CVE-2019-25361

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

CVE-2019-25361 Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

CVE-2019-25361

Ayukov NFTP client 1.71 contains a buffer overflow in the SYST command handling that enables remote code execution. A crafted SYST payload can trigger the overflow and execute a bind shell on port 5150. Public CVSS data indicate high to critical impact across confidentiality, integrity, and avail...

PT-2026-20536

Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150...

Linux Distros Unpatched Vulnerability : CVE-2008-5150

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sample.sh in maildirsync 1.1 allows local users to append data to arbitrary files via a symlink attack on a /tmp/maildirsync-..log temporary file. CVE-2008-5150...

CVE-2023-5150

creationtimestamp| type| source ---|---|--- 2025-06-18 14:41:49+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/18749...

alaas (>=0.1.6 <=0.2.1), annlite (>=0.3.14 <=0.4.0) +68 more potentially affected by CVE-2025-5150 via docarray (>=0.12.9 <=0.41.0)

docarray PYPI version =0.12.9, =0.1.6, =0.3.14, =0.0.3, =0.1.0, =0.1.0, =0.1.7, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.3.7, =0.3.7.post0 and more Source cves: CVE-2025-5150 Source advisory: SNYK:PYTHON-DOCARRAY-10246594...

arcodeai (>=0.1.0 <=0.1.2), auto-retrieval-plugin (>=0.1.0 <=0.1.5) +42 more potentially affected by CVE-2025-5150 via docarray (>=0.12.9 <=0.40.0)

docarray PYPI version =0.12.9, =0.1.0, =0.1.0, =0.2.5, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.3.9, =0.5.2, =0.3.9, =0.3.7, =0.3.9, =0.5.2, =0.3.9, =0.5.3 and more Source cves: CVE-2025-5150 Source advisory: OSV:GHSA-J9WP-865G-RF48...

CVE-2025-5150

creationtimestamp| type| source ---|---|--- 2025-05-25 15:21:55+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpyxlq2vzqc2 2025-05-25 15:45:58+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/17508 2025-05-25...

CVE-2025-5150 docarray Web API torch_dataset.py __getitem__ prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

CVE-2025-5150

CVE-2025-5150 affects docarray ≤ 0.40.1, specifically the Web API file /docarray/data/torch_dataset.py, where the vulnerable function is getitem . The issue enables prototype pollution via object prototype attributes, potentially allowing remote exploitation. Multiple sources corroborate a remote...

CVE-2025-5150 docarray Web API torch_dataset.py __getitem__ prototype pollution

A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function getitem of the file /docarray/data/torchdataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes...

CVE-2010-5150

Race condition in 3D EQSecure Professional Edition 4.2 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...

CVE-2011-5150

Multiple cross-site scripting XSS vulnerabilities in SpamTitan 5.07 and possibly earlier allow remote attackers or authenticated users to inject arbitrary web script or HTML via the 1 ipaddress or 2 domain parameter to setup-network.php, different vectors than CVE-2011-5149. NOTE: the provenance ...

CVE-2019-5150

An exploitable SQL injection vulnerability exist in YouPHPTube 7.7. When the "VideoTags" plugin is enabled, a specially crafted unauthenticated HTTP request can cause a SQL injection, possibly leading to denial of service, exfiltration of the database and local file inclusion, which could...

CVE-2024-5150

The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activationcode' default value is empty, and the not empty check is missing in the 'lwpajaxregister' function. This makes it possible for...

CVE-2024-5150

The CVE-2024-5150 entry concerns the WordPress plugin Login with phone number, with authentication bypass in versions up to and including 1.7.26. The root cause is an empty default value for activation_code and a missing non-empty check in the lwp_ajax_register function, enabling unauthenticated ...

CVE-2024-5150 Login with phone number <= 1.7.26 - Authentication Bypass due to Missing Empty Value Check

The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activationcode' default value is empty, and the not empty check is missing in the 'lwpajaxregister' function. This makes it possible for...

CVE-2024-5150 Login with phone number <= 1.7.26 - Authentication Bypass due to Missing Empty Value Check

The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activationcode' default value is empty, and the not empty check is missing in the 'lwpajaxregister' function. This makes it possible for...

WordPress Login with phone number Plugin <= 1.7.26 is vulnerable to Privilege Escalation

Software Login with phone number Type Plugin Vulnerable versions = 1.7.26 Fixed in 1.7.27 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-5150 Patch priority High CVSS severity High 9.8 Developer Hamid Alinia PSID a2294e0242d6 Credits István Márton Required...