Photon OS 4.0: Dotnet PHSA-2026-4.0-1036

An update of the dotnet package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-12463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Views. CVE-2026-12463 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...

CVE-2026-23863

An attachment spoofing issue in WhatsApp for Windows prior to v2.3000.1032164386.258709 could have allowed maliciously formatted documents with embedded NUL bytes in the filename to be shown in the application as one type of file but run as an executable when opened. We have not seen evidence of...

Linux Distros Unpatched Vulnerability : CVE-2026-47319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before...

CVE-2026-27851

When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be unescaped. This can enable SQL / LDAP injection attacks when used in authentication. Avoid using safe filter until on fixed version. No...

Camaleon CMS 2.9.1 Automated Admin Login, Version Detection, and Profile Update Script

This is a version detection and profile updating script for Camaleon CMS. It does not exploit any issue but can be useful for security testing to see if a vulnerable version is in use...

Linux Distros Unpatched Vulnerability : CVE-2025-59031

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dovecot has provided a script to use for attachment to text conversion. This script unsafely handles zip- style attachments. Attacker can use specially crafted...

CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

CVE-2026-27858

Attacker can send a specifically crafted message before authentication that causes managesieve to allocate large amount of memory. Attacker can force managesieve-login to be unavailable by repeatedly crashing the process. Protect access to managesieve protocol, or install fixed version. No public...

UBUNTU-CVE-2026-27859

A mail message containing excessive amount of RFC 2231 MIME parameters causes LMTP to use too much CPU. A suitably formatted mail message causes mail delivery process to consume large amounts of CPU time. Use MTA capabilities to limit RFC 2231 MIME parameters in mail messages, or upgrade to fixed...

Linux Distros Unpatched Vulnerability : CVE-2026-23105

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/sched: qfq: Use clisactive to determine whether class is active in qfqrmfromag This is more of a preventive patch to make the code more consistent and to...

PT-2025-44923

Name of the Vulnerable Software and Affected Versions SCE-Mink affected versions not specified Description A memory corruption issue exists when processing a GP command response. The root cause is an incorrect calculation of the buffer size. There is no information available regarding the number ...

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

CVE-2025-43027

CVE-2025-43027 affects Genetec Security Center, with a critical issue in the ALPR Manager role that could allow an attacker to gain administrative access to the system. Public descriptions cite a base score of 9.8 (CVSS v3.1) and network, unauthenticated, no-user-interaction exploitability, causi...

Exploit for Signal Handler Race Condition in Sonicwall Sma_6200_Firmware

CCTV-Hacking-Simulated-Environment-Only Repository purpose:...

CVE

It is an information repository for CVE details, providing a col...

CVE-2023-26440

The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the inpu...

CVE-2023-26435

It was possible to call filesystem and network references using the local LibreOffice instance using manipulated ODT documents. Attackers could discover restricted network topology and services as well as including local files with read permissions of the open-xchange system user. This was limite...

Critical vulnerabilities in SICK DL100-2xxxxxxx

Critical vulnerabilities have been found in the SICK device DL100-2xxxxxxx. If exploited, this potentially allows an attacker to impact availabiltiy, integrity and confidentaility of the products. Currently, SICK is not aware of any public exploits specifically targeting these vulnerabilities. As...

Linux Distros Unpatched Vulnerability : CVE-2024-9956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation vi...