EUVD-2019-1162

Malware in sbrugna...

EUVD-2016-6463

Malware in sbrugna...

EUVD-2022-5430

Malicious code in bioql PyPI...

RLSA-2025:11332 Important: tomcat9 security update

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

adobe-connect-exploits

It is an offensive tool for Adobe Connect. Exploit module/toolki...

CVE-2024-13980

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

CVE-2024-13980 H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE

H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...

CVE-2023-7309 Dahua Smart Park Integrated Management Platform Front-End Arbitrary File Upload

A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform also referred to as the Dahua Smart Campus Integrated Management Platform, affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary files ...

Linux Distros Unpatched Vulnerability : CVE-2020-1745

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before...

JetBrains TeamCity 2023.11.4 - Authentication Bypass

!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: JetBrains TeamCity 2023.11.4 - Authentication Bypass Date: 2024-02-21 Exploit Author: ibrahimsql https://github.com/ibrahimsql Vendor Homepage: https://www.jetbrains.com/teamcity/ Version: =2.25.1 """ import requests import argparse...

Apache Tomcat Security Bypass Vulnerability (CNVD-2025-16619)

Apache Tomcat is the United States Apache Apache Foundation of a lightweight Web application server . Used to implement the Servlet and JavaServer Page JSP support. A security bypass vulnerability exists in Apache Tomcat due to improper handling of a case-sensitive vulnerability in the GCI servle...

GeoServer 安全漏洞

GeoServer is GeoServer open source an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer that stems from a REST API security bypass that could lead to information disclosure...

CVE-2023-41877

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A path traversal vulnerability in versions 2.23.4 and prior requires GeoServer Administrator with access to the admin console to misconfigure the Global Settings for log file location ...

CVE-2023-0015

In SAP BusinessObjects Business Intelligence Platform Web Intelligence user interface - version 420, some calls return json with wrong content type in the header of the response. As a result, a custom application that calls directly the jsp of Web Intelligence DHTML may be vulnerable to XSS...

CVE-2019-0389

An administrator of SAP NetWeaver Application Server Java J2EE-Framework, corrected in versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5, may change privileges for all or some functions in Java Server, and enable users to execute functions, they are not allowed to execute otherwise...

CVE-2019-0305

Java Server Pages JSPs provided by the SAP NetWeaver Process Integration SAPXIESR and SAPXITOOL: 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 do not restrict or incorrectly restrict frame objects or UI layers that belong to another application or domain, resulting in Clickjacking vulnerability...

CVE-2002-2347

Cross-site scripting XSS vulnerability in Oracle Java Server Page OJSP demo files 1 hellouser.jsp, 2 welcomeuser.jsp and 3 usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field...

CVE-2005-4805

Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages JSP via unknown vectors...

CVE-2025-4178

A vulnerability was found in xiaowei1118 javaserver up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The...

CVE-2025-4178 xiaowei1118 java_server File Upload API FoodController.java path traversal

A vulnerability was found in xiaowei1118 javaserver up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The...