Re: Dovecot Security Advisory OXDC-2026-0002

26 May 2026 at 01:45

Posted by Noel Butler via Fulldisclosure on May 25

So when is the fix for dovecot 2.3 source code due to be released?

Since by your wording by not including the first detected versions, it
must be assumed 2.3 is affected, and as no EOL has been published or
announced for 2.3.x, and as 2.3 is the still the most popular used
version by far, should be prudent one is released, given a few more
serious fixes have been made in recent times.

SSRF in Anthropic mcp-server-fetch and Microsoft playwright-mcp — publicly disclosed via GitHub issues

Full Disclosure

26 May 2026 at 01:44

Posted by outreach on May 25

-----BEGIN SECURITY ADVISORY-----

Title: Server-Side Request Forgery (SSRF) in Anthropic mcp-server-fetch and Microsoft playwright-mcp
Author: Syed Anas Mohiuddin <anasmohiuddinsyed () gmail com>
Date: May 25, 2026
CVSS: 7.5 (HIGH) — AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References: Already public via GitHub issues (see below)

== AFFECTED PRODUCTS ==

1. Anthropic mcp-server-fetch (modelcontextprotocol/servers)
All versions as of May...

[SECURITY ADVISORY] CVE-2021-21735 - ZTE ZXHN H168N V3.5 Unauthenticated Admin Credential Leak

Full Disclosure

26 May 2026 at 01:43

Posted by m.nageh on May 25

-----BEGIN SECURITY ADVISORY-----

Advisory ID: MONX-2021-001
CVE ID: CVE-2021-21735
Title: ZTE ZXHN H168N V3.5 - Unauthenticated Wizard Credential
Disclosure to Full Admin Compromise
Affected: ZTE ZXHN H168N V3.5
Date: 2026-05-20
Author: Mina Nageh Salalma (Monx Research)
Contact: minanageh379 () gmail com
Public URL:...

[SECURITY ADVISORY] CVE-2026-34474 - ZTE H298A/H108N Unauthenticated Admin Credential Exposure

Full Disclosure

26 May 2026 at 01:43

Posted by m.nageh on May 25

-----BEGIN SECURITY ADVISORY-----

Advisory ID: MONX-2026-003
CVE ID: CVE-2026-34474
Title: ZTE ZXHN H298A / H108N - Unauthenticated Admin Password &
WLAN Credential Exposure
Affected: ZTE ZXHN H298A 1.1, ZTE ZXHN H108N 2.6 (EOL; no patch
planned)
Date: 2026-05-20
Author: Mina Nageh Salalma (Monx Research)
Contact: minanageh379 () gmail com
Public URL:...

[SECURITY ADVISORY] CVE-2026-34472 - ZTE ZXHN H188A V6 Authentication Bypass via Pre-Login Wizard

Full Disclosure

26 May 2026 at 01:43

Posted by m.nageh on May 25

-----BEGIN SECURITY ADVISORY-----

Advisory ID: MONX-2026-002
CVE ID: CVE-2026-34472
Title: ZTE ZXHN H188A V6 - Authentication Bypass via Pre-Login
Wizard Credential Leakage
Affected: ZTE ZXHN H188A V6.0.10P2_TE, V6.0.10P3N3_TE
Date: 2026-05-20
Author: Mina Nageh Salalma (Monx Research)
Contact: minanageh379 () gmail com
Public URL:...

[SECURITY ADVISORY] CVE-2026-34473 - Unauthenticated DoS in 17+ ZTE Router Models (140K+ Devices)

Full Disclosure

26 May 2026 at 01:43

Posted by m.nageh on May 25

-----BEGIN SECURITY ADVISORY-----

Advisory ID: MONX-2026-001
CVE ID: CVE-2026-34473
Title: Unauthenticated Denial of Service via Oversized POST Body
in ZTE Router CGILua Parser
Affected: 17+ ZTE ZXHN router models (~140,000 publicly exposed
devices)
CVSS Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Date: 2026-05-20
Author: Mina Nageh Salalma (Monx Research)
Contact: minanageh379 () gmail...

Multiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect

Full Disclosure

26 May 2026 at 01:40

Posted by Adamczyk Blazej on May 25

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Multiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

General...

APPLE-SA-05-13-2026-1 Safari 26.5

Full Disclosure

17 May 2026 at 21:16