CVE-2025-30025

The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation...

File Browser: Command Execution not Limited to Scope

!NOTE This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities. We're publishing this new...

CVE-2025-42995

CVE-2025-42995: SAP MDM Server is affected by a vulnerability in the Read function where specially crafted packets can trigger a memory read access violation, causing the server process to fail and exit. The documented impact is high availability disruption with no confidentiality or integrity im...

CVE-2023-6976

This vulnerability is capable of writing arbitrary files into arbitrary locations on the remote filesystem in the context of the server process...

CVE-2023-5405

Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...

CVE-2021-30118

An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management RMM 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leadin...

CVE-2025-32012 Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing

Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same...

GNU GRUB 缓冲区错误漏洞

GNU GRUB is a Linux system boot program from the GNU community. A buffer error vulnerability exists in GNU GRUB, which originates in the grub-core/gettext module, where the system does not properly limit the size of the data, and can be exploited by an attacker to run arbitrary code in the contex...

GNU GRUB 缓冲区错误漏洞

GNU GRUB is a Linux system boot program from the GNU community. GNU GRUB suffers from a buffer overflow vulnerability, which stems from a missing JPEG parser buffer boundary check, that can be exploited by an attacker to run arbitrary code in the context of an affected application and take contro...

CVE-2024-50306

Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue...

PT-2024-7509 · Onedev · Onedev

Name of the Vulnerable Software and Affected Versions: OneDev versions prior to 11.0.9 Description: A vulnerability in OneDev allows unauthenticated users to read arbitrary files accessible by the OneDev server process. This issue has been fixed in version 11.0.9. The vulnerability is related to...

BIT-VALKEY-2023-28425 Specially crafted MSETNX command can lead to denial-of-service

Redis is an in-memory database that persists on disk. Starting in version 7.0.8 and prior to version 7.0.10, authenticated users can use the MSETNX command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in Redis version 7.0.10...

BIT-KEYDB-2023-25155 Integer Overflow in several Redis commands can lead to denial of service.

Redis is an in-memory database that persists on disk. Authenticated users issuing specially crafted SRANDMEMBER, ZRANDMEMBER, and HRANDFIELD commands can trigger an integer overflow, resulting in a runtime assertion and termination of the Redis server process. This problem affects all Redis...

CVE-2024-6873

It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time o...

CVE-2024-6873

It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time o...

CVE-2024-6873

CVE-2024-6873 affects ClickHouse server via the native interface. An unauthenticated vector can crash or redirect the server’s execution flow, limited to a 256‑byte memory range, with no known remote code execution (RCE) demonstrated. Fixes have been merged to all currently supported ClickHouse v...

CVE-2024-30125

HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die...

CVE-2024-30125 HCL BigFix Compliance is affected by an internal server error

HCL BigFix Compliance server can respond with an HTTP status of 500, indicating a server-side error that may cause the server process to die...

CVE-2023-5405

Server information leak for the CDA Server process memory can occur when an error is generated in response to a specially crafted message. See Honeywell Security Notification for recommendations on upgrading and versioning...

CVE-2024-1594 Local File Read via Path Traversal in mlflow/mlflow

A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the artifactlocation parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component in the artifact location URI to read arbitrary files on the...