6 matches found
GHSA-6JXM-FV7W-RW5J Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API
Server-Side Request Forgery SSRF via HTML Check CSS Download The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the inlineRemoteCSS function automatically downloads CSS files from external tags to inline them for testing...
Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API
Server-Side Request Forgery SSRF via HTML Check CSS Download The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the inlineRemoteCSS function automatically downloads CSS files from external tags to inline them for testing...
CVE-2026-23845 Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...
CVE-2026-23845 Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API
Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...
PT-2026-3488
Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.28.3 Description Mailpit, an email testing tool and API for developers, contains a Server-Side Request Forgery SSRF issue. This flaw is related to the HTML Check CSS Download functionality, specifically within the...
Critters 跨站脚本漏洞
Critters is a GoogleChromeLabs open source Webpack plugin . Used to inline critical CSS and delay loading the rest. A security vulnerability exists in Critters versions 0.0.17-0.0.19. An attacker exploited the vulnerability to perform cross-site scripting attacks...