SOLDIERX.COM Nobody Can Stop Information Insemination

Posted by Thomas Weber | CyberDanube via Fulldisclosure on May 31

CyberDanube Security Research 20260528-0
-------------------------------------------------------------------------------
title| Multiple Vulnerabilities
product| Mennekes Amtron Series and Smart-T PnC
vulnerable version| 5.22.3
fixed version| 5.33.11-21500
CVE number| CVE-2026-8979, CVE-2026-8980
impact| High
homepage| https://www.mennekes.at/
found|...

Posted by binreaper via Fulldisclosure on May 31

Hi all,

Posting a brief summary of a four-finding disclosure on bmcweb (the OpenBMC HTTP/Redfish web server), which ships in
BMC firmware on most modern enterprise servers — Intel, IBM, HPE, NVIDIA, and various ODMs.

Full timeline and analysis on the blog:

https://binreaper.pages.dev/posts/2026-05-27-bmcweb-disclosure/

## Why bmcweb matters

A Baseboard Management Controller boots before the host CPU, has full control over the server...

Posted by Noel Butler via Fulldisclosure on May 25

So when is the fix for dovecot 2.3 source code due to be released?

Since by your wording by not including the first detected versions, it
must be assumed 2.3 is affected, and as no EOL has been published or
announced for 2.3.x, and as 2.3 is the still the most popular used
version by far, should be prudent one is released, given a few more
serious fixes have been made in recent times.

Posted by outreach on May 25

-----BEGIN SECURITY ADVISORY-----

Title: Server-Side Request Forgery (SSRF) in Anthropic mcp-server-fetch and Microsoft playwright-mcp
Author: Syed Anas Mohiuddin <anasmohiuddinsyed () gmail com>
Date: May 25, 2026
CVSS: 7.5 (HIGH) — AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
References: Already public via GitHub issues (see below)

== AFFECTED PRODUCTS ==

1. Anthropic mcp-server-fetch (modelcontextprotocol/servers)
All versions as of May...

Posted by m.nageh on May 25

-----BEGIN SECURITY ADVISORY-----

Advisory ID: MONX-2021-001
CVE ID: CVE-2021-21735
Title: ZTE ZXHN H168N V3.5 - Unauthenticated Wizard Credential
Disclosure to Full Admin Compromise
Affected: ZTE ZXHN H168N V3.5
Date: 2026-05-20
Author: Mina Nageh Salalma (Monx Research)
Contact: minanageh379 () gmail com
Public URL:...

Posted by m.nageh on May 25

-----BEGIN SECURITY ADVISORY-----

Advisory ID: MONX-2026-003
CVE ID: CVE-2026-34474
Title: ZTE ZXHN H298A / H108N - Unauthenticated Admin Password &
WLAN Credential Exposure
Affected: ZTE ZXHN H298A 1.1, ZTE ZXHN H108N 2.6 (EOL; no patch
planned)
Date: 2026-05-20
Author: Mina Nageh Salalma (Monx Research)
Contact: minanageh379 () gmail com
Public URL:...

Posted by m.nageh on May 25

-----BEGIN SECURITY ADVISORY-----

Advisory ID: MONX-2026-002
CVE ID: CVE-2026-34472
Title: ZTE ZXHN H188A V6 - Authentication Bypass via Pre-Login
Wizard Credential Leakage
Affected: ZTE ZXHN H188A V6.0.10P2_TE, V6.0.10P3N3_TE
Date: 2026-05-20
Author: Mina Nageh Salalma (Monx Research)
Contact: minanageh379 () gmail com
Public URL:...

Posted by m.nageh on May 25

-----BEGIN SECURITY ADVISORY-----

Advisory ID: MONX-2026-001
CVE ID: CVE-2026-34473
Title: Unauthenticated Denial of Service via Oversized POST Body
in ZTE Router CGILua Parser
Affected: 17+ ZTE ZXHN router models (~140,000 publicly exposed
devices)
CVSS Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Date: 2026-05-20
Author: Mina Nageh Salalma (Monx Research)
Contact: minanageh379 () gmail...

Posted by Adamczyk Blazej on May 25

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Multiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

General...

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-13-2026-1 Safari 26.5

Safari 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127121.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

WebKit
Available for: macOS Sonoma and macOS Sequoia
Impact: Processing maliciously crafted web content may prevent Content...

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-11 visionOS 26.5

visionOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127120.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accelerate
Available for: Apple Vision Pro (all models)
Impact: An app may be able to cause a denial-of-service
Description:...

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-10 watchOS 26.5

watchOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127119.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accelerate
Available for: Apple Watch Series 6 and later
Impact: An app may be able to cause a denial-of-service
Description:...

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-9 tvOS 26.5

tvOS 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127118.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accelerate
Available for: Apple TV HD and Apple TV 4K (all models)
Impact: An app may be able to cause a denial-of-service...

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7

macOS Sonoma 14.8.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127117.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

APFS
Available for: macOS Sonoma
Impact: An app may be able to cause unexpected system termination
Description: A...

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-7 macOS Sequoia 15.7.7

macOS Sequoia 15.7.7 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127116.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

APFS
Available for: macOS Sequoia
Impact: An app may be able to cause unexpected system termination
Description:...

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-6 macOS Tahoe 26.5

macOS Tahoe 26.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127115.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accelerate
Available for: macOS Tahoe
Impact: An app may be able to cause a denial-of-service
Description: An...

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-5 iOS 15.8.8 and iPadOS 15.8.8

iOS 15.8.8 and iPadOS 15.8.8 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127114.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Notification Services
Available for: iPhone 6s (all models), iPhone 7 (all models), iPhone SE...

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-4 iOS 16.7.16 and iPadOS 16.7.16

iOS 16.7.16 and iPadOS 16.7.16 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127113.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Notification Services
Available for: iPhone 8, iPhone 8 Plus, iPhone X, iPad 5th generation,...

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-3 iPadOS 17.7.11

iPadOS 17.7.11 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127112.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Notification Services
Available for: iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch,
and iPad 6th generation
Impact:...

Posted by Apple Product Security via Fulldisclosure on May 17

APPLE-SA-05-11-2026-2 iOS 18.7.9 and iPadOS 18.7.9

iOS 18.7.9 and iPadOS 18.7.9 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/en-us/127111.

Apple maintains a Security Releases page at
https://support.apple.com/100100 which lists recent
software updates with security advisories.

Accounts
Available for: iPhone XS, iPhone XS Max, iPhone XR, iPad 7th generation
Impact: An app...