Filtered by vendor Nodemailer
Subscribe
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-14874 | 2 Nodemailer, Redhat | 4 Nodemailer, Advanced Cluster Management For Kubernetes, Ceph Storage and 1 more | 2026-01-08 | N/A | 7.5 HIGH |
| A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser. | |||||
| CVE-2021-23400 | 1 Nodemailer | 1 Nodemailer | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| The package nodemailer before 6.6.1 are vulnerable to HTTP Header Injection if unsanitized user input that may contain newlines and carriage returns is passed into an address object. | |||||
| CVE-2020-7769 | 1 Nodemailer | 1 Nodemailer | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| This affects the package nodemailer before 6.4.16. Use of crafted recipient email addresses may result in arbitrary command flag injection in sendmail transport for sending mails. | |||||