CVE-2026-9256 affecting package nginx for versions less than 1.28.3-4

CVE-2026-9256 affecting package nginx for versions less than 1.28.3-4. A patched version of the package is available...

EUVD-2026-32930

CloudNativePG is a platform designed to manage PostgreSQL databases within Kubernetes environments. Prior to 1.29.1 and 1.28.3, the CloudNativePG metrics exporter opens its PostgreSQL connection as the postgres superuser via the pod-local Unix socket, then demotes the session with SET ROLE...

CVE-2026-8711 affecting package nginx for versions less than 1.28.3-3

CVE-2026-8711 affecting package nginx for versions less than 1.28.3-3. A patched version of the package is available...

CVE-2026-40460 affecting package nginx for versions less than 1.28.3-2

CVE-2026-40460 affecting package nginx for versions less than 1.28.3-2. A patched version of the package is available...

CVE-2026-40701 affecting package nginx for versions less than 1.28.3-2

CVE-2026-40701 affecting package nginx for versions less than 1.28.3-2. A patched version of the package is available...

CVE-2026-42946 affecting package nginx for versions less than 1.28.3-2

CVE-2026-42946 affecting package nginx for versions less than 1.28.3-2. A patched version of the package is available...

CVE-2026-32647 affecting package nginx for versions less than 1.28.3-1

CVE-2026-32647 affecting package nginx for versions less than 1.28.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-28755 affecting package nginx for versions less than 1.28.3-1

CVE-2026-28755 affecting package nginx for versions less than 1.28.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-28753 affecting package nginx for versions less than 1.28.3-1

CVE-2026-28753 affecting package nginx for versions less than 1.28.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-27784 affecting package nginx for versions less than 1.28.3-1

CVE-2026-27784 affecting package nginx for versions less than 1.28.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-27651 affecting package nginx for versions less than 1.28.3-1

CVE-2026-27651 affecting package nginx for versions less than 1.28.3-1. An upgraded version of the package is available that resolves this issue...

CVE-2026-27654 affecting package nginx for versions less than 1.28.3-1

CVE-2026-27654 affecting package nginx for versions less than 1.28.3-1. An upgraded version of the package is available that resolves this issue...

CLEANSTART-2026-UD61879 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, ghsa-9h8m-3fm2-qjrq, ghsa-jv3w-x3r3-g6rm applied in versions: 1.28.1-r0, 1.28.1-r1, 1.28.3-r0, 1.28.4-r0

Multiple security vulnerabilities affect the istio-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-IY77127 Security fixes for CVE-2025-47913, CVE-2025-47914, CVE-2025-58181, CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, ghsa-9h8m-3fm2-qjrq, ghsa-jv3w-x3r3-g6rm applied in versions: 1.28.1-r0, 1.28.1-r1, 1.28.3-r0, 1.29.0-r0

Multiple security vulnerabilities affect the istio-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-AS59691 Security fixes for CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-31837, CVE-2026-31838, ghsa-9h8m-3fm2-qjrq applied in versions: 1.28.3-r0

Multiple security vulnerabilities affect the istio package. These issues are resolved in later releases. See references for individual vulnerability details...

Mailpit < 1.28.2 - SMTP CRLF Injection

Mailpit 1.28 contains a header injection caused by insufficient regex validation of RCPT TO and MAIL FROM addresses in the SMTP server, letting attackers inject arbitrary SMTP headers, exploit requires crafted email addresses id: CVE-2026-23829 info: name: Mailpit 1.28.2 - SMTP CRLF Injection...

SUSE CVE-2026-23829

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

EUVD-2026-3296

Mailpit has a Server-Side Request Forgery SSRF via HTML Check API...

EUVD-2026-3297

Mailpit has an SMTP Header Injection via Regex Bypass...

CVE-2026-23829

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...