Protection-mechanism bypass in BlueMail 1.140.103 and earlier on Windows lets attackers deliver files that are saved via the attachment-interaction feature without a Mark-of-the-Web (MOTW) tag, defeating Windows SmartScreen, Office Protected View, and third-party security software that rely on the MOTW zone identifier. Publicly available exploit code exists; the flaw is not listed in CISA KEV and EPSS is low (0.48%, 38th percentile), indicating no confirmed widespread exploitation yet. The practical effect is that a malicious document or executable arriving by email loses the 'downloaded from the Internet' provenance that would normally trigger a warning or block.
Protection-mechanism bypass in Canary Mail 5.1.40 and earlier on Windows lets attacker-supplied email attachments be written to disk without the Mark-of-the-Web (MOTW) NTFS tag, so files that reach a victim through the mail client are treated as trusted local content rather than internet-originated. This defeats SmartScreen, Office Protected View, and other MOTW-aware defenses in Windows and third-party software, materially easing malware delivery. Publicly available exploit code exists; the issue is not listed in CISA KEV and EPSS is low (0.48%, 38th percentile), indicating no evidence of widespread active exploitation.
Use-after-free in Linux ksmbd IPC handler allows remote unauthenticated attackers to trigger memory corruption via race condition in generic netlink reply processing. The flaw (CVSS 9.8 critical, network-reachable) affects ksmbd's ipc_msg_send_request() function where concurrent access to response buffers occurs without proper locking. EPSS data not provided; no CISA KEV listing identified at time of analysis. Multiple upstream kernel commits available across stable branches indicate vendor-released patches exist.