CVE-2026-7140

The CVE-2026-7140 entry concerns Totolink A8000RU (firmware 7.1cu.643_b20200521). The vulnerability resides in CsteSystem within /cgi-bin/cstecgi.cgi of the CGI Handler, enabling an os command injection via manipulation of an HTTP argument. Impact vectors indicate remote exploitation with high co...

MAL-2025-7140 Malicious code in @crabas0npm/a-qui-ullam-possimus (npm)

The package @crabas0npm/a-qui-ullam-possimus was found to contain malicious code...

Linux Distros Unpatched Vulnerability : CVE-2024-44937

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit...

CVE-2025-7140

creationtimestamp| type| source ---|---|--- 2025-07-07 23:29:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ltfwv767762s...

CVE-2025-7140 SourceCodester Best Salon Management System Update Staff Page edit-staff.php cross site scripting

A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-staff.php of the component Update Staff Page. The manipulation of the argument Staff Name leads to cross site scripting. It is...

Linux Distros Unpatched Vulnerability : CVE-2016-7140

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple cross-site scripting XSS vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow...

Ubuntu: Security Advisory (USN-7140-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : Tinyproxy vulnerability (USN-7140-2)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-7140-2 advisory. USN-7140-1 fixed CVE-2022-40468 in tinyproxy. This update provides the corresponding update for Ubuntu 14.04 LTS. Tenable has extracted the preceding description...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Tinyproxy vulnerability (USN-7140-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7140-1 advisory. It was discovered that Tinyproxy did not properly manage memory under certain circumstances. An attacker could possibly use th...

CVE-2024-44937

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...

CVE-2024-44937 platform/x86: intel-vbtn: Protect ACPI notify handler against recursion

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...

CVE-2024-44937

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...

CVE-2024-44937

The CVE affects the Linux kernel’s Intel VBTN (platform/x86) ACPI notify handler. A race can occur when the notify_handler() runs on multiple CPUs after a change enabling those handlers to operate on all CPUs, notably observed on Dell Venue 7140 during undocking. The race could cause the input-de...

CVE-2024-44937 platform/x86: intel-vbtn: Protect ACPI notify handler against recursion

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel-vbtn: Protect ACPI notify handler against recursion Since commit e2ffcda16290 "ACPI: OSL: Allow Notify handlers to run on all CPUs" ACPI notify handlers like the intel-vbtn notifyhandler may run on multiple CP...

CVE-2023-7140

creationtimestamp| type| source ---|---|--- 2023-12-29 00:26:19+00:00| seen| https://t.me/ctinow/160257 2023-12-31 03:34:48+00:00| seen| https://t.me/arpsyndicate/2286 2024-01-03 08:16:56+00:00| seen| https://t.me/ctinow/162248 2024-01-20 09:16:38+00:00| seen| https://t.me/ctinow/170565...

CVE-2023-7140

A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be...

CVE-2023-7140

CVE-2023-7140 affects code-projects Client Details System 1.0. The vulnerability arises from manipulating the id parameter in /admin/manage-users.php, leading to a SQL injection. Multiple connected sources corroborate an in-the-wild exploit and public disclosure. The exact impacted versions and a...

CVE-2023-7140 code-projects Client Details System manage-users.php sql injection

A vulnerability was found in code-projects Client Details System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/manage-users.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be...

Plone XSS in Zope ZMI

Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...

GHSA-84JM-CPC5-C7G7 Plone XSS in Zope ZMI

Cross-site scripting XSS vulnerability in the managefindResult component in the search feature in Zope ZMI in Plone before 4.3.12 and 5.x before 5.0.7 allows remote attackers to inject arbitrary web script or HTML via vectors involving double quotes, as demonstrated by the objids:tokens parameter...