CVE-2026-33236

A flaw was found in NLTK Natural Language Toolkit, a suite of open-source Python modules for Natural Language Processing. The NLTK downloader does not validate subdir and id attributes when processing remote XML index files. A remote attacker can exploit this path traversal vulnerability by...

EUVD-2025-175341

Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...

CVE-2025-59480

Mattermost Mobile Apps (Android/iOS) versions up to and including 2.32.0 are affected by an insufficient verification of SSO redirect tokens. The root cause is failure to verify that SSO tokens originate from a trusted server, enabling a malicious Mattermost instance or an on-path attacker to obt...

CVE-2025-59480 Inadequate validation of SSO redirect credentials permits credential theft

Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...

CVE-2025-59480 Inadequate validation of SSO redirect credentials permits credential theft

Mattermost Mobile Apps versions =2.32.0 fail to verify that SSO redirect tokens originate from the trusted server, which allows a malicious Mattermost instance or on-path attacker to obtain user session credentials via crafted token-in-URL responses...

USN-7843-1 netty vulnerability

It was discovered that Netty did not properly handle user input. A remote attacker could possibly use this issue to forge arbitrary emails from a trusted server...

USN-7843-1: Netty vulnerability

It was discovered that Netty did not properly handle user input. A remote attacker could possibly use this issue to forge arbitrary emails from a trusted server...

CLSA-2025-1761575970 Fix of 6 CVEs

SECURITY UPDATE: potential Denial of Service via TLS connection - debian/patches/CVE-2020-14058.patch: Fix sending of unknown validation errors to cert validator - CVE-2020-14058 SECURITY UPDATE: improper Validation of Specified Index leads to Denial of Service via TLS Handshake vulnerability -...

SUSE CVE-2025-59419

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

Netty has SMTP Command Injection Vulnerability that Allows Email Forgery

Summary An SMTP Command Injection CRLF Injection vulnerability in Netty's SMTP codec allows a remote attacker who can control SMTP command parameters e.g., an email recipient to forge arbitrary emails from the trusted server. This bypasses standard email authentication and can be used to...

DEBIAN-CVE-2025-59419

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

UBUNTU-CVE-2025-59419

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

CVE-2025-59419

Netty CVE-2025-59419 is a CRLF injection vulnerability in the SMTP codec. In Netty versions prior to 4.1.128.Final and 4.2.7.Final, io.netty.handler.codec.smtp.DefaultSmtpRequest concatenates parameters into SMTP commands without sanitization, enabling an attacker-controlled CRLF sequence in reci...

CVE-2025-59419 Netty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email Forgery

Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...

EUVD-2013-3902

Malware in sbrugna...

EUVD-2022-2113

Malicious code in bioql PyPI...

FreeBSD : openvpn-devel -- script injection vulnerability from trusted but malicious server (e5cf9f44-9a64-11f0-8241-93c889bb8de1)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e5cf9f44-9a64-11f0-8241-93c889bb8de1 advisory. Gert Doering reports: Notable changes beta1 - beta2 are: ... add proper input sanitation to DNS strings...

IDCloak: a Practical Secure Multi-Party Dataset Join Framework for Vertical Privacy-Preserving Machine Learning

Vertical privacy-preserving machine learning vPPML enables multiple parties to train models on their vertically distributed datasets while keeping datasets private. In vPPML, it is critical to perform the secure dataset join, which aligns features corresponding to intersection IDs across datasets...

Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from credentials provided through the new GOAUTH feature not being properly segmented by domain, allowing malicious...

CLSA-2024-1733141124 squid: Fix of CVE-2024-45802

CVE-2024-45802: Fix DoS by a trusted server by disabling ESI...