Lucene search
+L

10 matches found

nvd
nvd
•added 2 days ago•4 views

CVE-2026-45755

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...

6.9CVSS0.00303EPSS
Exploits0References4
cve
cve
•added 2 days ago•12 views

CVE-2026-45755

The CVE-2026-45755 issue affects Symfony’s Mailtrap Mailer Bridge (package symfony/mailtrap-mailer). The MailtrapRequestParser::doParse() method accepts the webhook payload using a configured secret but does not verify the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to forg...

6.9CVSS6.1AI score0.00303EPSS
Exploits0References4Affected Software1
osv
osv
•added 2 days ago•2 views

CVE-2026-45755 Symfony: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Prior to 7.4.12 and 8.0.12, MailtrapRequestParser::doParse received the configured webhook secret but ignored the X-Mt-Signature HMAC header, allowing unauthenticated POST requests to inject forged...

6.9CVSS6.1AI score0.00303EPSS
Exploits0References6
osv
osv
•added 2026/05/28 5:33 p.m.•6 views

GHSA-59F3-VP2F-MP9W Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection

Description The Mailtrap mailer bridge ships a webhook request parser used to authenticate and decode the event callbacks Mailtrap POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...

8.7CVSS5.8AI score0.00303EPSS
Exploits0References6
ptsecurity
ptsecurity
•added 2026/05/21 12:0 a.m.•13 views

PT-2026-44547

Name of the Vulnerable Software and Affected Versions Mailtrap mailer bridge versions prior to 7.4 Description The webhook request parser used to authenticate and decode event callbacks fails to verify the X-Mt-Signature HMAC header. Specifically, the doParseRequest $request, SensitiveParameter...

6.9CVSS6.1AI score0.00303EPSS
Exploits0References20
snyk
snyk
•added 2026/05/20 3:35 p.m.•10 views

Missing Authentication for Critical Function

Overview symfony/mailtrap-mailer is a Symfony Mailtrap Mailer Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parser in the Mailtrap mailer bridge. An attacker can submit forged webhook events because the pars...

6.9CVSS5.8AI score0.00303EPSS
Exploits0References2
wpvulndb
wpvulndb
•added 2023/02/20 12:0 a.m.•16 views

FluentSMTP < 2.2.3 - Stored XSS via Email Logs

The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. PoC XSS Payload : Steps to reproduce: 1...

5.4CVSS5.4AI score0.00507EPSS
Exploits2Affected Software1
wpexploit
wpexploit
•added 2023/02/20 12:0 a.m.•379 views

FluentSMTP < 2.2.3 - Stored XSS via Email Logs

The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. XSS Payload : Steps to reproduce: 1. Install...

5.4CVSS5.7AI score0.00507EPSS
Exploits2
friendsofphp
friendsofphp
•added 1970/01/01 12:0 a.m.•10 views

CVE-2026-45755: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45755...

6.9CVSS5.8AI score0.00303EPSS
Exploits0Affected Software1
friendsofphp
friendsofphp
•added 1970/01/01 12:0 a.m.•8 views

CVE-2026-45755: Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC: Unauthenticated Webhook Event Injection

More info at https://symfony.com/cve-2026-45755...

6.9CVSS5.8AI score0.00303EPSS
Exploits0Affected Software1
Rows per page
Query Builder