PT-2026-45046

The current upstream main branch at commit 7e0206d was reviewed, and the fix-first patch set was rebased on 2026-05-18. The patches cover: validated and bound inactive-agent hour filtering; storage SQL identifier validation; metadata-backed ownership checks for raw storage SQL; blocking direct...

CVE-2025-13052

When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle MITM attack, which may obtain the sensitive...

new packages: perl-Mail-Sender

An update is available for perl-Mail-Sender. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

Cross-site Scripting (XSS) - Stored in bigprof-software/online-rental-property-manager

✍️ Description Stored XSS in setting up mail sender's name sue to improper sanitization of user input. 🕵️‍♂️ Proof of Concept Steps to reproduce: 1. Go to http://192.168.43.130:8081/app/admin/pageSettings.php?search-settings=smtp 2. Enter payload " 3. Now visit...

Multiple File Attachments Mail Form Pro 2.0 - Arbitrary File Upload

Exploit Title: Multiple File Attachments Mail Form Pro v2 - WebShell upload Date: 16/02/2010 Author: EgoPL Mail: [email protected] Software Link: http://activeden.net/item/multiple-file-attachments-mail-form-prov2/31262 17$ but It's now on a lot of file hosts companys like rapishare etc Version: P...