Linux Distros Unpatched Vulnerability : CVE-2019-13503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mqparsehttp in mongoose.c in Mongoose 6.15 has a heap-based buffer over-read. CVE-2019-13503 Note that Nessus relies on the presence of the package as reported ...

CVE-2025-56422

A deserialization vulnerability in LimeSurvey before v6.15.0+250623 allows a remote attacker to execute arbitrary code on the server...

WordPress plugin The Events Calendar SQL注入漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin.... A SQL injection...

PT-2025-37198

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.15.0-03037-gaacc73ceeb8b Description: A flaw exists in the Linux kernel's IOMMU subsystem, specifically within the ARM SMU Qualcomm component. The vulnerability stems from a missing workaround for the SM6115...

PT-2025-44141

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.0-rc2-g3ee3f6e1202e 335 Description The Linux kernel contains a flaw within the drm/msm subsystem related to Shared Surface Private Pointer SSPP validation. The current code validates SSPP for both the curre...

[SECURITY] Fedora 41 Update: incus-6.15-1.fc41

Container hypervisor based on LXC Incus offers a REST API to remotely manage containers over the network, using an image based work-flow and with support for live migration. This package contains the Incus daemon...

ZendTo 路径遍历漏洞

ZendTo is a Web-based file transfer system from ZendTo, a UK-based company. A security vulnerability exists in ZendTo versions 6.15-7 and earlier, which stems from a path traversal in the file drop feature that could lead to retrieval of other user files or host system files, or cause a denial of...

PT-2025-31083

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.15.0-rc1-00009-g926217bc7d7d Description A flaw exists in the Linux kernel related to the aspeed lpc-snoop driver. Specifically, the driver does not prevent disabling channels that are not currently enabled,...

CVE-2025-5952

A vulnerability, which was classified as critical, has been found in Zend.To up to 6.10-6 Beta. This issue affects the function exec of the file NSSDropoff.php. The manipulation of the argument file1 leads to os command injection. The attack may be initiated remotely. The exploit has been disclos...

CVE-2018-18524

Evernote 6.15 on Windows has an incorrectly repaired stored XSS vulnerability. An attacker can use this XSS issue to inject Node.js code under Present mode. After a victim opens an affected note under Present mode, the attacker can read the victim's files and achieve remote execution command on t...

CVE-2025-37904 btrfs: fix the inode leak in btrfs_iget()

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix the inode leak in btrfsiget BUG There is a bug report that a syzbot reproducer can lead to the following busy inode at unmount time: BTRFS info device loop1: last unmount of filesystem...

CVE-2024-7012

An authentication bypass vulnerability has been identified in Foreman when deployed with External Authentication, due to the puppet-foreman configuration. This issue arises from Apache's modproxy not properly unsetting headers because of restrictions on underscores in HTTP headers, allowing...

LinuxCIFS utils: Multiple Vulnerabilities

Background The LinuxCIFS utils are a collection of tools for managing Linux CIFS Client Filesystems. Description Multiple vulnerabilities have been discovered in LinuxCIFS utils. Please review the CVE identifiers referenced below for details. Impact A stack-based buffer overflow when parsing the...

PT-2023-24247 · Unknown · Labcollector

Name of the Vulnerable Software and Affected Versions: LabCollector versions 6.0 through 6.15 Description: The issue allows remote code execution. An authenticated remote low-privileged user can upload an executable PHP file and execute system commands. The problem is due to insufficient validati...

Exploit for Unrestricted Upload of File with Dangerous Type in Agilebio Labcollector

CVE-2023-33253 LabCollector 6.0 though 6.15 allows remote cod...

Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)

Exploit Title: Screen SFT DAB 600/C - Unauthenticated Information Disclosure userManager.cgx Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

Screen SFT DAB 600/C - Authentication Bypass Erase Account Exploit

!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Erase Account Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...

Screen SFT DAB 600/C Authentication Bypass Reset Board Config Exploit

Summary Screen's new radio DAB Transmitter is reaching the highest technology level in both Digital Signal Processing and RF domain. SFT DAB Series - Compact Radio DAB Transmitter - Air. Thanks to the digital adaptive precorrection and configuatio flexibility, the Hot Swap System technology, the...

Screen SFT DAB 600/C Unauthenticated Information Disclosure (userManager.cgx)

Summary Screen's new radio DAB Transmitter is reaching the highest technology level in both Digital Signal Processing and RF domain. SFT DAB Series - Compact Radio DAB Transmitter - Air. Thanks to the digital adaptive precorrection and configuatio flexibility, the Hot Swap System technology, the...

Apache NuttX Code Issue Vulnerability

Apache NuttX is a real-time embedded operating system from the Apache Software Apache Software Foundation. A code issue vulnerability exists in Apache NuttX Incubating versions 6.15 through 8.2. A remote attacker can exploit the vulnerability to cause a denial of service with a specially crafted...