Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...

CVE-2025-22800

Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through 2.9.11...

CVE-2024-55196

Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers...

PT-2024-7263 · 1с · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: 1C-Bitrix Bitrix24 version 23.300.100 Description: The issue concerns insufficiently protected credentials in SMTP server settings, allowing remote administrators to send SMTP account passwords to an arbitrary server via an HTTP POST request...

SUSE CVE-2017-3544

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

UBUNTU-CVE-2017-3544

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Networking. Supported versions that are affected are Java SE: 6u141, 7u131 and 8u121; Java SE Embedded: 8u121; JRockit: R28.3.13. Difficult to exploit vulnerability allows unauthenticated attacker wi...

CVE-2017-3247

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Core. Supported versions that are affected are 2.1.1, 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMTP to compromise Oracle GlassFish...