Lucene search
+L

291 matches found

cve
cve
added 2026/01/23 4:53 p.m.83 views

CVE-2026-24423

CVE-2026-24423 affects SmarterTools SmarterMail builds prior to 9511, where the ConnectToHub API exposes an unauthenticated remote code execution. The vulnerability allows an attacker to direct a SmarterMail instance to a malicious HTTP server that serves an OS command executed by the vulnerable ...

9.8CVSS6.4AI score0.87693EPSS
In wildExploits0References4Affected Software1
redhatcve
redhatcve
added 2026/01/23 3:22 p.m.11 views

CVE-2026-23760

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...

9.8CVSS6.3AI score0.96268EPSS
Exploits3References1
githubexploit
githubexploit
added 2026/01/23 11:48 a.m.326 views

Exploit for Unrestricted Upload of File with Dangerous Type in Smartertools Smartermail

CVE-2025-52691 / WT-2026-0001 SmarterMail Exploit 🚨 IMPORT...

10CVSS6AI score0.85457EPSS
Exploits15
cnnvd
cnnvd
added 2026/01/23 12:0 a.m.10 views

SmarterTools SmarterMail access control vulnerability

SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Versions of SmarterTools SmarterMail prior to build 9511 had an access...

9.8CVSS8AI score0.87693EPSS
Exploits0References4
packetstorm
packetstorm
added 2026/01/23 12:0 a.m.160 views

📄 SmarterTools SmarterMail GUID File Upload

This Metasploit module exploits a pre-authentication remote code execution vulnerability in SmarterTools SmarterMail before version 100.0.9413. The endpoint /api/upload fails to sanitize the contextData POST parameter which can contain JSON data with a "guid" key that allows directory traversal. ...

10CVSS6.6AI score0.85457EPSS
Exploits15
metasploit
metasploit
added 2026/01/22 6:57 p.m.326 views

SmarterTools SmarterMail GUID File Upload Vulnerability

This module exploits a pre-auth remote code execution vulnerability in SmarterTools SmarterMail before version 100.0.9413. The endpoint /api/upload fails to sanitize the contextData POST parameter which can contain JSON data with a "guid" key that allows directory traversal. By leveraging this...

10CVSS8AI score0.85457EPSS
Exploits15
githubexploit
githubexploit
added 2026/01/22 5:54 p.m.229 views

WT-2026-0001

SmarterMail WT-2026-0001 Authentication Bypass Exploit 📌 O...

6.1AI score
Exploits0
osv
osv
added 2026/01/22 3:16 p.m.4 views

CVE-2026-23760

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...

9.8CVSS6AI score0.96268EPSS
Exploits3References6
nvd
nvd
added 2026/01/22 3:16 p.m.4 views

CVE-2026-23760

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...

9.8CVSS0.96268EPSS
Exploits3References6
vulnrichment
vulnrichment
added 2026/01/22 2:35 p.m.8 views

CVE-2026-23760 SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...

9.3CVSS6.3AI score0.96268EPSS
Exploits3References4
cvelist
cvelist
added 2026/01/22 2:35 p.m.26 views

CVE-2026-23760 SmarterTools SmarterMail < Build 9511 Authentication Bypass via Password Reset API

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...

9.3CVSS0.96268EPSS
Exploits3References4
attackerkb
attackerkb
added 2026/01/22 2:35 p.m.6 views

CVE-2026-23760

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...

9.8CVSS6.1AI score0.96268EPSS
In wildExploits3References6
cve
cve
added 2026/01/22 2:35 p.m.75 views

CVE-2026-23760

SmarterTools SmarterMail versions before build 9511 are affected by an authentication bypass in the password reset API. The force-reset-password endpoint allows anonymous requests and does not verify the current password or a reset token when resetting system administrator accounts, enabling an u...

9.8CVSS6.3AI score0.96268EPSS
In wildExploits3References6Affected Software1
thn
thn
added 2026/01/22 9:46 a.m.16 views

SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release

A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch. The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on...

10CVSS7.1AI score0.96268EPSS
Exploits18
vulncheck_kev
vulncheck_kev
added 2026/01/22 12:0 a.m.5 views

VulnCheck KEV: CVE-2026-23760

SmarterTools SmarterMail versions prior to build 9511 contain an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. An...

9.8CVSS6AI score0.96268EPSS
In wildExploits3References92
cnnvd
cnnvd
added 2026/01/22 12:0 a.m.7 views

SmarterTools SmarterMail security vulnerability

SmarterTools SmarterMail is a set of email server software developed by SmarterTools Corporation. This software supports features such as spam filtering, data statistics, and Simple Mail Transfer Protocol SMTP authentication. Previous versions of SmarterTools SmarterMail, including the 9511...

9.8CVSS7.4AI score0.96268EPSS
Exploits3References5
ptsecurity
ptsecurity
added 2026/01/15 12:0 a.m.5 views

PT-2026-3941

Name of the Vulnerable Software and Affected Versions: SmarterTools SmarterMail versions prior to build 9511 Description: SmarterTools SmarterMail contains an authentication bypass vulnerability in the password reset API. The force-reset-password endpoint at /api/v1/admin/force-reset-password...

10CVSS7.7AI score0.96268EPSS
Exploits3References99
ptsecurity
ptsecurity
added 2026/01/15 12:0 a.m.8 views

PT-2026-4520

Name of the Vulnerable Software and Affected Versions SmarterTools SmarterMail versions prior to build 9511 Description An issue exists in the 'ConnectToHub' API method, specifically at the endpoint '/api/v1/settings/sysadmin/connect-to-hub', due to missing authentication for a critical function...

9.8CVSS7.8AI score0.87693EPSS
Exploits0References105
githubexploit
githubexploit
added 2026/01/09 8:29 p.m.267 views

Exploit for Missing Authorization in Givewp

CVE-2025-2025-52691-SmarterMail-Exp Environment Setup S...

7.5CVSS7.2AI score0.00583EPSS
Exploits1
githubexploit
githubexploit
added 2026/01/08 11:42 a.m.181 views

Exploit for Unrestricted Upload of File with Dangerous Type in Smartertools Smartermail

CVE-2025-52691 SmarterMail Pre-Auth RCE SmarterMail Pre-Auth...

10CVSS7.4AI score0.85457EPSS
Exploits15
Rows per page
Query Builder