EUVD-2026-3296

Mailpit has a Server-Side Request Forgery SSRF via HTML Check API...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the inlineRemoteCSS function during the HTML email analysis process. An attacker can cause the server to make arbitrary HTTP requests to external resources by supplying crafted HTML emails containing...

CVE-2026-23845

Mailpit (github.com/axllent/mailpit) is affected by SSRF via the HTML Check API. The HTMLCheck flow processes HTML emails by inlining external CSS files through inlineRemoteCSS(), which fetches URLs found in tags. Root cause: insufficient URL validation and unrestricted external fetching in isUR...

uchome 2.0 存在持久XSS漏洞

看源码分析的，出错位置较敏感，而且基本没有利用限制，个人主页自定义风格时，可@import外部css文件 uchome 2.0 临时解决方法： implode应该是import的笔误 /expression|vbscript|javascript|import/i 以下在uchome 简体utf-8 2.0测试IE6,IE7,IE8通过. @import urlhttp://xxx.com/1.css; 包含远程css文件，可以在1.css中写入XSS利用. 分析代码 cptheme.php 92行17行调用 function checksecurity$str...

firefox/thunderbird/seamonkey: browser chrome defacement via cached XUL stylesheets (MFSA 2010-14)

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to...