CVE-2019-7214 — CVSS 9.8 (critical): SmarterTools SmarterMail 16.x before build 6985 allows deserialization of untrusted data. An unauthenticated attacker could run commands on…
CVE-2019-7212 — CVSS 8.2 (high): SmarterTools SmarterMail 16.x before build 6985 has hardcoded secret keys. An unauthenticated attacker could access other users’ emails…
CVE-2026-7807 — CVSS 8.1 (high): SmarterTools SmarterMail builds prior to 9560 contain a local file inclusion vulnerability in the /api/v1/report/summary/{type} API…
CVE-2020-29548 — CVSS 8.1 (high): An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attackers can pipeline commands after a POP3…
CVE-2004-2583 — CVSS 7.8 (high): SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a…
CVE-2019-7213 — CVSS 6.5 (medium): SmarterTools SmarterMail 16.x before build 6985 allows directory traversal. An authenticated user could delete arbitrary files or could…
CVE-2015-9276 — CVSS 6.1 (medium): SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run…
CVE-2019-7211 — CVSS 6.1 (medium): SmarterTools SmarterMail 16.x before build 6995 has stored XSS. JavaScript code could be executed on the application by opening a malicious…
CVE-2026-40514 — CVSS 5.9 (medium): SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC…
CVE-2021-40377 — CVSS 5.4 (medium): SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to…
CVE-2023-48116 — CVSS 5.4 (medium): SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS via a crafted description of a Calendar appointment.
CVE-2023-48114 — CVSS 5.4 (medium): SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored XSS by using image/svg+xml and an uploaded SVG document. This occurs…
CVE-2023-48115 — CVSS 5.4 (medium): SmarterTools SmarterMail 8495 through 8664 before 8747 allows stored DOM XSS because an XSS protection mechanism is skipped when…
CVE-2026-25067 — CVSS 5.3 (medium): SmarterTools SmarterMail versions prior to build 9518 contain an unauthenticated path coercion vulnerability in the background-of-the-day…
CVE-2004-2587 — CVSS 5.0 (medium): login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername…
CVE-2004-2586 — CVSS 5.0 (medium): Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to…
CVE-2010-3486 — CVSS 5.0 (medium): Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a…
CVE-2008-1854 — CVSS 5.0 (medium): Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of…
CVE-2004-2585 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to…
CVE-2012-2578 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 allow remote attackers to inject arbitrary web script or HTML via an…
CVE-2004-2584 — CVSS 4.0 (medium): frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail…