PT-2026-28365

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3 Description Sending a "NOOP ..." command with a large number of parentheses e.g., 4000 open and close can lead to excessive memory consumption, approximately 1MB per command. Prolonged use of this technique, by...

PT-2026-6659

Name of the Vulnerable Software and Affected Versions time versions 0.3.6 through 0.3.46 rust-keylime versions prior to 0.2.8+116 python-uv-build versions prior to 0.10.2 SCCache versions prior to 0.13.0 Description The time crate provides date and time handling in Rust. Versions 0.3.6 through...

PT-2026-28367

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.3-1.1 Description A mail message with a large number of RFC 2231 MIME parameters can cause excessive CPU usage in LMTP. A specially crafted message can lead to significant CPU time consumption during mail delivery...

CVE-2025-49028

Cross-Site Request Forgery CSRF vulnerability in Zoho Mail Zoho ZeptoMail transmail allows Stored XSS.This issue affects Zoho ZeptoMail: from n/a through = 3.3.1...

Exploit for CVE-2025-52691

CVE-2025-52691 PoC: SmarterMail Arbitrary File Upload RCE APT...

CVE-2025-52691

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution...

CVE-2025-52691

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution...

CVE-2025-52691

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution...

CVE-2025-52691 Upload Arbitrary Files

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution...

CVE-2025-52691

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution...

CVE-2025-52691 Upload Arbitrary Files

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution...

EUVD-2025-205544

Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution...

CVE-2025-52691

CVE-2025-52691 affects SmarterTools SmarterMail. It is an unauthenticated arbitrary file-upload vulnerability that can lead to remote code execution by placing a malicious ASPX in the webroot. Affected builds: SmarterMail 9406 and earlier; patched in 9413+ (and 9483+ recommended). Public PoCs and...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: python3 (UTSA-2025-992144)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992144 advisory. During an address list folding when a separating comma ends up on a folded line and that line is to be unicode-encoded then the separator itself is also...

Fedora 43 : roundcubemail (2025-58eb59741f)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-58eb59741f advisory. Release 1.6.12 - Support IPv6 in database DSN 9937 - Don't force specific errorreporting setting - Fix compatibility with PHP 8.5 regarding arrayfir...

Fedora 42 : roundcubemail (2025-fec36f9eaf)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-fec36f9eaf advisory. Release 1.6.12 - Support IPv6 in database DSN 9937 - Don't force specific errorreporting setting - Fix compatibility with PHP 8.5 regarding arrayfir...

Fedora: Security Advisory (FEDORA-2025-fec36f9eaf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0332 Updated roundcubemail packages fix security vulnerabilities

Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike. Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev...

Updated roundcubemail packages fix security vulnerabilities

Fix Cross-Site-Scripting vulnerability via SVG's animate tag reported by Valentin T., CrowdStrike. Fix Information Disclosure vulnerability in the HTML style sanitizer reported by somerandomdev...

EUVD-2025-204591

Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature...