This page collects WhisperX intelligence signals tagged #email. It is designed for humans, search engines, and AI agents: each item links to a canonical source-backed record with sector, source, timestamp, credibility, and exportable structured data.
A critical security flaw in the widely-used Nodemailer library allowed attackers to silently hijack email delivery by injecting arbitrary SMTP commands. The vulnerability, tracked as GHSA-c7w3-x93f-qmm8, was present when a custom `envelope` object with a `size` property was passed to the `sendMail()` function. If this ...
A critical path traversal vulnerability has been identified in the `parse_body()` function of an email parsing library. The flaw allows a malicious actor to embed directory traversal sequences (e.g., `../../../etc/passwd`) within the `Content-Disposition` header of an email attachment. The parser accepts the raw, unsan...
A critical security flaw in the SMTP transport's message builder allows attackers to inject arbitrary email headers by controlling the display name field. The vulnerability resides in the `formatAddress()` method, which interpolates the `addr.name` value into the `From:` and `To:` header lines without validating or str...
A critical vulnerability in the widely-used MailKit library allows attackers to intercept and downgrade email authentication, potentially exposing sensitive credentials. The flaw, tracked as GHSA-9j88-vvj5-vhgr, is a STARTTLS Response Injection vulnerability. It enables a Man-in-the-Middle (MitM) attacker to inject arb...
A critical vulnerability in the widely-used MailKit library allows attackers to inject malicious commands and force weaker authentication, compromising the security of countless email clients and applications. The flaw, tracked as GHSA-9j88-vvj5-vhgr, is a STARTTLS Response Injection vulnerability that enables a Man-in...