FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-02-26 13:33:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fe6209a3-126c-11f1-8a62-0897988a1c07	mail/mailpit -- Server-Side Request Forgery (SSRF) via Link Check API Mailpit author reports: The Link Check API (/api/v1/message/{ID}/link-check) is vulnerable to Server-Side Request Forgery (SSRF). The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and status text per link, making this a non-blind SSRF. In the default configuration (no authentication on SMTP or API), this is fully exploitable remotely with zero user interaction. Discovery 2026-02-25 Entry 2026-02-25 mailpit < 1.29.2 CVE-2026-27808 https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3

VuXML ID

Description

fe6209a3-126c-11f1-8a62-0897988a1c07

mail/mailpit -- Server-Side Request Forgery (SSRF) via Link Check API

Mailpit author reports:

The Link Check API (/api/v1/message/{ID}/link-check) is vulnerable to Server-Side Request Forgery (SSRF). The server performs HTTP HEAD requests to every URL found in an email without validating target hosts or filtering private/internal IP addresses. The response returns status codes and status text per link, making this a non-blind SSRF. In the default configuration (no authentication on SMTP or API), this is fully exploitable remotely with zero user interaction.

Discovery 2026-02-25
Entry 2026-02-25
mailpit

< 1.29.2

CVE-2026-27808
https://github.com/axllent/mailpit/security/advisories/GHSA-mpf7-p9x7-96r3