CVE-2026-40020

CVE-2026-40020 affects dovecot via IMAP SETACL: an attacker can inject the "anyone" permission into a user’s dovecot-acl file even when imap_acl_allow_anyone=no, causing folders to be spammed to all users. Impact is limited to spamming, not unauthorized data access. Multiple vendors have referenc...

IOT_Vul_Public

IOTVul...

PT-2026-38323

Name of the Vulnerable Software and Affected Versions Claude Desktop for Windows versions prior to 1.3834.0 Description The CoworkVMService component runs as SYSTEM and fails to validate if the VM bundle directory is a legitimate directory or an NTFS directory junction before file creation. A loc...

CVE-2026-5994 Totolink A7100RU CGI cstecgi.cgi setTelnetCfg os command injection

A security flaw has been discovered in Totolink A7100RU 7.4cu.2313b20191024. This issue affects the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Performing a manipulation of the argument telnetenabled results in os command injection. The attack is possible ...

CVE-2025-59024

Crafted delegations or IP fragments can poison cached delegations in Recursor...

CVE-2026-1151 technical-laohu mpay User Center cross site scripting

A weakness has been identified in technical-laohu mpay up to 1.2.4. The affected element is an unknown function of the component User Center. This manipulation of the argument Nickname causes cross site scripting. The attack may be initiated remotely. The exploit has been made available to the...

CVE-2025-15076

CVE-2025-15076 concerns Tenda CH22 1.0.0.1. The vulnerability targets an unknown function in the file /public/, enabling remote path traversal. Public exploit code is indicated, and multiple sources (NVD/Red Hat/EUVD/CNNVD, etc.) describe remote, low-complexity access with no authentication requi...

CVE-2025-13547 D-Link DIR-822K/DWR-M920 formDdns memory corruption

A flaw has been found in D-Link DIR-822K and DWR-M920 1.0020250513164613/1.1.50. This affects an unknown part of the file /boafrm/formDdns. This manipulation of the argument submit-url causes memory corruption. The attack may be initiated remotely. The exploit has been published and may be used...

CVE-2023-53480

In the Linux kernel, the following vulnerability has been resolved: kobject: Add sanity check for kset-kobj.ktype in ksetregister When I register a kset in the following way: static struct kset mykset; kobjectsetname&mykset.kobj, "mykset"; ret = ksetregister&mykset; A null pointer dereference...

CVE-2025-10785

Campcodes Grocery Sales and Inventory System 1.0 contains a SQL injection in /manage_user.php via manipulation of the ID parameter. The issue is exploitable remotely, and public exploits are available. Multiple sources (NVD, Red Hat, CVE listings, and third-party databases) consistently describe ...

CVE-2025-30735

...

Linux Distros Unpatched Vulnerability : CVE-2024-29509

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Artifex Ghostscript before 10.03.0 has a heap-based overflow when PDFPassword e.g., for runpdf has a \000 byte in the middle. CVE-2024-29509 Note that Nessus...

Linux Distros Unpatched Vulnerability : CVE-2023-38595

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processi...

CVE-2024-4011

creationtimestamp| type| source ---|---|--- 2025-01-09 22:15:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/1104...

CVE-2024-54298

creationtimestamp| type| source ---|---|--- 2024-12-14 01:14:57+00:00| seen| https://infosec.exchange/users/cve/statuses/113648526716105480...

Dell PowerScale OneFS Resource Management Error Vulnerability

Dell PowerScale OneFS is a proprietary operating system developed by Dell for its PowerScale horizontally scalable NAS network attached storage solution. Dell PowerScale OneFS has a resource management error vulnerability that stems from the inclusion of an uncontrolled resource consumption...

Unspecified Vulnerability in Siemens SINEMA Remote Connect Client

Siemens SINEMA Remote Connect is a remote management platform from Siemens, Germany. The platform supports efficient and secure remote access to globally distributed machines and ensures secure management of VPN channels between control centers, service engineers and installed equipment. An...

CVE-2024-2987

A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14408. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The...

CVE-2024-1720

creationtimestamp| type| source ---|---|--- 2024-03-07 07:26:10+00:00| seen| https://t.me/ctinow/202148 2024-03-07 07:26:14+00:00| seen| https://t.me/ctinow/202152...

CVE-2023-3809

A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file patient.php. The manipulation of the argument address leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to...