91 matches found
Linux Distros Unpatched Vulnerability : CVE-2017-15424
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Insufficient policy enforcement in Omnibox in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to perform domain spoofing via IDN homographs in a...
CVE-2025-55161
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security...
AZL-65333 CVE-2025-53906 affecting package vim for versions less than 9.1.1552-1
Vim is an open source, command line text editor. Prior to version 9.1.1551, a path traversal issue in Vim’s zip.vim plugin can allow overwriting of arbitrary files when opening specially crafted zip archives. Impact is low because this exploit requires direct user interaction. However, successful...
ALPINE-CVE-2025-29768
Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim...
PT-2025-4699
Name of the Vulnerable Software and Affected Versions ComMotion Course Booking System versions prior to 6.0.5 Description The issue is related to the improper neutralization of special elements used in an SQL command, allowing SQL injection. This enables unauthorized access to the system...
PT-2024-8718 · Siemens · Sinec Ins
Name of the Vulnerable Software and Affected Versions: SINEC INS versions prior to V1.0 SP2 Update 3 Description: A vulnerability has been identified in the affected application where it does not properly invalidate sessions when the associated user is deleted, disabled, or their permissions are...
DataEase 数据伪造问题漏洞
DataEase is an open source data visualization and analysis tool from DataEase Open Source. It is used to help users quickly analyze data and gain insight into business trends to achieve business improvement and optimization. DataEase v2.10.2 version before the data forgery problem vulnerability ,...
Exploit for CVE-2024-7954
Description The porteplume plugin used by SPIP before 4.30-...
PT-2024-29975 · Llama.Cpp · Llama.Cpp
Name of the Vulnerable Software and Affected Versions: llama.cpp versions prior to b3561 Description: The issue is related to the rpc tensor structure in llama.cpp, which provides LLM inference in C/C++. The unsafe data pointer member can cause arbitrary address writing, potentially leading to...
UBUNTU-CVE-2024-32459
FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients and servers that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. No known workarounds are available...
PT-2023-6869 · Tellus +1 · Tellus +1
Name of the Vulnerable Software and Affected Versions: TELLUS versions 4.0.17.0 and earlier TELLUS Lite versions 4.0.17.0 and earlier Description: The issue is related to improper restriction of operations within the bounds of a memory buffer. If a user opens a specially crafted file, such as X1,...
PT-2022-19566 · Moddable · Moddable
Name of the Vulnerable Software and Affected Versions: Moddable versions prior to 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 Description: The issue is related to an out-of-bounds read via the fxUint8Getter function at /moddable/xs/sources/xsDataView.c. Recommendations: For versions prior to...
PT-2022-7070 · Unknown · Linuxasmcallgraph
Name of the Vulnerable Software and Affected Versions: LinuxASMCallGraph versions prior to commit 20dba06bd1a3cf260612d4f21547c25002121cd5 Description: The issue is related to incorrect filtering rules of uploaded files, allowing attackers to cause remote code execution on the server side via...
UBUNTU-CVE-2021-43809
Bundler is a package for managing application dependencies in Ruby. In bundler versions before 2.2.33, when working with untrusted and apparently harmless Gemfile's, it is not expected that they lead to execution of external code, unless that's explicit in the ruby code inside the Gemfile itself...
Exploit for Incorrect Resource Transfer Between Spheres in Linuxfoundation Containerd
ABSTRACT SHIMMER CVE-2020-15257 This repo contains proof-of...
CVE-2020-28950
The installer of Kaspersky Anti-Ransomware Tool KART prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process...
Cisco Identity Services Engine Denial of Service Vulnerability (CNVD-2020-36263)
Cisco Identity Services Engine ISE is an identity-based environment awareness platform ISE Identity Services Engine from Cisco. The platform collects real-time information from the network, users and devices, and develops and enforces policies to regulate the network. A denial of service...
CVE-2020-3319
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service DoS condition for the player application on an affected system. The vulnerability exists due to insufficient...
Beers with Talos Ep. #72: Getting to Patch Day - Understanding Vulnerability Risks and Options
Beers with Talos BWT Podcast episode No. 72 is now available. Download this episode and subscribe to Beers with Talos: If iTunes and Google Play aren't your thing, click here. Recorded Jan. 31, 2020 When a vulnerability is released, regardless if it has a website and logo or not, we need to...
MicroStrategy Web Cross-Site Scripting Vulnerability (CNVD-2019-23751)
Microstrategy Web is a set of U.S. Microstrategy's enterprise data analysis platform. The platform features data discovery, data visualization and report generation. A cross-site scripting vulnerability exists in the 'FLTB' parameter in MicroStrategy Web versions prior to 10.1 patch 10. The...