Astra Linux - уязвимость в exim4

Exim NTLM Challenge Out-of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected Exim installations. Authentication is not required to exploit this vulnerability. The specific flaw lies in the handling of NTLM...

PT-2026-34821

Name of the Vulnerable Software and Affected Versions go-ntlmssp versions prior to 0.1.1 Description A malicious NTLM challenge message can cause a slice out of bounds panic, leading to a crash of any Go process utilizing ntlmssp.Negotiator as an HTTP transport. Recommendations Update to version...

CVE-2026-40107 SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...

CVE-2026-40107

SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, tags with src attributes survive Mermaid's internal DOMPurify and land in SVG blocks. The SVG is injected via innerHTML with no secondary...

EUVD-2026-18039

AIOHTTP affected by UNC SSRF/NTLMv2 Credential Theft/Local File Read in static resource handler on Windows...

CVE-2026-25171

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2026-4823

A flaw has been found in Enter Software Iperius Backup up to 8.7.3. Affected by this vulnerability is an unknown functionality of the component NTLM2 Handler. Executing a manipulation can lead to information disclosure. The attack is restricted to local execution. Attacks of this nature are highl...

EUVD-2026-10636

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

EUVD-2026-10637

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2026-25171

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2026-25171

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2026-25171

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

Windows Authentication Elevation of Privilege Vulnerability

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

PT-2026-24298

Уязвимость компонента Windows Authentication операционных систем Windows связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии...

Where Multi-Factor Authentication Stops and Credential Abuse Starts

Organizations typically roll out multi-factor authentication MFA and assume stolen passwords are no longer enough to access systems. In Windows environments, that assumption is often wrong. Attackers still compromise networks every day using valid credentials. The issue is not MFA itself, but...

Changing IDExpert Windows Logon Agent 安全漏洞

Changing IDExpert Windows Logon Agent is an identity authentication client software developed by Changing, a company based in Taiwan, China. This software is designed to enhance security during Windows login processes. Changing IDExpert Windows Logon Agent contains a security vulnerability that...

CVE-2026-21249

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

CVE-2026-21249

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

CVE-2026-21249

External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally...

Microsoft NTLM 安全漏洞

Microsoft NTLM is an authentication protocol used by Microsoft on networks that include systems running the Windows operating system, as well as standalone systems. There are security vulnerabilities in Microsoft NTLM. Attackers exploit these vulnerabilities to carry out phishing attacks. The...