CVE-2026-45185

Overview

Exim
Exim

12 May 2026

Published

13 May 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.06%

MITRE

KEV

Description

Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.

Statistics

6 Posts
10 Interactions

Last activity: 12 hours ago

Fediverse

Catalin Cimpanu @campuscodi

XBOW's AI found an unauth RCE in Exim, bug is being called Dead.Letter

https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim

Patches are out: https://www.exim.org/static/doc/security/EXIM-Security-2026-05-01.1/EXIM-Security-2026-05-01.1.txt

6
1
0
20h ago

equinox @equinox

I didn't think I would ever use this sentence, but "thank fuck I use openssl"…

Then again it'll be the other way around some future time. Near future probably, considering how things are going.

(My primary server is still running Gentoo, so, exim is indeed built against openssl. Unlike all my Debian boxes…)

https://xbow.com/blog/dead-letter-cve-2026-45185-xbow-found-rce-exim

0
1
0
18h ago

Bluesky

Hacker News Top Stories @hackernewsbot.bsky.social

Dead.letter (CVE-2026-45185) Humans vs. LLM for Unauthenticated RCE Race on Exim | Discussion

0
2
0
23h ago

Information Security Briefly @infosecbriefly.bsky.social

Exim security updates fix CVE-2026-45185, a GnuTLS-related BDAT use-after-free that can cause heap corruption and potential code execution.

0
0
0
23h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Exim patched CVE-2026-45185, a use-after-free in BDAT handling on GnuTLS builds that could enable heap corruption and code execution. Affects versions 4.97 to 4.99.2; fixed in 4.99.3. #Exim #GnuTLS #CVE202645185

0
0
0
21h ago

Undercode Testing @undercode.bsky.social

AI Hacked Your Mail Server: CVE-2026-45185 Exim RCE & The Dawn of Autonomous Offensive Security + Video Introduction: The discovery of CVE-2026-45185—an unauthenticated remote code execution (RCE) vulnerability in Exim, the world’s most widely deployed mail transfer agent (MTA)—marks a tectonic…

0
0
0
12h ago

CVE-2026-46300

Overview

Pending

Pending

Published

Pending

Updated

CVSS

Pending

EPSS

Pending

MITRE

KEV

Description

This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.

Statistics

5 Posts
5 Interactions

Last activity: 1 hour ago

Fediverse

Jan Schaumann @jschauma

As I was saying, we're not done with page cache LPEs.

Looks like a third variant just dropped (CVE-2026-46300):
https://github.com/v12-security/pocs/tree/main/fragnesia
https://github.com/v12-security/pocs/blob/d4043edc2acbd75d093e3f5795751b678c66b259/fragnesia/fragnesia.c

https://www.openwall.com/lists/oss-security/2026/05/13/3

Initial reading is defense against #DirtyFrag mitigates this, too, so perhaps not a full round of updates needed here.

3
2
0
2h ago

buherator @buherator

Officially lost track of Linux page cache LPE's - see also: "cache invalidation and naming things":

https://github.com/v12-security/pocs/tree/main/fragnesia

This is CVE-2026-46300

0
0
0
1h ago

Forst @forst

Apparently yet another one of those #DirtyFrag-like vulnerabilities in #Linux, this one called #Fragnesia

CVE-2026-46300

https://www.openwall.com/lists/oss-security/2026/05/13/3

#CopyFail

0
0
0
1h ago

:mastodon: decio @decio

et voilà il a reçu son nom de code CVE-2026-46300

0
0
0
1h ago

Bluesky

buherator @buherator.bsky.social

Officially lost track of Linux page cache LPE's: github.com -> This is CVE-2026-46300 Original->

0
0
0
1h ago

CVE-2026-41096

Overview

Microsoft
Windows 11 version 22H3

12 May 2026

Published

13 May 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.07%

MITRE

KEV

Description

Heap-based buffer overflow in Microsoft Windows DNS allows an unauthorized attacker to execute code over a network.

Statistics

6 Posts
13 Interactions

Last activity: 3 hours ago

Fediverse

Jan Korbel 🐧 @jackc

Microsoft Patch Tuesday 05/2026:
- opravy 120 zranitelností ve Windows, Officech, ale také třeba Malování(!)
- 17 kritických (z toho 14x RCE)
- krom toho mnoho (130+) oprav Edge nebo Teamsů

Velmi zajímavě vypadá zranitelnost CVE-2026-41096 ve Windows DNS klientovi(!), která umožňuje vzdálené spuštění kódu podstrčením připravených DNS odpovědí. S tím bych se vyloženě bál připojit se k sítím s cizím DNS.

#kybez

2
5
0
11h ago

Bluewall :verified: @Bluewall

Hunting CVE-2026-41096 (Windows DNS Client RCE, CVSS 9.8) in Advanced Hunting?

DeviceProcessEvents
| where Timestamp > ago(7d)
| where InitiatingProcessFileName =~ "svchost.exe"
| where InitiatingProcessCommandLine has_any ("dnscache", "NetworkService")
| where FileName !in~ ("conhost.exe", "WerFault.exe", "wermgr.exe")
| project Timestamp, DeviceName, FileName, ProcessCommandLine
| order by Timestamp desc

#CVE202641096 #KQL #ThreatHunting #MDE

0
0
0
3h ago

nyanbinary @nyanbinary

checks notes ...

Windows Netlogon Remote Code Execution
Windows DNS Client Remote Code Execution

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089

1
2
0
23h ago

Capstone Technologies Group @CapTechGroup

May 2026 Patch Tuesday: 137 vulnerabilities across Windows, Office, Exchange, Azure. CVE-2026-41089 (Netlogon buffer overflow) grants SYSTEM on domain controllers with no auth required. CVE-2026-41096 (DNS Client) exploitable...

https://captechgroup.com/about-us/threat-intelligence-center/may-2026-patch-tuesday-fixes-51-cves-across-window-36b2ed?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=may-2026-patch-tuesday-fixes-51-cves-across-windows-exchange-office

1
0
0
5h ago

CyberNetsecIO @netsecio

📰 Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE

Microsoft's May Patch Tuesday is huge: 137 vulnerabilities fixed, 30 critical. No zero-days for the first time in 22 months! 🚨 Key patches for critical RCEs in Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096). Patch now! ✅ #PatchTuesday

🔗 https://cyber.netsecops.io

1
0
0
4h ago

Bluesky

piggo @pigondrugs.bsky.social

@talosintelligence.com Microsoft's May 2026 Patch Tuesday addresses 137 vulnerabilities, including 31 critical flaws with 16 RCEs, though none are actively exploited. - IOCs: CVE-2026-32161, CVE-2026-41089, CVE-2026-41096 - ...

1
0
0
21h ago

CVE-2026-41940

Overview

WebPros
cPanel

29 Apr 2026

Published

06 May 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

74.24%

MITRE

KEV

Description

cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.

Statistics

4 Posts

Last activity: 4 hours ago

Fediverse

pentest-tools.com @pentesttools

Seven FuelCMS CVEs documented. XSS callbacks now show IP and headers. Website Scanner detects exposed private keys passively. Scheduled scan exports. API risk filtering.

Also: free scanner for CVE-2026-41940, the cPanel auth bypass exploited for 64 days before a patch existed. No account needed.

https://pentest-tools.com/network-vulnerability-scanning/cve-2026-41940-scanner-cpanel-authentication-bypass

#infosec #pentesting #vulnerabilitymanagement

0
0
0
8h ago

Bluesky

キタきつね @kitafox.bsky.social

cPanelの認証バイパスに関する重大な脆弱性（CVE-2026-41940）が数千件の被害に遭う Critical cPanel Auth Bypass CVE-2026-41940 Exploited by Thousands #DailyCyberSecurity (May 12) securityonline.info/cpanel-whm-a...

0
0
0
19h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Major patches hit SAP Commerce Cloud, SAP S/4HANA, and Apple macOS/iOS, while cPanel CVE-2026-41940 is actively exploited to drop a Filemanager backdoor. #SAP #Apple #Texas

0
0
0
9h ago

TugaTech 🖥️ @tugate.ch

Ataque a sistemas cPanel explora falha CVE-2026-41940 para instalar backdoor #ataque #cve #falha

0
0
0
4h ago

CVE-2026-40361

Overview

Microsoft
Microsoft 365 Apps for Enterprise

12 May 2026

Published

13 May 2026

Updated

CVSS v3.1

HIGH (8.4)

EPSS

0.06%

MITRE

KEV

Description

Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.

Statistics

3 Posts
4 Interactions

Last activity: 5 hours ago

Fediverse

VessOnSecurity @bontchev

CVE-2026-40361 - Microsoft Word Remote Code Execution Vulnerability:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-40361

What's next - and RCE in Notepad?

2
0
0
9h ago

Bluesky

Information Security Briefly @infosecbriefly.bsky.social

CVE-2026-40361 is a zero-click Outlook remote code execution flaw requiring patching to protect enterprise inboxes.

1
0
0
7h ago

Cybersecurity News Everyday @hendryadrian.bsky.social

Microsoft patched CVE-2026-40361, a critical zero-click Outlook bug that can trigger code execution from just reading or previewing an email. The flaw raises serious risks for enterprise inboxes. #Outlook #ExchangeServer #BadWinmail

1
0
0
5h ago

CVE-2026-41089

Overview

Microsoft
Windows Server 2012

12 May 2026

Published

13 May 2026

Updated

CVSS v3.1

CRITICAL (9.8)

EPSS

0.09%

MITRE

KEV

Description

Stack-based buffer overflow in Windows Netlogon allows an unauthorized attacker to execute code over a network.

Statistics

5 Posts
6 Interactions

Last activity: 4 hours ago

Fediverse

nyanbinary @nyanbinary

checks notes ...

Windows Netlogon Remote Code Execution
Windows DNS Client Remote Code Execution

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41096
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-41089

1
2
0
23h ago

Capstone Technologies Group @CapTechGroup

May 2026 Patch Tuesday: 137 vulnerabilities across Windows, Office, Exchange, Azure. CVE-2026-41089 (Netlogon buffer overflow) grants SYSTEM on domain controllers with no auth required. CVE-2026-41096 (DNS Client) exploitable...

https://captechgroup.com/about-us/threat-intelligence-center/may-2026-patch-tuesday-fixes-51-cves-across-window-36b2ed?utm_source=mastodon&utm_medium=social&utm_campaign=threat_intel&utm_content=may-2026-patch-tuesday-fixes-51-cves-across-windows-exchange-office

1
0
0
5h ago

CyberNetsecIO @netsecio

📰 Microsoft's May Patch Tuesday: 137 Flaws Fixed, Including Critical Netlogon RCE

Microsoft's May Patch Tuesday is huge: 137 vulnerabilities fixed, 30 critical. No zero-days for the first time in 22 months! 🚨 Key patches for critical RCEs in Netlogon (CVE-2026-41089) and DNS Client (CVE-2026-41096). Patch now! ✅ #PatchTuesday

🔗 https://cyber.netsecops.io

1
0
0
4h ago

Bluesky

CyberVeille @cyberveille-ch.bsky.social

📢 Patch Tuesday mai 2026 : 118 CVE Microsoft dont 3 critiques, volumes records chez Apple, Google, Mozilla et Oracle 📝 … https://cyberveille.ch/posts/2026-05-13-patch-tuesday-mai-2026-118-cve-microsoft-dont-3-critiques-volumes-records-chez-apple-google-mozilla-et-oracle/ #CVE_2026_41089 #Cyberveille

0
0
0
4h ago

piggo @pigondrugs.bsky.social

@talosintelligence.com Microsoft's May 2026 Patch Tuesday addresses 137 vulnerabilities, including 31 critical flaws with 16 RCEs, though none are actively exploited. - IOCs: CVE-2026-32161, CVE-2026-41089, CVE-2026-41096 - ...

1
0
0
21h ago

CVE-2026-43500

Overview

Linux
Linux

11 May 2026

Published

11 May 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the security ops only when skb_cloned() is true. An skb that is not cloned but still carries externally-owned paged fragments (e.g. SKBFL_SHARED_FRAG set by splice() into a UDP socket via __ip_append_data, or a chained skb_has_frag_list()) falls through to the in-place decryption path, which binds the frag pages directly into the AEAD/skcipher SGL via skb_to_sgvec(). Extend the gate to also unshare when skb_has_frag_list() or skb_has_shared_frag() is true. This catches the splice-loopback vector and other externally-shared frag sources while preserving the zero-copy fast path for skbs whose frags are kernel-private (e.g. NIC page_pool RX, GRO). The OOM/trace handling already in place is reused.

Statistics

2 Posts
17 Interactions

Last activity: 13 hours ago

Fediverse

knoppix @knoppix95

Linux 7.0.6 and 6.18.29 LTS patch the Dirty Frag local privilege flaw, fixing unsafe rxrpc decryption paths tied to CVE-2026-43500.
Fedora and Pop!_OS shipped fixes before release, reflecting rapid open-source patching and the need for timely user-controlled updates. 🔧

🔗 https://itsfoss.com/news/linux-fully-patches-dirty-frag-exploit/

#TechNews #Linux #DirtyFrag #Kernel #Fedora #PopOS #OpenSource #Cybersecurity #Privacy #Security #FOSS #SysAdmin #LTS #LinuxKernel #DirtyFrag #CopyFail #CVE #Fedora #PopOS #Ubuntu #Tech

9
8
0
21h ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #SafeBreach includes "Dirty Frag Vulnerability (CVE-2026-43284 & CVE-2026-43500): Why Reliable #Linux Privilege Escalation Changes the Defense Equation". #Cybersecurity https://opsmtrs.com/41NWGuQ

0
0
0
13h ago

CVE-2026-7482

Overview

ollama
ollama
ollama/ollama

04 May 2026

Published

04 May 2026

Updated

CVSS v3.1

CRITICAL (9.1)

EPSS

0.10%

MITRE

KEV

Description

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and size exceed the file's actual length; during quantization in fs/ggml/gguf.go and server/quantization.go (WriteTo()), the server reads past the allocated heap buffer. The leaked memory contents may include environment variables, API keys, system prompts, and concurrent users' conversation data, and can be exfiltrated by uploading the resulting model artifact through the /api/push endpoint to an attacker-controlled registry. The /api/create and /api/push endpoints have no authentication in the upstream distribution. Default deployments bind to 127.0.0.1, but the documented OLLAMA_HOST=0.0.0.0 configuration is widely used in practice (large public-internet exposure observed).

Statistics

2 Posts
8 Interactions

Last activity: 11 hours ago

Fediverse

knoppix @knoppix95

Ollama fixed CVE-2026-7482 in v0.17.1, a critical out-of-bounds read flaw that could leak API keys, prompts, and chat data from exposed servers via crafted GGUF files. 🔓
Researchers also disclosed unpatched Windows update flaws enabling persistent code execution through unsigned updates and path traversal in Ollama 0.12.10–0.17.5. ⚠️

🔗 https://thehackernews.com/2026/05/ollama-out-of-bounds-read-vulnerability.html

#TechNews #Ollama #LLM #AI #Cybersecurity #OpenSource #FOSS #Privacy #Infosec #Windows #Linux #Security #Servers #DataBreach #Technology

4
3
0
11h ago

Bluesky

OpsMatters @opsmatters.com

The latest update for #Indusface includes "Bleeding Llama (CVE-2026-7482): Critical Unauthenticated Memory Leak in Ollama" and "DDoS Protection for Insurance: Always-On Defense for Claims, Quotes & #APIs". #cybersecurity #infosec https://opsmtrs.com/3ySs2VF

0
1
0
13h ago

CVE-2026-0073

Overview

Google
Android

04 May 2026

Published

05 May 2026

Updated

CVSS

Pending

EPSS

0.01%

MITRE

KEV

Description

In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.

Statistics

2 Posts
4 Interactions

Last activity: 4 hours ago

Fediverse

N_{Dario Fadda} @nuke

PoC Exploit Released for Android Zero-Click CVE-2026-0073 — Silent ADB Shell Access on Android 14–16
#CyberSecurity
https://securebulletin.com/poc-exploit-released-for-android-zero-click-cve-2026-0073-silent-adb-shell-access-on-android-14-16/

4
0
0
4h ago

Bluesky

Undercode Testing @undercode.bsky.social

Android Zero-Click RCE via Wireless Debugging | CVE-2026-0073 – From Network Access to Full Shell + Video Introduction The Android Debug Bridge (ADB) is a powerful tool for developers, but when its security assumptions fail, it can become a backdoor. CVE-2026-0073 is a critical authentication…

0
0
0
9h ago

CVE-2026-0300

Overview

Palo Alto Networks
Cloud NGFW

06 May 2026

Published

12 May 2026

Updated

CVSS v4.0

CRITICAL (9.3)

EPSS

14.43%

MITRE

KEV

Description

A buffer overflow vulnerability in the User-ID™ Authentication Portal (aka Captive Portal) service of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. The risk of this issue is greatly reduced if you secure access to the User-ID™ Authentication Portal per the best practice guidelines https://knowledgebase.paloaltonetworks.com/KCSArticleDetail by restricting access to only trusted internal IP addresses. Prisma Access, Cloud NGFW and Panorama appliances are not impacted by this vulnerability.

Statistics

2 Posts
4 Interactions

Last activity: 6 hours ago

Fediverse

N_{Dario Fadda} @nuke

Critical Palo Alto PAN-OS Vulnerability CVE-2026-0300 Actively Exploited — Unauthenticated Root RCE on Firewalls
#CyberSecurity
https://securebulletin.com/critical-palo-alto-pan-os-vulnerability-cve-2026-0300-actively-exploited-unauthenticated-root-rce-on-firewalls/

4
0
0
6h ago

Bluesky

ohhara @shiojiri.com

PAN-OSに深刻な脆弱性「CVE-2026-0300」発覚　root権限奪取の恐れ：悪用確認済みのため要注意 - ＠IT https://atmarkit.itmedia.co.jp/ait/articles/2605/13/news034.html

0
0
0
15h ago