EUVD-2026-11336

Plunk is an open-source email platform built on top of AWS SES. Prior to 0.7.0, a Server-Side Request Forgery SSRF vulnerability existed in the SNS webhook handler. An unauthenticated attacker could send a crafted request that caused the server to make an arbitrary outbound HTTP GET request to an...

CVE-2025-52557

Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81...

CVE-2025-52557 Mail-0 Zero Session Hijacking Via Email

Mail-0's Zero is an open-source email solution. In version 0.8 it's possible for an attacker to craft an email that executes javascript leading to session hijacking due to improper sanitization. This issue has been patched in version 0.81...

Roundcube Webmail Deserialization Vulnerability

RoundCube Webmail is a browser-based open source multi-language IMAP client , using PHP + Ajax development , to provide a desktop application-like interface and complete mail management features . Roundcube Webmail has a deserialization vulnerability , the vulnerability stems from the...

CVE-2022-24732

Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing...

Pine 4.x - Empty MIME Boundary Denial of Service

source: https://www.securityfocus.com/bid/5301/info Pine is an open source mail user agent distributed by the University of Washington. It is freely available for Unix, Linux, and Microsoft Operating Systems. When a mail is received by pine that contains MIME content, and the value of the MIME...