CVE-2026-40436

The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the...

BIT-ETCD-2026-33413 etcd: Authorization bypasses in multiple APIs

etcd is a distributed key-value store for the data of a distributed system. Prior to versions 3.4.42, 3.5.28, and 3.6.9, unauthorized users may bypass authentication or authorization checks and call certain etcd functions in clusters that expose the gRPC API to untrusted or partially trusted...

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

PT-2026-2262

Name of the Vulnerable Software and Affected Versions Imaster Patient Record Management System affected versions not specified Description The software contains a stored Cross-Site Scripting XSS issue in the /projects/hospital/admin/edit patient.php endpoint. An attacker can inject a malicious...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not acquiring the sumutex lock before traversing the configuration hierarchy, which could lead to list acces...

Weblate 授权问题漏洞

Weblate is a Copyleft open source web-based free software continuous localization system. An authorization issue vulnerability exists in Weblate versions prior to 5.15, which stems from the possibility that the API may retrieve user notification settings or list all users, potentially leading to...

ksmbd: Fix race condition in RPC handle list access

...

EUVD-2016-5580

Malware in sbrugna...

EUVD-2011-4691

Malware in sbrugna...

EUVD-2010-4753

Malware in sbrugna...

CVE-2025-39673 ppp: fix race conditions in ppp_fill_forward_path

In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in pppfillforwardpath pppfillforwardpath has two race conditions: 1. The ppp-channels list can change between listempty and listfirstentry, as ppplock is not held. If the only channel is deleted in...

CVE-2024-21665

ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in...

CVE-2024-49414

Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list...

CVE-2022-30730

Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication...

CVE-2022-36876

Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication...

CVE-2010-4788

IBM Tivoli Directory Server TDS 6.0 before 6.0.0.62 aka 6.0.0.8-TIV-ITDS-IF0004 does not perform certain locking of linked-list access, which allows remote authenticated users to cause a denial of service daemon crash via a paged search...

CVE-2025-31357

An unauthenticated attacker can obtain a user's plant list by knowing the username...

CVE-2025-31357

CVE-2025-31357 affects Growatt Cloud Applications (cloud portal). The connected documents describe an information-disclosure vulnerability where an unauthenticated attacker can obtain a user’s plant list by knowing the username. Evidence of the issue appears across multiple sources (CVE lists, CN...

CVE-2025-31357 Growatt Cloud portal Authorization Bypass Through User-Controlled Key

An unauthenticated attacker can obtain a user's plant list by knowing the username...

CVE-2025-21664

In the Linux kernel, the following vulnerability has been resolved: dm thin: make getfirstthin use rcu-safe list first function The documentation in rculist.h explains the absence of listemptyrcu and cautions programmers against relying on a listempty - listfirst sequence in RCU safe code. This i...