| CVE-2026-45713 |
high |
— |
8.0 |
|
|
|
10d ago |
Mailpit: Unauthenticated remote memory-exhaustion DoS via unlimited SMTP DATA and /api/v1/send body sizes |
| CVE-2026-45712 |
medium |
— |
5.5 |
|
|
|
10d ago |
Mailpit: Concurrent map read & write in proxy CSS rewriter - remote unauth crash (fatal error: concurrent map read and map write) |
| CVE-2026-45711 |
medium |
— |
5.5 |
|
|
|
10d ago |
Mailpit: Path traversal & arbitrary file write in mailpit dump --http via attacker-controlled message IDs |
| CVE-2026-45709 |
medium |
— |
5.5 |
|
|
|
10d ago |
Mailpit has an incomplete fix for GHSA-6jxm: HTML check still permits SSRF to private/loopback/IMDS via missing IP-filter dialer |
| CVE-2026-27808 |
unknown |
— |
— |
|
|
|
3mo ago |
Mailpit is Vulnerable to Server-Side Request Forgery (SSRF) via Link Check API in github.com/axllent/mailpit |
| CVE-2026-23845 |
unknown |
— |
— |
|
|
|
4mo ago |
Mailpit has a Server-Side Request Forgery (SSRF) via HTML Check API in github.com/axllent/mailpit |
| CVE-2026-23829 |
unknown |
— |
— |
|
|
|
4mo ago |
Mailpit has an SMTP Header Injection via Regex Bypass in github.com/axllent/mailpit |
| CVE-2026-22689 |
unknown |
— |
— |
|
|
|
5mo ago |
Mailpit is vulnerable to Cross-Site WebSocket Hijacking (CSWSH) allowing unauthenticated access to emails in github.com/axllent/mailpit |
| CVE-2026-21859 |
unknown |
— |
— |
|
|
|
5mo ago |
Mailpit Proxy Endpoint has Server-Side Request Forgery (SSRF) vulnerability in github.com/axllent/mailpit |