This might have slipped under the radar these past few days, but a 9.8 RCE in Exim (on many, many mail servers) that does not require authentication is bad bad bad.

https://www.zerodayinitiative.com/advisories/ZDI-23-1469/

https://media.infosec.exchange/infosecmediaeu/media_attachments/files/111/148/822/294/613/729/original/36553a9487c40804.png 

 @726b5433 like bad, bad.

Wikipedia:In March 2023 a study performed by E-Soft, Inc., approximated that 59% of the publicly reachable mail-servers on the Internet ran Exim. https://www.securityspace.com/s_survey/data/man.202302/mxsurvey.html