FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-03-03 16:31:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d822839e-ee4f-11f0-b53e-0897988a1c07	mail/mailpit -- Cross-Site WebSocket Hijacking Mailpit author reports: The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking (CSWSH) vulnerability. An attacker can host a malicious website that, when visited by a developer running Mailpit locally, establishes a WebSocket connection to the victim's Mailpit instance (default ws://localhost:8025). This allows the attacker to intercept sensitive data such as email contents, headers, and server statistics in real-time. Discovery 2026-01-10 Entry 2026-01-10 mailpit < 1.28.2 CVE-2026-22689 https://github.com/axllent/mailpit/security/advisories/GHSA-524m-q5m7-79mm

VuXML ID

Description

d822839e-ee4f-11f0-b53e-0897988a1c07

mail/mailpit -- Cross-Site WebSocket Hijacking

Mailpit author reports:

The Mailpit WebSocket server is configured to accept connections from any origin. This lack of Origin header validation introduces a Cross-Site WebSocket Hijacking (CSWSH) vulnerability.

An attacker can host a malicious website that, when visited by a developer running Mailpit locally, establishes a WebSocket connection to the victim's Mailpit instance (default ws://localhost:8025). This allows the attacker to intercept sensitive data such as email contents, headers, and server statistics in real-time.

Discovery 2026-01-10
Entry 2026-01-10
mailpit

< 1.28.2

CVE-2026-22689
https://github.com/axllent/mailpit/security/advisories/GHSA-524m-q5m7-79mm