VYPR

Pony Mail

by Apache

CVEs (4)

  • CVE-2026-41873CriApr 28, 2026
    risk 0.64cvss 9.8epss 0.00

    ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python…

  • CVE-2016-4460CriAug 22, 2017
    risk 0.64cvss 9.8epss 0.06

    Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.

  • CVE-2017-5658MedOct 4, 2018
    risk 0.35cvss 5.3epss 0.02

    The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without…

  • CVE-2019-0218Apr 22, 2019
    risk 0.00cvss epss 0.05

    A vulnerability was discovered wherein a specially crafted URL could enable reflected XSS via JavaScript in the pony mail interface.