CVE-2026-7666 Potential unencrypted email transmission via STARTTLS in the SMTP backend

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

CVE-2026-7666 Potential unencrypted email transmission via STARTTLS in the SMTP backend

An issue was discovered in Django 6.0 before 6.0.6 and 5.2 before 5.2.15. django.core.mail.backends.smtp.EmailBackend in Django fails to prevent reuse of a partially-initialized connection after a failed STARTTLS handshake when failsilently=True, which allows on-path network attackers to read ema...

CVE-2026-7666

Django 6.0 before 6.0.6 and 5.2 before 5.2.15 are affected. The SMTP email backend (django.core.mail.backends.smtp.EmailBackend) may reuse a partially-initialized connection after a failed STARTTLS handshake when fail_silently=True, allowing on-path attackers to read email content in cleartext. T...

UBUNTU-CVE-2026-7666

Potential unencrypted email transmission via STARTTLS in the SMTP backend...

CVE-2023-40440

This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted...

CVE-2023-50930

An issue was discovered in savignano S/Notify before 4.0.2 for Jira. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a...

CVE-2023-50931

savignano S/Notify for Bitbucket

CVE-2023-50932

An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visitin...

Mozilla Thunderbird 安全漏洞

Mozilla Thunderbird is a set of the United States Mozilla Foundation from the Mozilla Application Suite independent of the e-mail client software. A security bypass vulnerability exists in versions of MThunderbird prior to 78.9.1, which can be exploited by an attacker to send unencrypted e-mail t...

CVE-2020-12398

If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection. This vulnerability affects Thunderbird 68.9.0...

Mozilla: Security downgrade with IMAP STARTTLS leads to information leakage

The Mozilla Foundation Security Advisory describes this flaw as: If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent without protection...

Information disclosure

The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...

CVE-2009-5032

The encrypted e-mail feature in IBM Lotus Notes Traveler before 8.5.0.2 sends unencrypted messages when the feature is used without uploading a Notes ID file, which makes it easier for remote attackers to obtain sensitive information by sniffing the network...