Lucene search
K

1908 matches found

The Hacker News
The Hacker News
added 2026/05/18 1:50 p.m.19 views

⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and More

Monday opens with a trust problem. A mail server flaw is under active use. A network control system was targeted. Trusted packages were poisoned. A fake model page pushed a stealer. Then came the familiar ransom claim: the data was returned and deleted. The pattern is clear. One weak dependency c...

8.1CVSS6.5AI score0.0564EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/05/15 12:0 a.m.19 views

PT-2026-41303

An issue in Nodemailer smtp server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream. write, lib/smtp-stream.js components...

7.5CVSS5.8AI score0.00572EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/15 12:0 a.m.8 views

CVE-2026-38728

An issue in Nodemailer smtpserver before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream.write, lib/smtp-stream.js components...

5.8AI score0.00572EPSS
Exploits0References3
CVE
CVE
added 2026/05/15 12:0 a.m.18 views

CVE-2026-38728

The vulnerability CVE-2026-38728 affects Nodemailer smtp_server prior to version 3.18.3. The issue is triggered in the SMTPStream._write implementation (lib/smtp-stream.js), allowing a remote attacker to cause a denial of service. Impact is a DoS on the SMTP server component mentioned. The root c...

7.5CVSS5.8AI score0.00572EPSS
Exploits0References3
NVD
NVD
added 2026/05/13 7:17 p.m.15 views

CVE-2026-41132

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...

8.7CVSS0.00194EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 6:53 p.m.7 views

CVE-2026-41132

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, the configured SMTP server may be spoofed with any certificate e.g. self-signed, leaving credentials and all emails sent open to MITM attacks. This vulnerability is fixed in...

8.7CVSS5.8AI score0.00194EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/13 6:53 p.m.24 views

CVE-2026-41132

CVE-2026-41132 affects CKAN prior to versions 2.10.10 and 2.11.5, where the SMTP connection lacks certificate validation. This allows a MITM attacker to spoof the SMTP server and potentially access credentials and email contents. The issue is mitigated by upgrading CKAN to 2.10.10 or 2.11.5 (or n...

8.7CVSS5.8AI score0.00194EPSS
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2026/05/13 12:0 a.m.4 views

The vulnerability of the ungetc() function in the BDAT/CHUNKING component of the email server Exim, which allows a hacker to execute arbitrary code.

The vulnerability of the ungetc function in the BDAT/CHUNKING component of the email server Exim relates to the use of memory after it is freed. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

10CVSS7.8AI score0.01225EPSS
Exploits2References5Affected Software2
Circl
Circl
added 2026/05/12 2:44 p.m.18 views

CVE-2026-45185

creationtimestamp| type| source ---|---|--- 2026-05-12 14:44:00+00:00| seen| https://thehackernews.com/2026/05/new-exim-bdat-vulnerability-exposes.html 2026-05-12 18:00:04+00:00| seen| https://t.me/GithubRedTeam/83976 2026-05-12 23:00:14+00:00| seen|...

9.8CVSS6AI score0.01225EPSS
Exploits2References38
Veracode
Veracode
added 2026/05/09 5:37 a.m.9 views

Improper Certificate Validation

CKAN is vulnerable to Improper Certificate Validation. The vulnerability is due to insufficient validation of SMTP server certificates, allowing attackers to spoof the configured mail server using invalid or self-signed certificates and enabling man-in-the-middle attacks against email traffic and...

8.7CVSS5.8AI score0.00194EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/05/07 9:48 a.m.9 views

CLSA-2026-1778147239 exim: Fix of CVE-2026-40685

CVE-2026-40685: fix OOB heap write in dewrap during JSON expansion...

9.8CVSS6AI score0.00321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/05 3:9 p.m.8 views

CVE-2026-40684

A flaw was found in Exim, specifically on systems utilizing musl libc. A remote attacker can exploit this vulnerability by providing malformed DNS data within PTR records. This can lead to the mail transfer agent MTA connection instance crashing, resulting in a Denial of Service DoS for affected...

7.5CVSS6AI score0.00362EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/30 12:0 a.m.9 views

Apache Airflow 信任管理问题漏洞

Apache Airflow is an open-source platform developed by the Apache Foundation in the United States. It allows for the creation, management, and monitoring of workflows. This platform features scalability and dynamic monitoring capabilities. However, Apache Airflow has a trust management...

5.9CVSS5.8AI score0.00268EPSS
Exploits0References1
CVE
CVE
added 2026/04/30 12:0 a.m.21 views

CVE-2026-40684

In Exim before 4.99.2, on systems using musl libc (not glibc), a vulnerability can crash the connection instance when malformed DNS PTR data is present. The issue arises from a dn_expand octal printing oddity in the handling of PTR records, as described in multiple sources. Affected software/comp...

7.5CVSS5.2AI score0.00362EPSS
Exploits0References5Affected Software1
RedhatCVE
RedhatCVE
added 2026/04/23 7:58 p.m.7 views

CVE-2026-6235

The Sendmachine for WordPress plugin for WordPress is vulnerable to authorization bypass via the 'manageadminrequests' function in all versions up to, and including, 1.0.20. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

9.8CVSS5.6AI score0.00578EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/23 6:55 p.m.3 views

CVE-2026-41259

Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and performs basic validation on e-mail addresses, but fails to restrict characters that are interpreted...

8.2CVSS5.8AI score0.00213EPSS
Exploits0References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.9 views

AVTECH Room Alert Cleartext Transmission of Sensitive Information (CVE-2024-33471)

An individual with administrative access can change the mail server host within the device. An attacker who has obtained administrative access can update the mail server to an attacker controller IP. When the device attempts to authenticate to the mail server, it will pass the previously configur...

7.2CVSS5.8AI score0.00288EPSS
Exploits0References2
NVD
NVD
added 2026/04/16 12:16 a.m.9 views

CVE-2026-40193

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...

8.2CVSS0.00419EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/04/15 11:15 p.m.8 views

CVE-2026-40193

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...

8.2CVSS5.9AI score0.00419EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/04/15 11:15 p.m.32 views

CVE-2026-40193 Maddy Mail Server: LDAP Filter Injection via Unsanitized Username

maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search filters and DN strings via strings.ReplaceAll without any LDAP filter escaping, despite the...

8.2CVSS0.00419EPSS
Exploits1References3
Rows per page
Query Builder