116 matches found
FreeBSD : mail/mailpit -- multiple vulnerabilities (6e701ad2-4f61-11f1-af6d-10ffe07f9334)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6e701ad2-4f61-11f1-af6d-10ffe07f9334 advisory. Mailpit author reports: Set a default 50MB per message limit to prevent DoS via unlimited SMTP...
CVE-2026-45711
creationtimestamp| type| source ---|---|--- 2026-05-14 04:53:32+00:00| published-proof-of-concept| https://github.com/axllent/mailpit/security/advisories/GHSA-qx5x-85p8-vg4j...
CVE-2026-45713
creationtimestamp| type| source ---|---|--- 2026-05-14 04:53:02+00:00| published-proof-of-concept| https://github.com/axllent/mailpit/security/advisories/GHSA-fpxj-m5q8-fphw...
mail/mailpit -- multiple vulnerabilities
Mailpit author reports: Set a default 50MB per message limit to prevent DoS via unlimited SMTP DATA and /api/v1/send body sizes GHSA-fpxj-m5q8-fphw Include CGNAT Carrier-Grade NAT in internal IP checks GHSA-j3fj-qppj-fmmc Block internal IP access by default in HTML check GHSA-j3fj-qppj-fmmc Fix f...
GHSA-X4JJ-H2V8-HQQV vulnerabilities
Vulnerabilities for packages: kaf, regclient, kubernetes, consul, slsa-verifier, xeol, task-fips, nemo, malcontent, rke2-runtime, sriov-network-device-plugin-fips, image-factory, cerbos, gitea-fips, eksctl, spire-server, step-ca-fips, buildah, apko, trivy-operator-fips, kube-mgmt-fips, cilium-cli...
CVE-2026-32288 vulnerabilities
Vulnerabilities for packages: kaf, regclient, kubernetes, consul, slsa-verifier, xeol, task-fips, nemo, malcontent, rke2-runtime, sriov-network-device-plugin-fips, image-factory, cerbos, gitea-fips, eksctl, spire-server, step-ca-fips, buildah, apko, trivy-operator-fips, kube-mgmt-fips, cilium-cli...
CVE-2026-32283 vulnerabilities
Vulnerabilities for packages: kubeflow, kaf, regclient, kubernetes, kubevirt-cdi-operator-fips, consul, slsa-verifier, k8s-metacollector-fips, gatus-fips, crossplane-provider-aws-servicediscovery, cluster-proportional-autoscaler, xeol, cilium-certgen, kserve-rest-proxy, cadence-fips, step-fips,...
Mailpit < 1.28.2 - SMTP CRLF Injection
Mailpit 1.28 contains a header injection caused by insufficient regex validation of RCPT TO and MAIL FROM addresses in the SMTP server, letting attackers inject arbitrary SMTP headers, exploit requires crafted email addresses id: CVE-2026-23829 info: name: Mailpit 1.28.2 - SMTP CRLF Injection...
SUSE CVE-2026-27808
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...
CVE-2026-27808
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...
GO-2026-4558 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API in github.com/axllent/mailpit
Mailpit is Vulnerable to Server-Side Request Forgery SSRF via Link Check API in github.com/axllent/mailpit...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...
EUVD-2026-8775
Mailpit is Vulnerable to Server-Side Request Forgery SSRF via Link Check API...
GHSA-MPF7-P9X7-96R3 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API
Summary The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and statu...
Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API
Summary The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and statu...
CVE-2026-27808
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...
Mailpit 安全漏洞
Mailpit is an email testing tool developed by Ralph Slooten personally. Versions of Mailpit prior to 1.29.2 contained security vulnerabilities. These vulnerabilities stemmed from the link-checking API’s execution of HTTP HEAD requests for each URL found in emails. During these requests, the targe...
CVE-2026-27808 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...
CVE-2026-27808 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...
CVE-2026-27808
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...