Overview
- mailcow
- mailcow-dockerized
20 May 2026
Published
20 May 2026
Updated
CVSS v4.0
HIGH (7.4)
EPSS
0.05%
KEV
Description
mailcow-dockerized contains a stored cross-site scripting vulnerability in the administrator Queue Manager. The Queue Manager fetches mail queue entries from /api/v1/get/mailq/all, copies server-controlled Postfix queue fields into DataTables rows, and renders several of those fields as HTML without adequate output encoding.
This issue affects mailcow-dockerized: 2026-03b.
Statistics
- 1 Post
Last activity: 19 hours ago
Overview
Description
A flaw has been found in OpenSC up to 0.26.1. This affects the function test_kpgen_certwrite of the file src/tools/pkcs11-tool.c of the component pkcs11-tool Key Generation Module. This manipulation causes buffer overflow. The attack is possible to be carried out remotely. The complexity of an attack is rather high. It is indicated that the exploitability is difficult. The exploit has been published and may be used. Patch name: 814f745b3b6d100295f65f1935edd33d520d33ab. It is recommended to apply a patch to fix this issue.
Statistics
- 1 Post
Last activity: 17 hours ago
Overview
- SQLite
- SQLite
- expr.c
15 Jul 2025
Published
29 Apr 2026
Updated
CVSS v4.0
HIGH (7.2)
EPSS
1.62%
KEV
Description
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.
Statistics
- 1 Post
Last activity: 1 hour ago
Fediverse
According to GrapheneOS, the SQLite issue marked as exploited in the wild in the June Android Security Bulletin was originally patched in SQLite 3.44.5 from July 2025:
https://grapheneos.social/@GrapheneOS/116681501156712831
https://github.com/sqlite/sqlite/commit/710858bca3e6f0cc1d5d74101a1b444b3c7214ff
However, searching for this commit shows that patch is for CVE-2025-6965.
I guess CVE-2025-48615 is a duplicate/variant?
You may remember CVE-2025-6965 as the bug that Project Zero's "Big Sleep" AI discovered, after Project Zero received reports of a bug "known only to threat actors and was at risk of being exploited", (https://blog.google/innovation-and-ai/technology/safety-security/cybersecurity-updates-summer-2025/)
I guess that explains why it's marked as exploited in the wild in the bulletin.
https://grapheneos.social/@GrapheneOS/116681501156712831
https://github.com/sqlite/sqlite/commit/710858bca3e6f0cc1d5d74101a1b444b3c7214ff
However, searching for this commit shows that patch is for CVE-2025-6965.
I guess CVE-2025-48615 is a duplicate/variant?
You may remember CVE-2025-6965 as the bug that Project Zero's "Big Sleep" AI discovered, after Project Zero received reports of a bug "known only to threat actors and was at risk of being exploited", (https://blog.google/innovation-and-ai/technology/safety-security/cybersecurity-updates-summer-2025/)
I guess that explains why it's marked as exploited in the wild in the bulletin.
Overview
Description
In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Statistics
- 1 Post
Last activity: 1 hour ago
Fediverse
According to GrapheneOS, the SQLite issue marked as exploited in the wild in the June Android Security Bulletin was originally patched in SQLite 3.44.5 from July 2025:
https://grapheneos.social/@GrapheneOS/116681501156712831
https://github.com/sqlite/sqlite/commit/710858bca3e6f0cc1d5d74101a1b444b3c7214ff
However, searching for this commit shows that patch is for CVE-2025-6965.
I guess CVE-2025-48615 is a duplicate/variant?
You may remember CVE-2025-6965 as the bug that Project Zero's "Big Sleep" AI discovered, after Project Zero received reports of a bug "known only to threat actors and was at risk of being exploited", (https://blog.google/innovation-and-ai/technology/safety-security/cybersecurity-updates-summer-2025/)
I guess that explains why it's marked as exploited in the wild in the bulletin.
https://grapheneos.social/@GrapheneOS/116681501156712831
https://github.com/sqlite/sqlite/commit/710858bca3e6f0cc1d5d74101a1b444b3c7214ff
However, searching for this commit shows that patch is for CVE-2025-6965.
I guess CVE-2025-48615 is a duplicate/variant?
You may remember CVE-2025-6965 as the bug that Project Zero's "Big Sleep" AI discovered, after Project Zero received reports of a bug "known only to threat actors and was at risk of being exploited", (https://blog.google/innovation-and-ai/technology/safety-security/cybersecurity-updates-summer-2025/)
I guess that explains why it's marked as exploited in the wild in the bulletin.
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
- 1 Interaction
Last activity: 4 hours ago
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
- 1 Interaction
Last activity: 4 hours ago
Overview
Description
This candidate has been reserved by a CVE Numbering Authority (CNA). This record will be updated by the assigning CNA once details are available.
Statistics
- 1 Post
- 1 Interaction
Last activity: 4 hours ago
Overview
Description
Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
Statistics
- 1 Post
Last activity: 14 hours ago
Overview
Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus.
This issue affects T-MAC Plus: 4.0-24.
Statistics
- 1 Post
Last activity: 14 hours ago