Lucene search
K

116 matches found

Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.10 views

FreeBSD : mail/mailpit -- multiple vulnerabilities (6e701ad2-4f61-11f1-af6d-10ffe07f9334)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 6e701ad2-4f61-11f1-af6d-10ffe07f9334 advisory. Mailpit author reports: Set a default 50MB per message limit to prevent DoS via unlimited SMTP...

6AI score0.00099EPSS
Exploits0References9
Circl
Circl
added 2026/05/14 4:53 a.m.10 views

CVE-2026-45711

creationtimestamp| type| source ---|---|--- 2026-05-14 04:53:32+00:00| published-proof-of-concept| https://github.com/axllent/mailpit/security/advisories/GHSA-qx5x-85p8-vg4j...

5.8AI score0.00032EPSS
Exploits0References1
Circl
Circl
added 2026/05/14 4:53 a.m.7 views

CVE-2026-45713

creationtimestamp| type| source ---|---|--- 2026-05-14 04:53:02+00:00| published-proof-of-concept| https://github.com/axllent/mailpit/security/advisories/GHSA-fpxj-m5q8-fphw...

5.8AI score0.00099EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/05/14 12:0 a.m.15 views

mail/mailpit -- multiple vulnerabilities

Mailpit author reports: Set a default 50MB per message limit to prevent DoS via unlimited SMTP DATA and /api/v1/send body sizes GHSA-fpxj-m5q8-fphw Include CGNAT Carrier-Grade NAT in internal IP checks GHSA-j3fj-qppj-fmmc Block internal IP access by default in HTML check GHSA-j3fj-qppj-fmmc Fix f...

5.9AI score0.00099EPSS
Exploits0References4
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.8 views

GHSA-X4JJ-H2V8-HQQV vulnerabilities

Vulnerabilities for packages: kaf, regclient, kubernetes, consul, slsa-verifier, xeol, task-fips, nemo, malcontent, rke2-runtime, sriov-network-device-plugin-fips, image-factory, cerbos, gitea-fips, eksctl, spire-server, step-ca-fips, buildah, apko, trivy-operator-fips, kube-mgmt-fips, cilium-cli...

5.9AI score
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.10 views

CVE-2026-32288 vulnerabilities

Vulnerabilities for packages: kaf, regclient, kubernetes, consul, slsa-verifier, xeol, task-fips, nemo, malcontent, rke2-runtime, sriov-network-device-plugin-fips, image-factory, cerbos, gitea-fips, eksctl, spire-server, step-ca-fips, buildah, apko, trivy-operator-fips, kube-mgmt-fips, cilium-cli...

5.5CVSS6.1AI score0.0029EPSS
Exploits0
Chainguard
Chainguard
added 2026/04/11 2:18 a.m.12 views

CVE-2026-32283 vulnerabilities

Vulnerabilities for packages: kubeflow, kaf, regclient, kubernetes, kubevirt-cdi-operator-fips, consul, slsa-verifier, k8s-metacollector-fips, gatus-fips, crossplane-provider-aws-servicediscovery, cluster-proportional-autoscaler, xeol, cilium-certgen, kserve-rest-proxy, cadence-fips, step-fips,...

7.5CVSS7.1AI score0.00621EPSS
Exploits0
Nuclei
Nuclei
added 2026/03/30 4:20 a.m.10 views

Mailpit < 1.28.2 - SMTP CRLF Injection

Mailpit 1.28 contains a header injection caused by insufficient regex validation of RCPT TO and MAIL FROM addresses in the SMTP server, letting attackers inject arbitrary SMTP headers, exploit requires crafted email addresses id: CVE-2026-23829 info: name: Mailpit 1.28.2 - SMTP CRLF Injection...

5.3CVSS5.9AI score0.01441EPSS
Exploits4References2
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-27808

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

8.6CVSS6.1AI score0.00468EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.8 views

CVE-2026-27808

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

8.6CVSS5.9AI score0.00755EPSS
Exploits4References1
OSV
OSV
added 2026/02/27 2:17 a.m.5 views

GO-2026-4558 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API in github.com/axllent/mailpit

Mailpit is Vulnerable to Server-Side Request Forgery SSRF via Link Check API in github.com/axllent/mailpit...

8.6CVSS5.8AI score0.00468EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/26 3:18 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...

8.6CVSS6AI score0.00468EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/26 3:18 p.m.7 views

EUVD-2026-8775

Mailpit is Vulnerable to Server-Side Request Forgery SSRF via Link Check API...

5.8CVSS5.5AI score0.00468EPSS
Exploits1References4
OSV
OSV
added 2026/02/26 3:18 p.m.6 views

GHSA-MPF7-P9X7-96R3 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API

Summary The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and statu...

5.8CVSS5.9AI score0.00468EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2026/02/26 3:18 p.m.11 views

Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API

Summary The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and statu...

8.6CVSS5.8AI score0.00468EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2026/02/26 12:16 a.m.13 views

CVE-2026-27808

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

8.6CVSS0.00468EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/02/26 12:0 a.m.10 views

Mailpit 安全漏洞

Mailpit is an email testing tool developed by Ralph Slooten personally. Versions of Mailpit prior to 1.29.2 contained security vulnerabilities. These vulnerabilities stemmed from the link-checking API’s execution of HTTP HEAD requests for each URL found in emails. During these requests, the targe...

8.6CVSS7.3AI score0.00468EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/25 11:51 p.m.4 views

CVE-2026-27808 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

5.8CVSS5.6AI score0.00468EPSS
Exploits1References3
OSV
OSV
added 2026/02/25 11:51 p.m.8 views

CVE-2026-27808 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

5.8CVSS5.8AI score0.00468EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/02/25 11:51 p.m.5 views

CVE-2026-27808

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

8.6CVSS5.6AI score0.00755EPSS
Exploits4References4Affected Software1
Rows per page
Query Builder