24h | 7d | 30d

CVE-2025-59028

Overview

  • Open-Xchange GmbH
  • OX Dovecot Pro
27 Mar 2026
Published
27 Mar 2026
Updated
CVSS v3.1
MEDIUM (5.3)
EPSS
0.09%
KEV

Description

When sending invalid base64 SASL data, login process is disconnected from the auth server, causing all active authentication sessions to fail. Invalid BASE64 data can be used to DoS a vulnerable server to break concurrent logins. Install fixed version or disable concurrency in login processes (heavy perfomance penalty on large deployments). No publicly available exploits are known.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
jonw @jonw

interesting cves this week 20260331

[interesting to me, certainly not a complete list]

- cve-2026-33765: pi-hole
- cve-2025-59028: Apache sasl dos
- cve-2026-4340: Apache auth bypass
- cve-2026-33868: mastodon open redirect
- cve-2026-33869: mastodon dos in quote authorization
- cve-2026-34475: varnish cache poisoning
- cve-2026-4425: eastlink dns dos (hello, nova scotia)

#cve #infosec

original post: jonw.weblog.lol/2026/03/intere

  • 0
  • 0
  • 0
  • 20h ago

CVE-2026-4340

Overview

  • Pending
Pending
Published
27 Mar 2026
Updated
CVSS
Pending
EPSS
Pending
KEV

Description

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.

Statistics

  • 1 Post
Last activity: 20 hours ago

Fediverse

Profile picture fallback
jonw @jonw

interesting cves this week 20260331

[interesting to me, certainly not a complete list]

- cve-2026-33765: pi-hole
- cve-2025-59028: Apache sasl dos
- cve-2026-4340: Apache auth bypass
- cve-2026-33868: mastodon open redirect
- cve-2026-33869: mastodon dos in quote authorization
- cve-2026-34475: varnish cache poisoning
- cve-2026-4425: eastlink dns dos (hello, nova scotia)

#cve #infosec

original post: jonw.weblog.lol/2026/03/intere

  • 0
  • 0
  • 0
  • 20h ago
Showing 51 to 52 of 52 CVEs