CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

47 matches found

NVD•added 2026/05/01 3:16 p.m.•2 views

CVE-2026-43052

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check tdls flag in ieee80211tdlsoper When NL80211TDLSENABLELINK is called, the code only checks if the station exists but not whether it is actually a TDLS station. This allows the operation to proceed for non-TDL...

7.1CVSS0.00015EPSS

Exploits0References7

Cvelist•added 2026/05/01 2:15 p.m.•25 views

CVE-2026-43052 wifi: mac80211: check tdls flag in ieee80211_tdls_oper

0.00015EPSS

Exploits0References7

ATTACKERKB•added 2026/05/01 2:15 p.m.•1 views

CVE-2026-43052

5.8AI score0.00015EPSS

Exploits0References5Affected Software1

Positive Technologies•added 2026/05/01 12:0 a.m.•2 views

PT-2026-36469

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description In the mac80211 subsystem, the ieee80211 tdls oper function fails to verify if a station is a TDLS Tunneled Direct Link Setup station when NL80211 TDLS ENABLE LINK is called. The system...

7.1CVSS5.8AI score0.00015EPSS

Exploits0References7

SUSE CVE•added 2026/03/25 12:26 a.m.•2 views

SUSE CVE-2026-27808

Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...

8.6CVSS6.1AI score0.00047EPSS

Exploits1References3

NVD•added 2026/03/12 6:16 p.m.•1 views

CVE-2026-31873

Unhead is a document head and template manager. Prior to 2.1.11, The link.href check in makeTagSafe safe.ts uses String.includes, which is case-sensitive. Browsers treat URI schemes case-insensitively. DATA:text/css,... is the same as data:text/css,... to the browser, but 'DATA:...'.includes'data...

6.1CVSS0.0002EPSS

Exploits1References1

Tenable Nessus•added 2026/03/03 12:0 a.m.•2 views

FreeBSD : mail/mailpit -- Server-Side Request Forgery (SSRF) via Link Check API (fe6209a3-126c-11f1-8a62-0897988a1c07)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fe6209a3-126c-11f1-8a62-0897988a1c07 advisory. Mailpit author reports: The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side...

8.6CVSS6AI score0.00047EPSS

Exploits1References3

RedhatCVE•added 2026/02/27 4:13 a.m.•2 views

CVE-2026-27808

8.6CVSS5.9AI score0.00947EPSS

Exploits4References1

OSV•added 2026/02/27 2:17 a.m.•1 views

GO-2026-4558 Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API in github.com/axllent/mailpit

Mailpit is Vulnerable to Server-Side Request Forgery SSRF via Link Check API in github.com/axllent/mailpit...

8.6CVSS5.8AI score0.00047EPSS

Exploits1References4

Github Security Blog•added 2026/02/26 3:18 p.m.•6 views

Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API

Summary The Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and statu...

8.6CVSS5.8AI score0.00047EPSS

Exploits1References5Affected Software1

Snyk•added 2026/02/26 3:18 p.m.•0 views

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the doHead function in the Link Check API, which performs HTTP HEAD requests to URLs extracted from email content without validating target hosts or filtering private/internal IP addresses. An attack...

8.6CVSS6AI score0.00047EPSS

Exploits1References2