Exploit for Deserialization of Untrusted Data in Apache Mina

CVE-2026-42779 — Apache MINA Deserialization Filter Bypass to...

GHSA-VF5J-865M-MQ7C Apache MINA vulnerable to Deserialization of Untrusted Data (CVE-2026-41635 Incomplete Fix)

The fix for CVE-2026-41635 was not applied to the 2.1.X and 2.2.X branches. Here was the original issue description: Apache MINA's AbstractIoBuffer.resolveClass contains two branches, one of them for static classes or primitive types does not check the class at all, bypassing the classname...

CVE-2026-38527

A Server-Side Request Forgery SSRF in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request...

Webkul Krayin CRM 安全漏洞

Webkul Krayin CRM is a free and open-source CRM solution for small and medium-sized businesses from the Indian company Webkul. Version 2.2.x of Webkul Krayin CRM contains a security vulnerability. This vulnerability stems from an object-level authorization flaw in the /Settings/UserController.php...

EUVD-2009-4017

Malware in sbrugna...

EUVD-2020-28851

Malware in sbrugna...

EUVD-2000-0288

Malware in sbrugna...

CVE-2025-59833

Flag Forge is a Capture The Flag CTF platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free,...

CVE-2025-59833 FlagForgeCTF Hint Exposure via API

Flag Forge is a Capture The Flag CTF platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free,...

Dovecot 2.2.x < 2.3.21.1 Multiple Vulnerabilities

Dovecot is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dovecot:dovecot"; ifdescription...

PT-2024-10556 · Varnish +1 · Varnish +1

Name of the Vulnerable Software and Affected Versions: Symfony HttpKernel component versions 2.2.X through 2.5.X Description: This issue affects applications with the ESI feature enabled and a proxy in front of the web application. The FragmentHandler considers requests to render fragments as...

Zend Framework SQL injection vulnerability

SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x before 2.2.8, and 2.3.x before 2.3.3, when using the sqlsrv PHP extension, allows remote attackers to execute arbitrary SQL commands via a null byte...

CVE-2023-49298

OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. NOTE: this issue is not always security related, but c...

OpenZFS Security Vulnerability

OpenZFS is an open source storage platform. It includes the functionality of a traditional file system and volume manager. A security vulnerability exists in OpenZFS versions 2.1.13 and earlier, and versions 2.2.x through 2.2.1, which stems from replacing the contents of a file with zero-valued...

Ubuntu 20.04 LTS : HAProxy vulnerability (USN-6294-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6294-2 advisory. USN-6294-1 fixed vulnerabilities in HAProxy. This update provides the corresponding updates for Ubuntu 20.04 LTS. Tenable has extracted the preceding description...

Checkmk 2.0.x < 2.0.p36, 2.1.x < 2.1.0p28, 2.2.x < 2.2.0b8 Command Injection Vulnerability

Checkmk is prone to a command injection vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:checkmk:checkmk"; if...

SUSE CVE-2004-0686

Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors...

SUSE CVE-2012-4558

Multiple cross-site scripting XSS vulnerabilities in the balancerhandler function in the manager interface in modproxybalancer.c in the modproxybalancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML vi...

SUSE CVE-2016-9373

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private...

PT-2023-15887 · Unknown · Nflpick-Em.Com

Name of the Vulnerable Software and Affected Versions: nflpick-em.com versions up to 2.2.x Description: A problematic vulnerability was found in nflpick-em.com, affecting the Load Users function of the file html/includes/runtime/admin/JSON/LoadUsers.php. The manipulation of the sort argument lead...