CVE-2026-3820

creationtimestamp| type| source ---|---|--- 2026-06-04 11:51:43+00:00| seen| https://bsky.app/profile/postac001.bsky.social/post/3mnhkpjttbm2f...

CVE-2026-3820

The CVE-2026-3820 entry pertains to Supermicro BMC’s SMTP service on the AS-2115HS-TNR. The vulnerability allows an attacker to obtain administrator privileges by injecting specially crafted characters into the SMTP service configuration, which can lead to command execution when the process is in...

CVE-2026-3820 Supermicro BMC's SMTP service contains a command injection vulnerability

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

EUVD-2026-3820

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in POSIMYTH Nexter Blocks the-plus-addons-for-block-editor allows Retrieve Embedded Sensitive Data.This issue affects Nexter Blocks: from n/a through = 4.6.3...

MiracleLinux 7 : GNOME (AXSA:2020-080:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-080:01 advisory. gnome-shell: partial lock screen bypass CVE-2019-3820 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 7 : bind-9.9.4-73.0.1.el7.AXS7 (AXSA:2019-3820:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3820:02 advisory. Security Fix - CVE-2018-5742 CVE CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding description block directly from the MiracleLinux security...

EUVD-2025-12371

Malicious code in bioql PyPI...

EUVD-2025-12376

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2010-3820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses uninitialized memory during processin...

Linux Distros Unpatched Vulnerability : CVE-2016-3820

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a...

CVE-2025-20707

In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924201; Issue ID: MSV-3820...

CVE-2025-20707

In geniezone, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09924201; Issue ID: MSV-3820...

CVE-2021-3820

inflect is vulnerable to Inefficient Regular Expression Complexity...

CVE-2011-3820

WSN Software 6.0.6 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/prestart.php and certain other files...

CVE-2009-3820

SQL injection vulnerability in the Flagbit Filebase fbfilebase extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...

CVE-2025-29659

Yi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmdlisten" function located in the "cmd" binary...

CVE-2025-29660

A vulnerability exists in the daemon process of the Yi IOT XY-3820 v6.0.24.10, which exposes a TCP service on port 6789. This service lacks proper input validation, allowing attackers to execute arbitrary scripts present on the device by sending specially crafted TCP requests using directory...