📦 Mailpit

Mailpit versions before 1.29.2 contain a Server-Side Request Forgery (SSRF) vulnerability in the Link Check API that allows attackers to make the server send HTTP HEAD requests to arbitrary URLs, incl...

Mailpit versions before 1.28.3 are vulnerable to Server-Side Request Forgery (SSRF) through the HTML Check feature. When analyzing HTML emails, the system automatically downloads CSS files from extern...

Mailpit versions before 1.28.2 have a Cross-Site WebSocket Hijacking vulnerability due to missing Origin header validation. This allows malicious websites to connect to a developer's local Mailpit ins...

Mailpit versions 1.28.0 and below have a Server-Side Request Forgery (SSRF) vulnerability in the /proxy endpoint that allows attackers to make HTTP GET requests to internal network resources. Attacker...