OPENSUSE-SU-2026:20784-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server bsc1257675. - CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. - CVE-2026-27784: NGINX worker memor...

SUSE-SU-2026:1761-1 Security update for nginx

This update for nginx fixes the following issues: - CVE-2026-1642: plain text data injection into the response from an upstream proxied server via MITM attack bsc1257675. - CVE-2026-27654: buffer overflow in the NGINX worker process via the ngxhttpdavmodule module bsc1260416. - CVE-2026-27784:...

MiracleLinux 8 : dotnet9.0-9.0.116-1.el8_10 (AXSA:2026-500:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2026-500:08 advisory. dotnet: .NET: Security Bypass and Denial of Service Vulnerability CVE-2026-26171 dotnet: .NET: Denial of Service via stack overflow CVE-2026-32203...

CVE-2026-39971 Serendipity: Host Header Injection leads to SMTP header injection via unvalidated HTTP_HOST

Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without validation, and the existing sanitization function serendipityisResponseClean is not...

EUVD-2026-22811

Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTPHOST in Message-ID email header...

GHSA-458G-Q4FH-MJ6R Serendipity has a Host Header Injection allows SMTP header injection via unvalidated HTTP_HOST in Message-ID email header

Summary Serendipity inserts $SERVER'HTTPHOST' directly into the Message-ID SMTP header without any validation beyond CRLF stripping. An attacker who can control the Host header during an email-triggering action can inject arbitrary SMTP headers into outgoing emails, enabling spam relay, BCC...

ROS-20260406-73-0001

A vulnerability in the ngxmailsmtp response header handler of NGINX Plus and NGINX Open Source web servers is related to a violation of the initial buffer boundary. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...

Linux Distros Unpatched Vulnerability : CVE-2026-28753

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allo...

EUVD-2026-14885

NGINX Plus and NGINX Open Source have a vulnerability in the ngxmailsmtpmodule module due to the improper handling of CRLF sequences in DNS responses. This allows an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, leading to potential request manipulation...

CVE-2026-28753

CVE-2026-28753 affects NGINX Plus and NGINX Open Source through the ngx_mail_smtp_module. The vulnerability arises from improper handling of CRLF sequences in DNS responses, which could allow an attacker-controlled DNS server to inject arbitrary headers into SMTP upstream requests, enabling poten...

Microsoft Exchange InterceptorSmtpAgent Improper Input Validation Security Feature Bypass Vulnerability

This vulnerability allows remote attackers to bypass a security feature on affected installations of Microsoft Exchange. Authentication is not required to exploit this vulnerability. The specific flaw exists within the InterceptorSmtpAgent class. The issue results from the improper parsing of SMT...

ROS-20260224-73-0003

A vulnerability in the ngxmailsmtp response header handler of NGINX Plus and NGINX Open Source web servers is related to a violation of the initial buffer boundary. Exploitation of the vulnerability could allow an attacker acting remotely to gain read access to the data...

GO-2026-4333 Mailpit has an SMTP Header Injection via Regex Bypass in github.com/axllent/mailpit

Mailpit has an SMTP Header Injection via Regex Bypass in github.com/axllent/mailpit...

PT-2026-6508

Mailpit has an SMTP Header Injection via Regex Bypass in github.com/axllent/mailpit...

GHSA-54WQ-72MP-CQ7C Mailpit has an SMTP Header Injection via Regex Bypass

Vulnerability Report: SMTP Header Injection via Regex Bypass Vulnerable Code: mailpit/internal/smtpd/smtpd.go Executive Summary Mailpit's SMTP server is vulnerable to Header Injection due to an insufficient Regular Expression used to validate RCPT TO and MAIL FROM addresses. An attacker can injec...

CRLF Injection

Overview Affected versions of this package are vulnerable to CRLF Injection via insufficient validation of FROM and TO parameters. An attacker can inject arbitrary SMTP headers or corrupt existing ones by including carriage return characters in email addresses. Remediation Upgrade...

CVE-2026-23829

CVE-2026-23829 — Mailpit SMTP header injection via regex bypass. Mailpit’s SMTP server (prior to v1.28.3) fails to properly filter control characters in RCPT TO/MAIL FROM addresses due to a regex with an incomplete character class, allowing CR/LF bypass and header injection. The flaw stems from G...

PT-2026-3406

Name of the Vulnerable Software and Affected Versions Mailpit versions prior to 1.28 Description Mailpit, an email testing tool and API for developers, has a header injection issue in its SMTP server. This is due to a flawed regular expression used to validate RCPT TO and MAIL FROM addresses,...

EUVD-2000-1226

Malware in sbrugna...

EUVD-2022-4710

Malicious code in bioql PyPI...