Lucene search
K

60 matches found

OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5688 Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms in github.com/axllent/mailpit

Mailpit: Incomplete SSRF protection in Link Check API via IPv6 transition mechanisms in github.com/axllent/mailpit...

5.8CVSS5.8AI score0.00282EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2026/06/17 12:0 a.m.10 views

mail/mailpit -- Incomplete SSRF protection in Link Check API via uncovered IPv6 forms

Mailpit authorreports: The tools.IsInternalIP deny-list relies on Go's stdlib classification helpers IsLoopback, IsPrivate, IsLinkLocalUnicast, IsLinkLocalMulticast, IsUnspecified, IsMulticast plus an inline CGNAT range, but those helpers do not match two classes of IPv6 address that should be...

5.8CVSS5.3AI score0.00282EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/06/17 12:0 a.m.11 views

FreeBSD : mail/mailpit -- Incomplete SSRF protection in Link Check API via uncovered IPv6 forms (44afeb08-6a18-11f1-9647-10ffe07f9334)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 44afeb08-6a18-11f1-9647-10ffe07f9334 advisory. Mailpit authorreports: The tools.IsInternalIP deny-list relies on Go's stdlib classification helpers...

5.8CVSS5.5AI score0.00282EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/04 2:15 a.m.4 views

CVE-2026-7722 PrefectHQ prefect Health Check API health endswith improper authentication

A vulnerability was detected in PrefectHQ prefect up to 3.6.21. This impacts the function endswith of the file /api/health of the component Health Check API. Performing a manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit is now public...

6.9CVSS5.7AI score0.00453EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/04 12:0 a.m.9 views

Prefect 授权问题漏洞

Prefect is a workflow orchestration tool developed by Prefect OpenSource, enabling developers to build, monitor data pipelines, and respond to changes in those pipelines. Prefect versions 3.6.21 and earlier have a vulnerability related to authorization. This vulnerability stems from improper...

6.9CVSS6.1AI score0.00453EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.12 views

PT-2026-36752

Name of the Vulnerable Software and Affected Versions PrefectHQ prefect versions prior to 3.6.22 Description Improper authentication in the Health Check API allows a remote attacker to perform a manipulation. This issue specifically impacts the endswith function within the '/api/health' endpoint...

6.9CVSS6.1AI score0.00453EPSS
Exploits0References10
SUSE CVE
SUSE CVE
added 2026/03/25 12:26 a.m.5 views

SUSE CVE-2026-27808

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

8.6CVSS6.1AI score0.00468EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/03/03 12:0 a.m.5 views

FreeBSD : mail/mailpit -- Server-Side Request Forgery (SSRF) via Link Check API (fe6209a3-126c-11f1-8a62-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fe6209a3-126c-11f1-8a62-0897988a1c07 advisory. Mailpit author reports: The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side...

8.6CVSS6AI score0.00468EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2026/02/27 4:13 a.m.8 views

CVE-2026-27808

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

8.6CVSS5.9AI score0.00755EPSS
Exploits4References1
OSV
OSV
added 2026/02/27 2:17 a.m.5 views

GO-2026-4558 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API in github.com/axllent/mailpit

Mailpit is Vulnerable to Server-Side Request Forgery SSRF via Link Check API in github.com/axllent/mailpit...

8.6CVSS5.8AI score0.00468EPSS
Exploits1References4
Snyk
Snyk
added 2026/02/26 3:18 p.m.2 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...

8.6CVSS6AI score0.00468EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/26 3:18 p.m.3 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...

8.6CVSS6AI score0.00468EPSS
Exploits1References2
Snyk
Snyk
added 2026/02/26 3:18 p.m.4 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...

8.6CVSS6AI score0.00468EPSS
Exploits1References2
EUVD
EUVD
added 2026/02/26 3:18 p.m.7 views

EUVD-2026-8775

Mailpit is Vulnerable to Server-Side Request Forgery SSRF via Link Check API...

5.8CVSS5.5AI score0.00468EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/25 11:51 p.m.4 views

CVE-2026-27808 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

5.8CVSS5.6AI score0.00468EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/25 11:51 p.m.5 views

CVE-2026-27808

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

8.6CVSS5.6AI score0.00755EPSS
Exploits4References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/25 12:0 a.m.7 views

PT-2026-22057

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.29.2 Description Mailpit is an email testing tool and API for developers. A Server-Side Request Forgery SSRF issue exists in the Link Check API. This allows unauthenticated remote attackers to map internal networks...

9.9CVSS7.1AI score0.22162EPSS
Exploits70References138
OSV
OSV
added 2026/02/03 8:30 p.m.4 views

GO-2026-4345 Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API in github.com/axllent/mailpit

Mailpit has a Server-Side Request Forgery SSRF via HTML Check API in github.com/axllent/mailpit...

7.5CVSS5.2AI score0.00396EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/02/03 12:0 a.m.5 views

PT-2026-6514

Mailpit has a Server-Side Request Forgery SSRF via HTML Check API in github.com/axllent/mailpit...

7.5CVSS5.4AI score0.00396EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/19 7:1 p.m.22 views

CVE-2026-23845 Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API

Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...

5.8CVSS0.00396EPSS
Exploits1References3
Rows per page
Query Builder