SUSE CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

SUSE CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

EUVD-2026-16573

If authusernamechars is empty, it is possible to inject arbitrary LDAP filter to Dovecot's LDAP authentication. This leads to potentially bypassing restrictions and allows probing of LDAP structure. Do not clear out authusernamechars, or install fixed version. No publicly available exploits are...

CVE-2025-59028

CVE-2025-59028 affects Dovecot’s authentication path where invalid base64 SASL data can disconnect from the auth server, causing DoS of concurrent logins. Public advisories (openSUSE/SUSE openSUSE:20554-1, SLES16 SUSE-SU-2026:21208-1, Ubuntu USN-8136-1) indicate the issue in the dovecot24 package...

CVE-2025-59032

ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it unavailable for other users. Control access to ManageSieve port, or disable the service if it's not needed. Alternatively upgrade to a fixed...

CVE-2025-59025

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

PT-2025-48255

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

PT-2024-11007 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: Laravel versions 8.x Description: The issue is related to an Access Control problem. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited...

CVE-2023-26427

Default permissions for a properties file were too permissive. Local system users could read potentially sensitive information. We updated the default permissions for noreply.properties set during package installation. No publicly available exploits are known...

PT-2022-14399 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel versions affected versions not specified Description: The issue concerns the Android kernel. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world...