Last Week in AppSec for 30. September 2025

**Executive Summary:** This newsletter highlights two high-severity vulnerabilities: an SMTP command injection in the Go package *go-mail* (fixed in v0.7.1) caused by improper address encoding that allowed SMTP commands to be injected, and a SAML authentication flaw in Rancher (CVE-2024-58267, CVSS 8.0) that could be exploited via phishing and a crafted URL to obtain valid session tokens; administrators using these components are advised to upgrade to the listed patched versions promptly.