Every CVE whose affected-product data names Postalserver Postal, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-25529 — CVSS 8.1 (high): Postal is an open source SMTP server. Postal versions less than 3.3.5 had a HTML injection vulnerability that allowed unescaped data to be…
CVE-2024-27938 — CVSS 5.3 (medium): Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming…