CVE-2026-11374
published 2026-06-23CVE-2026-11374: In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be…
PriorityP359critical9CVSS 3.1
AVNACHPRNUINSCCHIHAH
EPSS
1.24%
65.4th percentile
In ManageEngine ADSelfService Plus, RecoveryManager Plus, M365 Manager Plus, and ADAudit Plus, the SSO tickets generated to authenticate that session could be predicted
by an unauthenticated user, leading to account takeover.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| zohocorp | manageengine_adaudit_plus | < 8703 | 8703 |
| zohocorp | manageengine_adselfservice_plus | < 6529 | 6529 |
| zohocorp | manageengine_m365_manager_plus | < 4817 | 4817 |
| zohocorp | manageengine_recovery_manager_plus | < 6321 | 6321 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Hackernews
⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More
blogs_hackernews·2026-06-29·CVSS 8.8
CVE-2026-43503 [HIGH] ⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## ⚡ Weekly Recap: Linux Kernel Flaws, AI Malware Tricks, Turla Backdoor, Infostealers and More
This week was a reminder that attackers do not always need big tricks. One small mistake, one old access path, one missed patch, and suddenly the door is open.
The noise is not all noise, either. Forums are talking, researchers are finding easy cracks, and defenders have more cleanup waiting.
Here’s the full Monday recap.
## ⚡ Threat of the Week
New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets — Cybersecurity researchers detailed a new variant of the Dirty Frag Linux kernel flaw. Called DirtyClone (
Bugzilla
CVE-2025-11374 golang-github-hashicorp-consul: Consul's KV endpoint is vulnerable to denial of service [fedora-42]
bugzilla·2025-10-29·CVSS 6.5
CVE-2025-11374 [MEDIUM] CVE-2025-11374 golang-github-hashicorp-consul: Consul's KV endpoint is vulnerable to denial of service [fedora-42]
CVE-2025-11374 golang-github-hashicorp-consul: Consul's KV endpoint is vulnerable to denial of service [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
2026-06-23
Published