CVE-2026-10808

The CVE-2026-10808 entry concerns itsourcecode Fees Management System 1.0. A SQL injection vulnerability exists in the /manage_student.php script, triggered by manipulating the ID parameter. This affects an unknown function within that file. The issue allows remote exploitation, and a public expl...

May Linux Patch Wednesday

May Linux Patch Wednesday. A total of 1,638 vulnerabilities 474 in the Linux kernel. For comparison, in April there were 1,035 vulnerabilities a record!. And this time it turns out to be a record again, more than one and a half times higher! The acceleration is both impressive and alarming. But w...

About Remote Code Execution - Apache ActiveMQ (CVE-2026-34197) vulnerability

About Remote Code Execution - Apache ActiveMQ CVE-2026-34197 vulnerability. Apache ActiveMQ is a popular open-source message broker written in Java. Its main purpose is to send messages between different services, systems, and microservices without a direct connection between them. This...

KLA91048 SUI vulnerability in Microsoft Products (ESU)

A spoofing vulnerability was found in Microsoft Microsoft Products Extended Security Update. Malicious users can exploit this vulnerability to perform cross-site scripting attack, spoof user interface. Original advisories CVE-2026-42897 Exploitation Public exploits exist for this vulnerability...

SUSE CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

PT-2026-40025

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.4-1.1 Description An attacker positioned between Dovecot and the client connection can use a specially crafted base64 exchange to fake SCRAM TLS channel binding. This allows the attacker to act as a MITM...

exploitdb

The Exploit Database Git Repository This is an official repos...

April "In the Trend of VM" (#26): one Microsoft SharePoint vulnerability

April "In the Trend of VM" 26: one Microsoft SharePoint vulnerability. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. Once again, it is single-vendor, Microsoft-related, and this time it could not be more compact. While the previous Marc...

KLA91018 Memory handling vulnerability in Linux Kernel

Memory handling vulnerability was found in Linux Kernel. Malicious users can exploit this vulnerability to obtain sensitive information, cause denial of service, gain root privileges. Original advisories Information about the Copy Fail vulnerability Linux CVE announce – CVE-2026-31431 Exploitatio...

KLA90977 ACE vulnerability in Adobe Acrobat Reader

A remote code execution vulnerability was found in Adobe Acrobat Reader. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories APSB26-43 Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such malware i...

KLA90972 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Incorrect boundary conditions vulnerability in the Graphics can be exploited to cause denia...

KLA90970 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Incorrect boundary conditions vulnerability in the Graphics can be exploited to cause...

March Linux Patch Wednesday

MarchLinux Patch Wednesday. In March, Linux vendors began addressing 575 vulnerabilities, which is 57 fewer than in February. Of these, 93 are in the Linux Kernel ⬇️ a significant decrease - there were 305 in February. There are two vulnerabilities with signs of in-the-wild exploitation: 🔻 RCE -...

Linux Distros Unpatched Vulnerability : CVE-2025-59032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it...

EUVD-2026-16573

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

EUVD-2026-16561

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

CVE-2026-27858

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No public...

CVE-2026-27859

The CVE-2026-27859 issue concerns LMTP processing of mail messages with excessive RFC 2231 MIME parameters, which can cause unusually high CPU usage in the mail delivery process. Affected systems are those that rely on LMTP for mail transfer; the underlying cause is the handling/parsing of RFC 22...

CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

CVE-2025-55277 HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability

HCL Aftermarket DPC is affected by Use of Vulnerable/Outdated Versions vulnerability using which an attacker may make use of the exploits available across the internet and craft attacks against the application...