CVE-2026-3820

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

CVE-2026-3820

The CVE-2026-3820 entry pertains to Supermicro BMC’s SMTP service on the AS-2115HS-TNR. The vulnerability allows an attacker to obtain administrator privileges by injecting specially crafted characters into the SMTP service configuration, which can lead to command execution when the process is in...

CVE-2026-3820 Supermicro BMC's SMTP service contains a command injection vulnerability

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

CVE-2026-3820

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

EUVD-2026-34226

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

CVE-2026-3820 Supermicro BMC's SMTP service contains a command injection vulnerability

There is a vulnerability in the Supermicro BMC SMTP service at Supermicro AS-2115HS-TNR. An attacker may obtain administrator privileges and inject specially crafted characters into the SMTP service configuration. This may cause the underlying system to execute unintended commands during process...

CVE-2026-50209 MDM Server Registration Overriding

Broadcast events allow malicious software to rewrite the device's default Mobile Device Management MDM endpoint address, shifting administrative ownership to an external attacker...

CVE-2026-49189

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

Exploit for SQL Injection in Wpdeveloper Notificationx

CVE-2024-1698 – NotificationX WordPress Plugin SQL Injection...

CVE-2026-49189

CVE-2026-49189 involves unchecked public access permissions on a core Broadcast Receiver, enabling unauthorized local software components to invoke administrative operations. The available documents identify the vulnerable component as a Broadcast Receiver and describe the root cause as permissio...

CVE-2026-49189

Unchecked public access permissions on a core Broadcast Receiver allow unauthorized local software components to invoke administrative operations...

CVE-2026-10805

Summary : CVE-2026-10805 concerns NetworkManager’s dhclient backend, which may misprocess malformed MUD URLs to enable local privilege escalation. What’s affected : NetworkManager (dhclient backend); only when administrator explicitly configures NetworkManager to use dhclient. Default configurati...

CVE-2026-10805 Networkmanager: networkmanager: local privilege escalation via malformed mud urls in dhclient backend

A flaw was found in NetworkManager. This local privilege escalation vulnerability exists in NetworkManager's dhclient backend when processing malformed Manufacturer Usage Description MUD URLs. A local user can exploit this flaw to escalate privileges by triggering a script via a crafted MUD URL,...

CVE-2026-44917

OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxetemplate...

CVE-2026-41858

Weak Randomness / Insecure Cryptographic Primitive CWE-338 in Get-RandomPassword in BOSH-Ecosystem / windows-utilities-release allows a network attacker to estimate VM boot time and reconstruct a small candidate list to recover the Administrator password. The randomizepassword job exists solely t...

EUVD-2026-34193

A network man-in-the-middle between nats-sync and the BOSH director can steal the director credentials Basic auth header or UAA client secret and can tamper with the VM list that is written into the NATS authorization file. Stolen credentials grant administrative director access...

CVE-2026-10737

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

EUVD-2026-34190

The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the viewfile function in all versions up to, and including, 4.71. This makes it possible for unauthenticated attackers to read file metadata and obtain download links f...

PT-2026-46868

UserController::upsertUser writes user data in SYSTEM SCOPE and does not filter the admin field. A non-admin API user with user:create or user:update ACL permission can set admin: true on new or existing users, escalating to full admin access. The Problem In...

PT-2026-46196

All in One Video Downloader 1.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send requests to the admin interface with UNION-based SQL injection payloads in the id...