Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

27 matches found

RedhatCVE
RedhatCVEadded 2026/06/05 7:49 p.m.7 views

CVE-2026-41873

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

9.8CVSS5.4AI score0.00444EPSS
Exploits0References1
NVD
NVDadded 2026/04/28 4:16 p.m.3 views

CVE-2026-41873

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

9.8CVSS0.00444EPSS
Exploits0References2
EUVD
EUVDadded 2026/04/28 3:18 p.m.3 views

EUVD-2026-26065

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

9.8CVSS5.3AI score0.00444EPSS
Exploits0References1
CVE
CVEadded 2026/04/28 3:18 p.m.14 views

CVE-2026-41873

Technical details are not publicly available in the provided documents; no concrete information on affected products, versions, root cause, or fixes is present. Monitor for updates.

9.8CVSS5.3AI score0.00444EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/28 3:18 p.m.27 views

CVE-2026-41873 Pony Mail: Admin account takeover via request smuggling

UNSUPPORTED WHEN ASSIGNED Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling' vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under t...

0.00444EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/04/28 12:0 a.m.9 views

Apache Pony Mail 环境问题漏洞

Apache Pony Mail is a plugin from the Apache Foundation in the United States that includes features for email archiving, viewing, and interaction. Apache Pony Mail has an environmental issue vulnerability, which stems from inconsistent interpretation of HTTP requests, potentially allowing...

9.8CVSS5.8AI score0.00444EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/04/28 12:0 a.m.2 views

PT-2026-35747

Name of the Vulnerable Software and Affected Versions Pony Mail Lua implementation affected versions not specified Description Inconsistent interpretation of HTTP requests, known as HTTP Request/Response Smuggling, allows for admin account takeover. This occurs when a front-end server and a...

9.8CVSS5.8AI score0.00444EPSS
Exploits0References10
EUVD
EUVDadded 2025/10/07 12:30 a.m.5 views

EUVD-2017-14738

Malware in sbrugna...

5.3CVSS5.5AI score0.01822EPSS
Exploits0References3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2019-1005

Malware in sbrugna...

6.1CVSS6.3AI score0.05079EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/07 12:30 a.m.4 views

EUVD-2016-5449

Malware in sbrugna...

9.8CVSS9.5AI score0.06097EPSS
Exploits0References3
Prion
Prionadded 2019/04/22 10:29 p.m.16 views

Cross site scripting

A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface...

4.3CVSS5.9AI score0.05079EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2019/04/22 10:29 p.m.10 views

CVE-2019-0218

A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface...

6.1CVSS5.7AI score
Exploits0References3
NVD
NVDadded 2019/04/22 10:29 p.m.10 views

CVE-2019-0218

A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface...

6.1CVSS5.9AI score0.05079EPSS
Exploits0References3
CVE
CVEadded 2019/04/22 9:16 p.m.43 views

CVE-2019-0218

CVE-2019-0218 affects the Pony Mail interface, where a specially crafted URL enables reflected XSS via JavaScript. Root cause: insufficient validation/handling of URL input in the interface leading to script execution. Exploitation details are not provided in the connected documents; no remediati...

6.1CVSS5.8AI score0.05079EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2019/04/22 9:16 p.m.17 views

CVE-2019-0218

A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface...

6AI score0.05079EPSS
Exploits0References3
CNVD
CNVDadded 2018/10/24 12:0 a.m.3 views

Apache Pony Mail Information Disclosure Vulnerability

Apache Pony Mail is a plug-in with mail archiving, viewing and interaction capabilities from the Apache USA Software Foundation. A security vulnerability exists in the statistics generator in Apache Pony Mail versions 0.7 through 0.9, which stems from the statistics generator returning timestamp...

5.3CVSS5.3AI score0.01822EPSS
Exploits0References1
Prion
Prionadded 2018/10/04 2:29 p.m.14 views

Authorization

The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the conten...

5CVSS5AI score0.01822EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2018/10/04 2:29 p.m.11 views

CVE-2017-5658

The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the conten...

5.3CVSS6.4AI score
Exploits0References1
NVD
NVDadded 2018/10/04 2:29 p.m.10 views

CVE-2017-5658

The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the conten...

5.3CVSS5.1AI score0.01822EPSS
Exploits0References1
Cvelist
Cvelistadded 2018/10/04 2:0 p.m.16 views

CVE-2017-5658

The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the conten...

5.1AI score0.01822EPSS
Exploits0References1
Rows per page
Query Builder