CVE-2026-40460 affecting package nginx for versions less than 1.28.3-2

CVE-2026-40460 affecting package nginx for versions less than 1.28.3-2. A patched version of the package is available...

CVE-2026-40701 affecting package nginx for versions less than 1.28.3-2

CVE-2026-40701 affecting package nginx for versions less than 1.28.3-2. A patched version of the package is available...

CLEANSTART-2026-AS59691 Security fixes for CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-31837, CVE-2026-31838, ghsa-9h8m-3fm2-qjrq applied in versions: 1.28.3-r0

Multiple security vulnerabilities affect the istio package. These issues are resolved in later releases. See references for individual vulnerability details...

SUSE CVE-2026-23829

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

EUVD-2026-3296

Mailpit has a Server-Side Request Forgery SSRF via HTML Check API...

EUVD-2026-3297

Mailpit has an SMTP Header Injection via Regex Bypass...

CVE-2026-23829

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the inlineRemoteCSS function during the HTML email analysis process. An attacker can cause the server to make arbitrary HTTP requests to external resources by supplying crafted HTML emails containing...

CVE-2026-23845

Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...

CVE-2026-23845 Mailpit Vulnerable to Server-Side Request Forgery (SSRF) via HTML Check API

Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...

CVE-2026-23845

Mailpit is an email testing tool and API for developers. Versions prior to 1.28.3 are vulnerable to Server-Side Request Forgery SSRF via HTML Check CSS Download. The HTML Check feature /api/v1/message/ID/html-check is designed to analyze HTML emails for compatibility. During this process, the...

CVE-2026-23845

Mailpit (github.com/axllent/mailpit) is affected by SSRF via the HTML Check API. The HTMLCheck flow processes HTML emails by inlining external CSS files through inlineRemoteCSS(), which fetches URLs found in tags. Root cause: insufficient URL validation and unrestricted external fetching in isUR...

CVE-2026-23829

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

PT-2026-3488

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.28.3 Description Mailpit, an email testing tool and API for developers, contains a Server-Side Request Forgery SSRF issue. This flaw is related to the HTML Check CSS Download functionality, specifically within the...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via insufficient validation of FROM and TO parameters. An attacker can inject arbitrary SMTP headers or corrupt existing ones by including carriage return characters in email addresses. Remediation Upgrade...

CVE-2026-23829 Mailpit has SMTP Header Injection via Regex Bypass

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

CVE-2026-23829 Mailpit has SMTP Header Injection via Regex Bypass

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

CVE-2026-23829

Mailpit is an email testing tool and API for developers. Prior to version 1.28.3, Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can inject arbitrary SMTP headers or corrupt existing...

PT-2026-3406

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.28 Description Mailpit, an email testing tool and API for developers, has a header injection issue in its SMTP server. This is due to a flawed regular expression used to validate RCPT TO and MAIL FROM addresses,...

Linux Distros Unpatched Vulnerability : CVE-2022-30973

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by...