CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

245 matches found

USN-8365-1: Dovecot vulnerabilities

It was discovered that Dovecot incorrectly treated some variable expansion pipelines as safe in authentication filters. An attacker could possibly use this issue to perform SQL or LDAP injection attacks. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-27851 It was discovered...

9.1CVSS5.9AI score0.00016EPSS

Exploits0

RedhatCVE•added 2026/05/25 7:33 a.m.•8 views

CVE-2026-40016

A flaw was found in Dovecot. A remote or local attacker could upload a malicious Sieve script through the ManageSieve service, or locally, to bypass configured CPU time limits for Sieve scripts. This allows the attacker to consume excessive server resources, leading to a degradation of server...

6.5CVSS5.8AI score0.00016EPSS

Exploits0References4

Packet Storm News•added 2026/05/21 12:0 a.m.•4 views

Parser-Free Querying of Security Logs

Security analysts routinely query system logs to detect threats and investigate incidents, but each log source uses its own semi-structured format: logs are cheap to produce, but expensive to use. The standard approach, building per-source parsers to normalize logs into structured schemas, is...

5.9AI score

Exploits0

RedHat Linux•added 2026/05/20 2:1 a.m.•8 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

A flaw was found in ManageSieve. A remote attacker can exploit this vulnerability by sending a crafted SASL Simple Authentication and Security Layer initial response during the AUTHENTICATE command. This can cause the ManageSieve service to crash repeatedly, leading to a Denial of Service DoS for...

7.5CVSS5.8AI score0.00068EPSS

Exploits1References5

Tenable Nessus•added 2026/05/20 12:0 a.m.•6 views

Linux Distros Unpatched Vulnerability : CVE-2026-40016

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configure...

6.5CVSS5.8AI score0.00016EPSS

Exploits0References4

RedHat Linux•added 2026/05/14 3:35 p.m.•4 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

7.5CVSS5.8AI score0.00068EPSS

Exploits1References5

RedHat Linux•added 2026/05/14 2:6 p.m.•5 views

dovecot: ManageSieve: Denial of Service via crafted SASL initial response in AUTHENTICATE command

7.5CVSS5.8AI score0.00068EPSS

Exploits1References5

SUSE CVE•added 2026/05/13 3:37 a.m.•7 views

SUSE CVE-2026-40016

Attacker can upload a malicious Sieve script over ManageSieve service or locally to bypass configured CPU time limits for Sieve up to 130 times of the configured limit. Attacker can use this to degrade server performance and bypass configured CPU time limits for Sieve scripts. Install fixed...

6.5CVSS5.7AI score0.00016EPSS

Exploits0References3

EUVD•added 2026/05/12 3:31 p.m.•17 views

EUVD-2026-29470

5.3CVSS5.7AI score0.00016EPSS

Exploits0References2

NVD•added 2026/05/12 2:17 p.m.•6 views

CVE-2026-40016

6.5CVSS0.00016EPSS

Exploits0References1

OSV•added 2026/05/12 2:17 p.m.•3 views

UBUNTU-CVE-2026-40016

6.5CVSS5.7AI score0.00016EPSS

Exploits0References4

UbuntuCve•added 2026/05/12 2:17 p.m.•7 views

CVE-2026-40016

6.5CVSS5.7AI score0.00016EPSS

Exploits0References2

Cvelist•added 2026/05/12 1:28 p.m.•23 views

CVE-2026-40016

5.3CVSS0.00016EPSS

Exploits0References1

Vulnrichment•added 2026/05/12 1:28 p.m.•6 views

CVE-2026-40016

5.3CVSS5.7AI score0.00016EPSS

Exploits0References1

ATTACKERKB•added 2026/05/12 1:28 p.m.•4 views

CVE-2026-40016

5.3CVSS5.7AI score0.00016EPSS

Exploits0References2

Debian CVE•added 2026/05/12 1:28 p.m.•5 views

CVE-2026-40016

6.5CVSS5.7AI score0.00016EPSS

Exploits0

CVE•added 2026/05/12 1:28 p.m.•9 views

CVE-2026-40016

CVE-2026-40016: An attacker can upload a malicious Sieve script via ManageSieve (or local access) to bypass CPU time limits, potentially increasing allowed run time up to 130× the configured limit and degrading server performance. Affected component is the Sieve execution/ManageSieve handling; ro...

6.5CVSS5.7AI score0.00016EPSS

Exploits0References1Affected Software2

AlpineLinux•added 2026/05/12 1:28 p.m.•9 views

CVE-2026-40016

6.5CVSS5.7AI score0.00016EPSS

Exploits0References1

Positive Technologies•added 2026/05/12 12:0 a.m.•7 views

PT-2026-40027

Name of the Vulnerable Software and Affected Versions dovecot versions prior to 2.4.4-1.1 Description An attacker can upload a malicious Sieve script via the 'ManageSieve' service or local access to bypass configured CPU time limits for Sieve by up to 130 times the limit. This can lead to degrade...

9.1CVSS5.7AI score0.00016EPSS

Exploits0References21

CNNVD•added 2026/05/12 12:0 a.m.•4 views

Open-Xchange OX Dovecot Pro 资源管理错误漏洞

Open-Xchange OX Dovecot Pro is an email storage and delivery system provided by the German company Open-Xchange. Open-Xchange OX Dovecot Pro has a resource management vulnerability. This vulnerability stems from allowing attackers to upload malicious Sieve scripts, bypassing the configured CPU ti...

6.5CVSS5.8AI score0.00016EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by