RHCOS 3 : OpenShift Container Platform 3.10 mediawiki (RHSA-2019:3238)

The remote Red Hat Enterprise Linux CoreOS 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3238 advisory. - mediawiki: $wgRateLimits rate limit / ping limiter entry for 'user' overrides that for 'newbie' CVE-2018-0503 - mediawiki:...

CVE-2026-0505

CVE-2026-0505 affects BSP applications where unauthenticated users can manipulate user-controlled URL parameters that are not sufficiently validated, resulting in unvalidated redirects to attacker-controlled websites. Root cause: insufficient validation of URL parameters. Impact per provided metr...

Linux Distros Unpatched Vulnerability : CVE-2018-0505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock CVE-2018-0505 Note that Nessus...

TencentOS Server 3: idm:DL1 (TSSA-2025:0505)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0505 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2022-0505

Cross-Site Request Forgery CSRF in Packagist microweber/microweber prior to 1.2.11...

CVE-2021-0505

In the Settings app, there is a possible way to disable an always-on VPN due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android...

CVE-2025-0505

On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...

CVE-2025-0505

Arista CloudVision ZTP privilege escalation (CVE-2025-0505) affects on-prem CloudVision Portal/CUE; ZTP can grant admin privileges beyond what’s necessary, enabling querying/manipulation of managed devices. CloudVision as-a-Service is not affected. On-premise CloudVision Portal versions listed in...

CVE-2025-0505 On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state

On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...

CVE-2025-0505 On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state

On Arista CloudVision systems virtual or physical on-premise deployments, Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary, which can be used to query or manipulate system state for devices under management. Note that...

CVE-2024-8141

creationtimestamp| type| source ---|---|--- 2024-08-25 05:05:34+00:00| seen| https://t.me/cvedetector/4076...

RHEL 6 / 7 : rh-mariadb100-mariadb (RHSA-2016:1132)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2016:1132 advisory. MariaDB is a multi-user, multi-threaded SQL database server. For all practical purposes, MariaDB is binary-compatible with MySQL. MariaD...

Malicious code in wlwz-2312-0505 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d6ea70923aa4cebe121f72cfcf7c60997ffee8db87e5f65402ac99e288eda80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-220 Malicious code in wlwz-2312-0505 (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8d6ea70923aa4cebe121f72cfcf7c60997ffee8db87e5f65402ac99e288eda80 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-0505

creationtimestamp| type| source ---|---|--- 2024-01-13 23:26:37+00:00| seen| https://t.me/ctinow/167920 2024-01-22 23:16:41+00:00| seen| https://t.me/ctinow/171519 2024-02-02 18:37:47+00:00| seen| https://t.me/ctinow/178213...

CVE-2024-0505

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has bee...

CVE-2024-0505

ZhongFuCheng3y Austin 1.0 is affected by a flaw in the getFile function of MaterialController.java (Upload Material Menu). The defect enables unrestricted file upload, as described across multiple sources, with exploit publicly disclosed. Affected component is the Upload Material Menu, file path ...

CVE-2024-0505 ZhongFuCheng3y Austin Upload Material Menu MaterialController.java getFile unrestricted upload

A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has bee...

Critical Photon OS Security Update - PHSA-2023-4.0-0505

Updates of 'grub2', 'coredns' packages of Photon OS have been released...

CVE-2023-0505

The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...