Lucene search
K

12 matches found

CVE
CVE
added 2026/02/26 2:58 p.m.24 views

CVE-2026-26077

CVE-2026-26077 – Discourse webhook authentication bypass . Affects Discourse prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, where several webhook endpoints (SendGrid, Mailjet, Mandrill, Postmark, SparkPost) in the WebhooksController accepted requests without a valid authentication token whe...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/26 2:58 p.m.5 views

CVE-2026-26077 Discourse doesn't ensure webhooks require a token

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

6.5CVSS5.9AI score0.0024EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/26 2:58 p.m.21 views

CVE-2026-26077 Discourse doesn't ensure webhooks require a token

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

6.5CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/26 2:58 p.m.7 views

CVE-2026-26077

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/02/26 2:58 p.m.7 views

EUVD-2026-8854

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...

6.5CVSS5.3AI score0.0024EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/09/29 8:36 a.m.5 views

First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package

Cybersecurity researchers have discovered what has been described as the first-ever instance of a malicious Model Context Protocol MCP server spotted in the wild, raising software supply chain risks. According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/09/26 4:14 a.m.4 views

Malicious code in postmark-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b71142d16d8ed2a6e96b93be35b1378bad054d735c90ce0ab7b20979a8c40ba4 This package turned malicious in v1.0.16 and exfiltrates email data via BCC...

7AI score
Exploits0References1
OSV
OSV
added 2025/09/26 4:14 a.m.2 views

MAL-2025-47604 Malicious code in postmark-mcp (npm)

--- -= Per source details. Do not edit below this line.=- Source: google-open-source-security b71142d16d8ed2a6e96b93be35b1378bad054d735c90ce0ab7b20979a8c40ba4 This package turned malicious in v1.0.16 and exfiltrates email data via BCC...

7AI score
Exploits0References1
NVD
NVD
added 2024/11/23 8:15 a.m.38 views

CVE-2024-9511

The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it...

9.8CVSS0.01123EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/23 7:38 a.m.44 views

CVE-2024-9511 FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider <= 2.2.82 - Unauthenticated PHP Object Injection

The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it...

9.8CVSS0.01123EPSS
Exploits0References4
CVE
CVE
added 2024/11/23 7:38 a.m.78 views

CVE-2024-9511

CVE-2024-9511 affects FluentSMTP – WP SMTP Plugin (WordPress) up to version 2.2.82, with unauthenticated PHP Object Injection via deserialization in the formatResult function. Attackers could inject a PHP object if untrusted input is deserialized. Partial mitigation exists in 2.2.82, and PatchSta...

9.8CVSS9.7AI score0.01123EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/23 7:38 a.m.16 views

CVE-2024-9511 FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider <= 2.2.82 - Unauthenticated PHP Object Injection

The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it...

9.8CVSS7.4AI score0.01123EPSS
Exploits0References4
Rows per page
Query Builder