In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.
Information Disclosure
Gogs
NVD
GitHub
CVSS 3.1
6.5
EPSS
0.9%
Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Code Injection
Mutt
Debian Linux
Neomutt
Fedora
+2
NVD
GitHub
CVSS 3.1
5.9
EPSS
2.3%