MATLOCK.CA
31Articles
5Categories
2026-05-16Date
🚨
U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalogThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Exchange Server, tracked as CVE-202…
KEVSECURITYAFFAIRS.COM — 16 May 2026
🐛
CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table name
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-40460 NGINX ngx_quic_module vulnerability
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-42934 NGINX ngx_http_charset_module vulnerability
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-43490 ksmbd: validate inherited ACE SID length
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6474 PostgreSQL timeofday() can disclose portions of server memory
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6472 PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-40701 NGINX ngx_http_ssl_module vulnerability
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-42945 NGINX ngx_http_rewrite_module vulnerability
MSRC.MICROSOFT.COM — 16 May 2026
🐛
CVE-2026-46333 ptrace: slightly saner 'get_dumpable()' logic
MSRC.MICROSOFT.COM — 16 May 2026
🐛
Linux “ssh-keysign-pwn” Flaw Exposing Critical Authentication Files
GBHACKERS.COM — 16 May 2026
⚠️
Inside CIRA: How Canada's .ca Registry Became a Global DNS & Cybersecurity Force
CYBERSECURITYTODAY.LIBSYN.COM — 16 May 2026
⚠️
JDownloader Website Hack Exposes Windows and Linux Users to Malicious Installers
GBHACKERS.COM — 16 May 2026
⚠️
OpenAI and others deal with fallout from TanStack supply-chain attack.
THECYBERWIRE.COM — 16 May 2026
⚠️
OpenAI hit by supply chain attack linked to malicious TanStack packages
SECURITYAFFAIRS.COM — 16 May 2026
⚠️
AI Broke Patch Management
YOUTUBE.COM — 2026-05-16
⚠️
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
THEHACKERNEWS.COM — 16 May 2026
🔥
Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording
WIRED.COM — 16 May 2026
🔥
Russian APT Turla builds long-term access tool with Kazuar Botnet evolution
SECURITYAFFAIRS.COM — 16 May 2026
🕵️
Friday Squid Blogging: Bigfin Squid
SCHNEIER.COM — 2026-05-16
🕵️
Scam papers served.
THECYBERWIRE.COM — 16 May 2026