CVE-2026-15192
A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the com
CVSS
6.5
Medium
EPSS
0.6%
p43
KEV
—
Exploit Today
13
0-100
Published: Jul 9, 2026 · Last modified: Jul 9, 2026 · CWE-287 · CWE-306
0.6%EPSS · 30 days0.6%
2026-07-102026-07-17
A vulnerability has been found in mettle sendportal up to 3.0.1. This issue affects the function sendgrid/postmark/postal/mailjet of the component APIv1 Webhooks. The manipulation leads to missing authentication. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2025-32489.8 CRI100.0%
KEV—80Langflow Missing Authentication Vulnerability3dCVE-2024-116809.8 CRI99.8%
KEV—80ProjectSend Improper Authentication Vulnerability3dCVE-2026-561645.3 MED92.0%
KEV—78Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability3dCVE-2026-468179.8 CRI60.3%
KEV—68Oracle E-Business Suite Improper Privilege Management Vulnerability2dCVE-2023-278239.8 CRI98.9%
——30An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.9dCVE-2022-245629.8 CRI98.9%
——30In IOBit IOTransfer 4.3.1.1561, an unauthenticated attacker can send GET and POST requests to Airserv and gain arbitrary read/write access to the entire file-system (with admin privileges) on the victim's endpoint, which can result in data theft and remote code execution.9d