CVE-2025-13052 An improper certificates validation vulnerability was found in the Notification settings of ADM

When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle MITM attack, which may obtain the sensitive...

PT-2025-7054

Name of the Vulnerable Software and Affected Versions: mailcow: dockerized versions prior to 2025-01a Description: A vulnerability in the password reset functionality of mailcow allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an...