the-middle attacker can cause Net::IMAPstarttls to return "successfully", without starting TLS. This issue has been patched in versions 0.3.10,...

7.6CVSS5.3AI score0.00324EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 5:40 a.m.8 views

BIT-AIRFLOW-2026-49267 Apache Airflow: No certificate validation on SMTP STARTTLS connections

Apache Airflow's EmailOperator and the underlying airflow.utils.email helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used email smtpstarttls=True without email smtpssl. An attacker positioned between the worker and the configured SMTP...

5.9CVSS5.6AI score0.00185EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/05 12:0 a.m.12 views

Python Library Django 5.2.x < 5.2.15 / 6.0.x < 6.0.6 Multiple Vulnerabilities

The detected version of the Django Python package is 5.2.x prior to 5.2.15 or 6.0.x prior to 6.0.6. It is, therefore, affected by multiple vulnerabilities, including: - django.middleware.cache.UpdateCacheMiddleware does not add Authorization to the Vary response header for requests bearing that...

5.3CVSS5.6AI score0.00359EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/04 2:30 a.m.15 views

SUSE CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

7.4CVSS5.7AI score0.0015EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/03 9:51 p.m.12 views

CVE-2026-7666

A flaw was found in Django. An on-path network attacker could exploit a vulnerability in django.core.mail.backends.smtp.EmailBackend where a partially-initialized connection is reused after a failed STARTTLS handshake when failsilently=True. This could allow the attacker to intercept and read ema...

3.1CVSS5.6AI score0.0015EPSS
Exploits0References6
NVD
NVD
added 2026/06/03 2:16 p.m.16 views

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS0.0015EPSS
Exploits0References3
OSV
OSV
added 2026/06/03 2:16 p.m.11 views

PYSEC-2026-200

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

2.3CVSS5.3AI score0.0015EPSS
Exploits0References3
PyPA
PyPA
added 2026/06/03 2:16 p.m.27 views

PYSEC-2026-200

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15.django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read emai...

3.1CVSS5.4AI score0.0015EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/03 1:16 p.m.32 views

CVE-2026-7666

Django 6.0 before 6.0.6 and 5.2 before 5.2.15 are affected. The SMTP email backend (django.core.mail.backends.smtp.EmailBackend) may reuse a partially-initialized connection after a failed STARTTLS handshake when fail_silently=True, allowing on-path attackers to read email content in cleartext. T...

3.1CVSS5.8AI score0.0015EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/03 1:16 p.m.8 views

CVE-2026-7666 Potential unencrypted email transmission via STARTTLS in the SMTP backend

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS5.8AI score0.0015EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/06/03 1:16 p.m.11 views

CVE-2026-7666

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS5.8AI score0.0015EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/06/03 1:16 p.m.41 views

CVE-2026-7666 Potential unencrypted email transmission via STARTTLS in the SMTP backend

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

3.1CVSS0.0015EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/03 12:0 a.m.12 views

Linux Distros Unpatched Vulnerability : CVE-2026-7666

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a...

3.1CVSS5.8AI score0.0015EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.8 views

Django 安全漏洞

Django is a set of open-source web frameworks based on the Python language, developed by the Django Foundation. This framework includes an object-oriented mapper, view system, template system, etc. Versions of Django prior to 6.0.6 and 5.2.15 contained security vulnerabilities. These...

3.1CVSS5.3AI score0.0015EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/02 10:3 p.m.14 views

CVE-2026-49267

Apache Airflow's EmailOperator and the underlying airflow.utils.email helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used email smtpstarttls=True without email smtpssl. An attacker positioned between the worker and the configured SMTP...

5.9CVSS5.9AI score0.00185EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 9:16 a.m.16 views

CVE-2026-49267

Apache Airflow's EmailOperator and the underlying airflow.utils.email helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used email smtpstarttls=True without email smtpssl. An attacker positioned between the worker and the configured SMTP...

5.9CVSS0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 7:53 a.m.9 views

CVE-2026-49267 Apache Airflow: No certificate validation on SMTP STARTTLS connections

Apache Airflow's EmailOperator and the underlying airflow.utils.email helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used email smtpstarttls=True without email smtpssl. An attacker positioned between the worker and the configured SMTP...

5.9AI score0.00185EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/01 7:53 a.m.9 views

CVE-2026-49267

Apache Airflow's EmailOperator and the underlying airflow.utils.email helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used email smtpstarttls=True without email smtpssl. An attacker positioned between the worker and the configured SMTP...

5.9CVSS5.9AI score0.00268EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/06/01 7:53 a.m.27 views

CVE-2026-49267

Apache Airflow is affected where EmailOperator and airflow.utils.email establish SMTP STARTTLS without remote-certificate verification when smtp_starttls=True and smtp_ssl=False, enabling a network MITM to capture SMTP AUTH credentials and message contents. The issue is the core Airflow side, rel...

5.9CVSS5.9AI score0.00185EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/01 7:53 a.m.41 views

CVE-2026-49267 Apache Airflow: No certificate validation on SMTP STARTTLS connections

Apache Airflow's EmailOperator and the underlying airflow.utils.email helpers established SMTP STARTTLS connections without verifying the remote certificate when the deployment used email smtpstarttls=True without email smtpssl. An attacker positioned between the worker and the configured SMTP...

0.00185EPSS
Exploits0References2
Rows per page
Query Builder