CVE-2026-26312

Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested message/rfc822 MIME parts via IMAP or JMAP causes excessive CPU and memory consumption...

CVE-2026-26312 Stalwart Mail Server has Out-of-Memory Denial of Service via Malformed Nested MIME Messages

Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested message/rfc822 MIME parts via IMAP or JMAP causes excessive CPU and memory consumption...

CVE-2026-26312 Stalwart Mail Server has Out-of-Memory Denial of Service via Malformed Nested MIME Messages

Stalwart is a mail and collaboration server. A denial-of-service vulnerability exists in Stalwart Mail Server versions 0.13.0 through 0.15.4 where accessing a specially crafted email containing malformed nested message/rfc822 MIME parts via IMAP or JMAP causes excessive CPU and memory consumption...

CVE-2025-64726

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...

EUVD-2025-175357

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...

CVE-2025-64726 External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...

CVE-2025-64726 External Control of System or Configuration Setting and Uncontrolled Search Path Element in sfw

Socket Firewall is an HTTP/HTTPS proxy server that intercepts package manager requests and enforces security policies by blocking dangerous packages. Socket Firewall binary versions separate from installers prior to 0.15.5 are vulnerable to arbitrary code execution when run in untrusted project...

Pallets Werkzeug Path Traversal Vulnerability

Pallets Werkzeug is a WSGI Web application library. A path traversal vulnerability in Pallets Werkzeug prior to version 0.15.5, which stems from SharedDataMiddleware's failure to correctly handle driver names in Windows path names e.g., C:, can be exploited by an attacker to access arbitrary file...

CVE-2017-15131

It was found that system umask policy is not being honored when creating XDG user directories, since Xsession sources xdg-user-dirs.sh before setting umask policy. This only affects xdg-user-dirs before 0.15.5 as shipped with Red Hat Enterprise Linux...

PT-2018-5777 · Freedesktop.Org +4 · Xdg-User-Dirs +4

Name of the Vulnerable Software and Affected Versions: xdg-user-dirs versions prior to 0.15.5 Description: A issue was found where the system umask policy is not being honored when creating XDG user directories. This occurs because Xsession sources xdg-user-dirs.sh before setting the umask policy...