CVE-2026-43920

CVE-2026-43920 affects FOSSBilling versions 0.5.4–0.7.2 where the unauthenticated /run-patcher endpoint allowed privileged maintenance operations (config migrations, DB schema changes including ALTER/DROP/UPDATE, filesystem deletions/renames, and cache clearing) to be executed without admin auth,...

CVE-2026-23393

A flaw was found in the Linux kernel's bridge Connectivity Fault Management CFM component. A race condition can occur during the deletion of a peer Maintenance Entity Group End Point MEP. This allows the brcfmframerx function to re-schedule a delayed work on a MEP object after it has been marked...

CVE-2026-23393 bridge: cfm: Fix race condition in peer_mep deletion

In the Linux kernel, the following vulnerability has been resolved: bridge: cfm: Fix race condition in peermep deletion When a peer MEP is being deleted, canceldelayedworksync is called on ccmrxdwork before freeing. However, brcfmframerx runs in softirq context under rcureadlock without RTNL and...

PT-2023-29814 · Unknown · Thingnario Photon

Name of the Vulnerable Software and Affected Versions: ThingNario Photon version 1.0 Description: An issue in the software allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the ping function at the "thingnario Logger Maintenance Webpage" endpoint...

CVE-2022-23856

An issue was discovered in Saviynt Enterprise Identity Cloud EIC 5.5 SP2.x. An attacker can enumerate users by changing the id parameter, such as for the ECM/maintenance/forgotpasswordstep1 URI...