AgenticMail API/storage and outbound relay hardening fixes

The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...

Stochastic Analysis of Cybersecurity Defense Strategies under Single Attack Scenario

This research presents a novel stochastic framework for proactive cybersecurity defense timing under a single attack scenario. The approach models the defense process as a continuous observation mechanism in which the defense instant and the subsequent observation slot follow independent...

CVE-2026-45090

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

CVE-2026-45090

Dalfox (CVE-2026-45090) suffers a channel lifecycle bug in ParameterAnalysis.go: two sequential worker stages share a single results channel, which is closed after the first stage and then reused by the second stage for POST-body parameters. When a parameter is reflected, the second-stage writer ...

CVE-2026-45090

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

EUVD-2026-32613

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

CVE-2026-45090 Dalfox: Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode)

Dalfox is a powerful open-source XSS scanner and utility focused on automation. Prior to 2.13.0, ParameterAnalysis in pkg/scanning/parameterAnalysis.go runs two sequential worker stages that both write to the same results channel. The channel is correctly closed after the first stage completes...

dalfox 安全漏洞

Dalfox is an automated cross-site script scanning tool developed by HAHWUL. Versions of Dalfox prior to 2.13.0 contained security vulnerabilities. These vulnerabilities stemmed from two stages in ParameterAnalysis where the same closed results channel was written to, potentially causing a panic...

Linux Distros Unpatched Vulnerability : CVE-2026-46065

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fbdev: defio: Disconnect deferred I/O from the lifetime of struct fbinfo Hold state of deferred I/O in struct fbdeferrediostate. Allocate an instance as part of...

GO-2026-4999 Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterAnalysis` (server mode) in github.com/hahwul/dalfox

Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in ParameterAnalysis server mode in github.com/hahwul/dalfox...

PT-2026-42382

Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in ParameterAnalysis server mode in github.com/hahwul/dalfox...

Linux Distros Unpatched Vulnerability : CVE-2026-42577

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP...

DEBIAN-CVE-2026-42577

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

CVE-2026-42577

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

CVE-2026-42577

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

CVE-2026-42577 Netty: epoll transport denial of service via RST on half-closed TCP connection

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

CVE-2026-42577

Technical details are not publicly available in the provided documents; monitor for updates.

CVE-2026-42577 Netty: epoll transport denial of service via RST on half-closed TCP connection

Netty is an asynchronous, event-driven network application framework. From 4.2.0.Final to 4.2.13.Final , Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are never cleaned up and, in some code paths, a 100...

EUVD-2026-29954

The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the pminviteuser function in all versions up to, and including, 5.9.8.4. This makes it possible for authenticated attackers, with Subscriber-level...

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework developed by the Netty community. It is primarily used for developing Java network applications, such as protocol servers and clients. Versions of Netty from 4.2.0.Final to 4.2.13.Final contain security vulnerabilities. These vulnerabilities ste...