2 matches found
PT-2026-29163
Name of the Vulnerable Software and Affected Versions HAPI FHIR versions prior to 6.9.4 Description The /loadIG API endpoint in the FHIR Validator HTTP service does not properly validate user-supplied URLs provided via a JSON body before making server-side HTTP requests. This allows an...
CVE-2026-27808
Mailpit is an email testing tool and API for developers. Prior to version 1.29.2, the Link Check API /api/v1/message/ID/link-check is vulnerable to Server-Side Request Forgery SSRF. The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering...