71 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-46807
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate...
PT-2025-31917 · Openssl · Openssl
Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A low privileged local attacker can abuse the affected service by using a hardcoded cryptographic key. Recommendations: At the moment, there is no information about a newer version that contains a...
Linux Distros Unpatched Vulnerability : CVE-2023-4132
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is...
Advisory ROSA-SA-2025-2914
software: tomcat 9.0.37 WASP: ROSA-CHROME unaffected versions = tomcat-9.0.37-7 affected versions tomcat-9.0.37-7 CVE-ID: CVE-2024-38286 BDU-ID: 2024-07738 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Apache Tomcat application server TLS protocol implementation is associated with uncontrolled...
CVE-2025-47111 Acrobat Reader | NULL Pointer Dereference (CWE-476)
Acrobat Reader versions 24.001.30235, 20.005.30763, 25.001.20521 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service...
CVE-2024-22852
D-Link Go-RT-AC750 GORTAC750A1FWv101b03 contains a stack-based buffer overflow via the function genacgimain. This vulnerability allows attackers to enable telnet service via a specially crafted payload...
CVE-2024-57684
An access control issue in the component formDMZ.cgi of D-Link 816A2FWv1.10CNB05R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request...
CVE-2021-20694
Improper access control vulnerability in DAP-1880AC firmware version 1.21 and earlier allows a remote authenticated attacker to bypass access restriction and to start a telnet service via unspecified vectors...
CVE-2020-8476
For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to...
CVE-2019-19291
A vulnerability has been identified in Control Center Server CCS All versions V1.5.0, SiNVR/SiVMS Video Server All versions V5.0.0. The FTP services of the SiVMS/SiNVR Video Server and the Control Center Server CCS maintain log files that store login credentials in cleartext. In configurations...
CVE-2018-7715
PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation vulnerability with its com.privat.vpn.helper privileged helper tool. This privileged helper tool implements an XPC service that allows arbitrary installed applications to connect and send messages. The XPC service extracts the...
PCMan FTP Server TRACE Command Handler Buffer Overflow Vulnerability
PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from the TRACE command handler failing to properly validate the length and size of input data, which can be exploited by an attacker to cause a denial of...
CVE-2025-30320 InDesign Desktop | NULL Pointer Dereference (CWE-476)
InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requir...
ZTE GoldenDB Input Validation Vulnerability
ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An input validation vulnerability exists in ZTE GoldenDB, which can be...
CVE-2025-30683
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise...
CVE-2025-21583
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.4.0 and 9.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of...
CVE-2025-32743
In ConnMan through 1.44, the lookup string in nsresolv in dnsproxy.c can be NULL or an empty string when the TC Truncated bit is set in a DNS response. This allows attackers to cause a denial of service application crash or possibly execute arbitrary code, because those lookup values lead to...
ROS-20250403-06
A vulnerability in the InnoDB component of the Oracle MySQL Server database management system is related to a flaw in the authorization procedure as a result of incorrect input data validation. authorization procedure as a result of incorrect input data verification. Exploitation of the...
Unspecified vulnerability in Lunary (CNVD-2025-06939)
Lunary is Lunary open source a production toolkit for LLM . A security vulnerability exists in Lunary version be54057 that stems from allowing users to upload and execute arbitrary regular expressions, which can be exploited by an attacker to potentially cause a denial of service...
CVE-2024-10572
CVE-2024-10572 affects h2oai/h2o-3 (v3.46.0.1). The vulnerability arises because the run_tool feature exposes classes in the water.tools package via the AST parser, enabling the XGBoostLibExtractTool . This can be exploited to shut down the server and write large files to arbitrary directories, r...