Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution

Monsta FTP = 2.11 contains an unrestricted file upload vulnerability caused by lack of authentication on file uploads, letting unauthenticated attackers execute arbitrary code by uploading crafted files. id: CVE-2025-34299 info: name: Monsta FTP = 2.11.2 - Unauthenticated Remote Code Execution...

CVE-2026-42184

Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's islocalurl function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to...

BIT-JRE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

CVE-2025-13113 Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...

WordPress TI WooCommerce Wishlist plugin <= 2.10.0 - Unauthenticated HTML Injection vulnerability

Unauthenticated HTML Injection vulnerability discovered by pimschaaf - Open Roads in WordPress Plugin TI WooCommerce Wishlist versions = 2.10.0...

HP Integrated Lights-Out Denial of Service (CVE-2015-5436)

A potential security vulnerability has been identified with HP Integrated Lights-Out 4 iLO 4 firmware version 2.11 and later, but prior to version 2.30. The vulnerability could be exploited remotely resulting in Denial of Service DoS. Note this was originally published in 2015 however the CVE ent...

Monsta FTP 代码问题漏洞

Monsta FTP is a lightweight file manager from Monsta New Zealand. It supports file transfer, file management and document editing. A security vulnerability exists in Monsta FTP 2.11 and earlier versions, which stems from allowing unauthenticated arbitrary file uploads and could lead to the...

EUVD-2001-1128

Malware in sbrugna...

EUVD-2015-5392

Malware in sbrugna...

EUVD-2020-26447

Malware in sbrugna...

EUVD-2021-30602

Malicious code in bioql PyPI...

EUVD-2022-7375

Malicious code in bioql PyPI...

PT-2025-38245

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions prior to 2.11 Description: A security issue has been identified in Portabilis i-Educar. The vulnerability involves an unknown function within the /module/Avaliacao/diarioApi file, leading to information disclosure...

CVE-2022-41907

TensorFlow is an open source platform for machine learning. When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. We have patched the issue in GitHub commit 00c821af032ba9e5f5fa3fe14690c8d28a657624. The fix will be included in TensorFlow 2.11. We will also cherrypick...

CVE-2022-41896

TensorFlow is an open source platform for machine learning. If ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be...

CVE-2022-41887

TensorFlow is an open source platform for machine learning. tf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched...

CVE-2021-43695

issabelPBX version 2.11 is affected by a Cross Site Scripting XSS vulnerability. In file page.backuprestore.php, the exit function will terminate the script and print the message to the user. The message will contain $REQUEST without sanitization, then there is a XSS vulnerability...

CVE-2020-5221

In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in composeabspath. This has been fixed in versio...

21cmpsdenoiser (>=1.0.0 <=1.0.2), 2404-segmentation-pipeline (>=0.1.0 <=1.0.0) +22343 more potentially affected by CVE-2025-2999 via torch (>=2.0.0 <=2.11.0)

torch PYPI version =2.0.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.10.5, =0.1.0.dev1, =0.1.5 and more Source cves: CVE-2025-2999 Source advisory: OSV:PYSEC-2025-193...

21cmpsdenoiser (>=1.0.0 <=1.0.2), 2404-segmentation-pipeline (>=0.1.0 <=1.0.0) +22343 more potentially affected by CVE-2025-2953 via torch (>=2.0.0 <=2.11.0)

torch PYPI version =2.0.0, =1.0.0, =0.1.0, =2.13.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.10.5, =0.1.0.dev1, =0.1.5 and more Source cves: CVE-2025-2953 Source advisory: OSV:PYSEC-2025-191...