Exim before 4.99.1, with certain non-default rate-limit configurations, allows a remote heap-based buffer overflow because database records are cast directly to internal structures without validation.
CVSS Score
7.0
EPSS Score
0.001
Published
2025-12-14
A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-03-28
Exim 4.98 before 4.98.1, when SQLite hints and ETRN serialization are used, allows remote SQL injection. (Resolving SQL injection requires an update to 4.99.1 in certain non-default rate-limit configurations.)
CVSS Score
7.5
EPSS Score
0.721
Published
2025-02-21