ROOT-OS-DEBIAN-13-CVE-2025-40038 CVE-2025-40038 in rootio-linux - Patched by Root

Root has patched CVE-2025-40038 in the rootio-linux package for Root:Debian:13. Multiple fixed versions available...

EUVD-2026-35198

A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit...

PT-2026-46324

Unauthenticated Local File Inclusion in Rosaleen = 2.8 versions...

PT-2026-46340

Unauthenticated Local File Inclusion in Especio = 1.0 versions...

PT-2026-44380

Name of the Vulnerable Software and Affected Versions Debug Log Manager – Conveniently Monitor and Inspect Errors versions prior to 2.5.1 Description The plugin is subject to improper output neutralization for logs. The log js errors AJAX handler is registered for unauthenticated users via wp aja...

CVE-2026-40020

CVE-2026-40020 affects dovecot via IMAP SETACL: an attacker can inject the "anyone" permission into a user’s dovecot-acl file even when imap_acl_allow_anyone=no, causing folders to be spammed to all users. Impact is limited to spamming, not unauthorized data access. Multiple vendors have referenc...

IOT_Vul_Public

IOTVul...

PT-2026-38323

Name of the Vulnerable Software and Affected Versions Claude Desktop for Windows versions prior to 1.3834.0 Description The CoworkVMService component runs as SYSTEM and fails to validate if the VM bundle directory is a legitimate directory or an NTFS directory junction before file creation. A loc...

GHSA-JV4P-MHMP-69VW Langchain-Chatchat Uses Insufficiently Random Values

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openairoutes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently rando...

Security Bulletin: IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/image-v0.18.0 which is vulnerable to CVE-2026-33809

Summary IBM Maximo Application Suite - Visual Inspection component uses golang.org/x/image-v0.18.0 which is vulnerable to CVE-2026-33809, This bulletin contains information regarding the vulnerability and its remediation. Vulnerability Details CVEID:CVE-2026-33809 DESCRIPTION: A maliciously craft...

Linux Distros Unpatched Vulnerability : CVE-2026-6755

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mitigation bypass in the DOM: postMessage component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. CVE-2026-6755 Note that Nessus relies on t...

Security-Advisories

Security Advisories — trexnegr0 Public disclosure repository...

CVE-2026-5994 Totolink A7100RU CGI cstecgi.cgi setTelnetCfg os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnetenabled results in os command injection. The attack is possible ...

public_disclosures

Public vulnerability disclosures Contains some of my vulnerab...

CVE-Exploit-Research-Development

Objective To research, replicate, and develop a working expl...

PT-2026-24811

The report circulating about "LDN-2026-0301" is false and based on manipulated screenshots. There is no such vulnerability in Ledger's transport layer, and no firmware update like the one described. The real research from the Ledger Donjon relates to CVE-2025-20435 https://t.co/Hx0yDcPxSk, a...

RHEL 9 : pcs (RHSA-2026:2817)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:2817 advisory. The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: lodash: prototype pollution in...

CVE-2025-59024

Crafted delegations or IP fragments can poison cached delegations in Recursor...

MiracleLinux 8 : net-snmp-5.8-18.el8.1 (AXSA:2021-1393:02)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2021-1393:02 advisory. net-snmp: Improper Privilege Management in EXTEND MIB may lead to privileged commands execution CVE-2020-15862 Tenable has extracted the preceding descriptio...

CVE-2026-1151 technical-laohu mpay User Center cross site scripting

A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...