7294 matches found
CVE-2026-23845 Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...
CVE-2026-23845
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...
CVE-2026-23845 Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...
CVE-2025-68616
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...
CVE-2025-68616 WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...
CVE-2025-68616
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...
CVE-2025-68616
WeasyPrint CVE-2025-68616 describes a Server-Side Request Forgery (SSRF) protection bypass in the default_url_fetcher, allowing redirects via urllib to reach internal resources (e.g., localhost or cloud metadata) even when a developer blocks access with a custom url_fetcher. The issue affects Wea...
CVE-2025-68616 WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...
CVE-2025-68616
WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery SSRF protection bypass exists in WeasyPrint's defaulturlfetcher. The vulnerability allows attackers to access internal network resources such as localhost services or cloud metadata...
CVE-2026-1062
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...
Mailpit code issue vulnerabilities
Mailpit is an email testing tool developed by Ralph Slooten personally. Versions of Mailpit prior to 1.28.3 had a code vulnerability. This vulnerability stemmed from the inlineRemoteCSS function in the HTML Check feature, which allowed external CSS files to be downloaded, potentially leading to...
WordPress GetContentFromURL plugin server-side request forgery vulnerability
The WordPress GetContentFromURL plugin is a tool that allows users to grab content from other websites and display it on WordPress sites with a simple short code. The WordPress GetContentFromURL plugin suffers from a server-side request forgery vulnerability that stems from the use of the...
WeasyPrint code-related vulnerabilities
WeasyPrint is an intelligent solution developed by Kozea. It helps web developers create PDF files. Versions of WeasyPrint prior to 68.0 contained code vulnerabilities. These vulnerabilities stemmed from a protection mechanism in the defaulturlfetcher that allowed server-side request forgery...
PT-2026-3488
Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.28.3 Description Mailpit, an email testing tool and API for developers, contains a Server-Side Request Forgery SSRF issue. This flaw is related to the HTML Check CSS Download functionality, specifically within the...
CVE-2026-0682
The Church Admin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 5.0.28 due to insufficient validation of user-supplied URLs in the 'audiourl' parameter. This makes it possible for authenticated attackers, with Administrator-level access, to...
mail/mailpit -- multiple vulnerabilities
Mailpit author reports: Ensure SMTP TO & FROM addresses are RFC 5322 compliant and prevent header injection GHSA-54wq-72mp-cq7c Prevent Server-Side Request Forgery SSRF via HTML Check API GHSA-6jxm-fv7w-rw5j...
CVE-2026-1062
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-1062
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-1062 xiweicheng TMS HtmlUtil.java summary server-side request forgery
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been...
CVE-2026-1062
CVE-2026-1062 affects xiweicheng TMS up to version 2.28.0. The flaw is in the function Summary (src/main/java/com/lhjz/portal/util/HtmlUtil.java) where manipulation of the URL argument enables server-side request forgery. Attacks can be initiated remotely, and an exploit has been published. Multi...