Lucene search
K

34 matches found

Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.11 views

PT-2026-40025

Name of the Vulnerable Software and Affected Versions Dovecot versions prior to 2.4.4-1.1 Description An attacker positioned between Dovecot and the client connection can use a specially crafted base64 exchange to fake SCRAM TLS channel binding. This allows the attacker to act as a MITM...

6.8CVSS5.8AI score0.00338EPSS
Exploits0References30
Information Security Automation
Information Security Automation
added 2026/04/28 6:0 p.m.14 views

April "In the Trend of VM" (#26): one Microsoft SharePoint vulnerability

April "In the Trend of VM" 26: one Microsoft SharePoint vulnerability. Presenting the traditional monthly roundup of trending vulnerabilities according to Positive Technologies. Once again, it is single-vendor, Microsoft-related, and this time it could not be more compact. While the previous Marc...

9.8CVSS5.8AI score0.2943EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/03/28 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-59032

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ManageSieve AUTHENTICATE command crashes when using literal as SASL initial response. This can be used to crash ManageSieve service repeatedly, making it...

7.5CVSS5.4AI score0.00703EPSS
Exploits1References3
EUVD
EUVD
added 2026/03/27 9:31 a.m.7 views

EUVD-2026-16561

Dovecot SQL based authentication can be bypassed when authusernamechars is cleared by admin. This vulnerability allows bypassing authentication for any user and user enumeration. Do not clear authusernamechars. If this is not possible, install latest fixed version. No publicly available exploits...

7.7CVSS5.9AI score0.00395EPSS
Exploits0References2
NVD
NVD
added 2026/03/27 9:16 a.m.7 views

CVE-2026-27858

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No public...

7.5CVSS0.0079EPSS
Exploits0References18
CVE
CVE
added 2026/03/27 8:10 a.m.18 views

CVE-2026-27859

The CVE-2026-27859 issue concerns LMTP processing of mail messages with excessive RFC 2231 MIME parameters, which can cause unusually high CPU usage in the mail delivery process. Affected systems are those that rely on LMTP for mail transfer; the underlying cause is the handling/parsing of RFC 22...

5.3CVSS5.9AI score0.00374EPSS
Exploits1References1Affected Software2
Information Security Automation
Information Security Automation
added 2026/03/12 3:14 p.m.14 views

About Elevation of Privilege - Desktop Window Manager (CVE-2026-21519) vulnerability

About Elevation of Privilege - Desktop Window Manager CVE-2026-21519 vulnerability. The vulnerability is from the February Microsoft Patch Tuesday. Desktop Window Manager is a compositing window manager included in Windows starting with Windows Vista. A Type Confusion error CWE-843 in Desktop...

7.8CVSS6AI score0.0242EPSS
Exploits0
EUVD
EUVD
added 2025/11/27 12:30 p.m.7 views

EUVD-2025-199812

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

5.4CVSS6.7AI score0.00155EPSS
Exploits0References2
EUVD
EUVD
added 2025/11/27 12:30 p.m.5 views

EUVD-2025-199815

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

5.4CVSS6.7AI score0.00155EPSS
Exploits0References2
CVE
CVE
added 2025/11/27 9:23 a.m.26 views

CVE-2025-59025

Technical details about CVE-2025-59025 are not publicly available in the provided documents; monitor for updates from vendors and security portals.

6.1CVSS6.7AI score0.00168EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/11/27 9:23 a.m.11 views

CVE-2025-59025

Malicious e-mail content can be used to execute script code. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Sanitization has been updated to avoid such bypasses. No publicly available exploits are known...

6.1CVSS0.00168EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.7 views

PT-2025-48258

Malicious content uploaded as file can be used to execute script code when following attacker-controlled links. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No public...

5.4CVSS7.2AI score0.00155EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.8 views

PT-2025-48256

Malicious content at office documents can be used to inject script code when editing a document. Unintended actions can be executed in the context of the users account, including exfiltration of sensitive information. Please deploy the provided updates and patch releases. No publicly available...

5.4CVSS7AI score0.00155EPSS
Exploits0References2
Sick AG
Sick AG
added 2025/08/01 1:0 p.m.38 views

Vulnerabilities affecting SICK TDC-E210GC

SICK has identified multiple vulnerabilities in the SICK TDC-E210GC product. The advisory includes a total of 23 vulnerabilities, of which 14 are confirmed as affected and 9 as known not affected. At this time, SICK is not aware of any public exploits specifically targeting these vulnerabilities...

9.8CVSS9.6AI score0.99999EPSS
Exploits61
RedhatCVE
RedhatCVE
added 2025/05/23 8:44 a.m.5 views

CVE-2024-23189

Embedded content references at tasks could be used to temporarily execute script code in the context of the users browser session. To exploit this an attacker would require temporary access to the users account, access to another account within the same context or an successful social engineering...

5.4CVSS6.8AI score0.00531EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:42 a.m.6 views

CVE-2024-23187

Content-ID based embedding of resources in E-Mails could be abused to trigger client-side script code when using the "show more" option. Attackers could perform malicious API requests or extract information from the users account. Exploiting the vulnerability requires user interaction. Please...

6.5CVSS6.8AI score0.00485EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.3 views

CVE-2023-26448

Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit...

5.4CVSS7.1AI score0.00558EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.4 views

CVE-2023-26456

Users were able to set an arbitrary "product name" for OX Guard. The chosen value was not sufficiently sanitized before processing it at the user interface, allowing for indirect cross-site scripting attacks. Accounts that were temporarily taken over could be configured to trigger persistent code...

5.4CVSS6.5AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:38 a.m.6 views

CVE-2023-26438

External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use TOCTOU weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could...

4.3CVSS6.8AI score0.00495EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2024/09/10 3:10 a.m.5 views

SUSE CVE-2024-25584

Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest...

5.3CVSS6.9AI score0.00187EPSS
Exploits0References3
Rows per page
Query Builder