CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

GHSA-59F3-VP2F-MP9W Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection

Description The Mailtrap mailer bridge ships a webhook request parser used to authenticate and decode the event callbacks Mailtrap POSTs to an application's webhook endpoint. Its doParseRequest $request, \SensitiveParameter string $secret method receives the configured webhook secret but never...

8.7CVSS5.8AI score

Exploits0References6

Positive Technologies•added 2026/05/21 12:0 a.m.•3 views

PT-2026-44547

Description The Mailtrap mailer bridge ships a webhook request parser used to authenticate and decode the event callbacks Mailtrap POSTs to an application's webhook endpoint. Its doParseRequest $request, SensitiveParameter string $secret method receives the configured webhook secret but never rea...

8.7CVSS5.8AI score

Exploits0References15

Snyk•added 2026/05/20 3:35 p.m.•5 views

Missing Authentication for Critical Function

Overview symfony/mailtrap-mailer is a Symfony Mailtrap Mailer Bridge Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the doParse webhook request parser in the Mailtrap mailer bridge. An attacker can submit forged webhook events because the pars...

6.9CVSS5.8AI score

Exploits0References2

wpexploit•added 2023/02/20 12:0 a.m.•359 views

FluentSMTP < 2.2.3 - Stored XSS via Email Logs

The plugin does not sanitize or escape email content, making it vulnerable to stored cross-site scripting attacks XSS when an administrator views the email logs. This exploit requires other plugins to enable users to send emails with unfiltered HTML. XSS Payload : Steps to reproduce: 1. Install...

5.4CVSS5.7AI score0.00181EPSS

Exploits2