ROS-20260508-73-0015

A vulnerability in the ngxhttpmp4module module of the NGINX Plus and NGINX Open Source HTTP server is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code...

hackage-server 跨站脚本漏洞

hackage-server is a Haskell open-source package repository server. hackage-server has a cross-site scripting vulnerability, which stems from the direct provision of HTML and JavaScript files. This vulnerability could allow malicious package maintainers to hijack user sessions...

PT-2026-33532

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory, which performs no file...

GenieACS 安全漏洞

GenieACS is an open-source high-performance automatic configuration server designed for remote management of devices enabled with TR-069. Version 1.2.13 of GenieACS contains a security vulnerability, which stems from unvalidated access to the NBI API endpoint...

CVE-2026-30790 RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-Force

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Peer authentication, API login modules, rustdesk-server RustDesk Server OSS...

continuwuity 安全漏洞

Continuwity is an open-source family server developed by Continuwity. There is a security vulnerability in Continuwity, which arises when users leave a room, join another room, or make a knock sound. In such cases, the victim’s server may sign any event provided by the remote server...

Monkey Server security vulnerabilities

Monkey Server is an open-source HTTP server developed by Monkey I/O. There is a security vulnerability in Monkey Server, which stems from out-of-bounds read accesses in the http parser-transferencodingchunked function. This vulnerability could lead to denial-of-service attacks...

EUVD-2015-2171

Malware in sbrugna...

ROS-20251007-03

The vulnerability of the high-performance open source DNS server PowerDNS Recursor is related to a a bug in the ECS implementation. Exploitation of the vulnerability could allow an attacker acting remotely, perform cache poisoning attacks...

SUSE CVE-2025-8396

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 i.e., fixed in 1.26.3, 1.27.3,...

GO-2025-3953 Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling in go.temporal.io/server

Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling in go.temporal.io/server...

CVE-2025-8396

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 i.e., fixed in 1.26.3, 1.27.3,...

PT-2025-37567

Name of the Vulnerable Software and Affected Versions Temporal Server versions prior to 1.26.3 Temporal Server versions prior to 1.27.3 Temporal Server versions prior to 1.28.1 Description Insufficiently specific bounds checking on the authorization header could lead to denial of service in the...

CVE-2024-38524 GWC Home Page communicate version and revision information

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPageHttpServletRequest, HttpServletResponse has no check to hide potentially sensitive information from users except for a hidden system property to hide the...

ProFTPD 安全漏洞

ProFTPD is the ProFTPD open source suite of highly configurable, open source FTP server software. A security vulnerability exists in ProFTPD that stems from the inclusion of a buffer overflow vulnerability allowing remote attackers to execute arbitrary code...

Xorg-x11-server: heap buffer overflow in disabledevice

...

Owncast 安全漏洞

Owncast is an open source, self-hosted, decentralized, single-user real-time video streaming and chat server. A security vulnerability exists in Owncast 0.1.2 and earlier versions, which stems from a loose CORS policy that allows an attacker to make cross-origin requests to read privileged...

Navidrome License Issues Vulnerability

Navidrome is a web-based open source music collection server and streamer. Used to freely listen to music collections from any browser or mobile device. An authorization issue vulnerability exists in Navidrome versions prior to 0.50.2, which stems from the presence of an authentication bypass...

Tang 竞争条件问题漏洞

Tang is an open source server from latchset that binds data to the web. Tang suffers from a security vulnerability that stems from the presence of a competitive condition for key generation and key rotation, which can cause other processes on the same host to read the private key within a short...

Design/Logic Flaw

Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Starting in version 2.5.0 and prior to versions 3.5.8, 4.0.4, and 4.1.2, the LDAP query made during login is insecure and the attacker can perform LDAP injection...