Tag

#vulnerability-disclosure

2 posts tagged #vulnerability-disclosure.

Analysis · May 25, 2026 · Colten Anderson

Microsoft patched a SYSTEM bug in 2020. It still works in 2026.

A pseudonymous researcher published MiniPlasma, a working PoC for CVE-2020-17103, and the only thing standing between you and a SYSTEM shell is a driver you cannot turn off.
Analysis · May 5, 2026 · Colten Anderson

SmarterMail fixed a CVSS 10 and told no one for two months

CVE-2025-52691 is a pre-auth RCE in SmarterMail's file upload API. SmarterTools patched it silently in October 2025 with no CVE, no advisory, and release notes that said 'critical security fixes.' watchTowr found the silent fix two months later. Here's why that matters.