CVE-2025-24752

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Reflected XSS.This issue affects Essential Addons for Elementor: from n/a through = 6.0.14...

MongoDB Certificate Validation Vulnerability (SERVER-72839) - Windows

MongoDB is prone to a certificate validation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb"; if...

VMware Spring Framework 6.0.0 - 6.0.13 DoS Vulnerability

The VMware Spring Framework is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Security Updates for Microsoft ASP.NET Core (February 2023)

A remote code execution vulnerability exists in ASP.NET Core 6.0 6.0.14 and ASP.NET Core 7.0 7.0.3. This vulnerability exists due to how .NET reads debugging symbols, where reading a malicious symbols file may result in remote code execution. An unauthenticated, local attacker can exploit this, t...

Security Updates for Microsoft .NET core (February 2023)

A remote code execution vulnerability exists in .NET core 6.0 6.0.14 and .NET Core 7.0 7.0.3. This vulnerability exists due to how .NET reads debugging symbols, where reading a malicious symbols file may result in remote code execution. An unauthenticated, local attacker can exploit this, to bypa...

SUSE CVE-2019-3017

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

SUSE CVE-2019-3026

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

GHSA-QQV9-GQH5-7H99 Snipe-IT allows attackers to check whether a user account exists

Snipe-IT through 6.0.14 allows attackers to check whether a user account exists because of response variations in a /password/reset request...

GHSA-P4QR-VQ2G-22WP ThinkPHP Framework vulnerable to remote code execution

ThinkPHP Framework before 6.0.14 allows local file inclusion via the lang parameter when the language pack feature is enabled langswitchon=true. An unauthenticated and remote attacker can exploit this to execute arbitrary operating system commands, as demonstrated by including pearcmd.php...

openSUSE: Security Advisory for redis (openSUSE-SU-2021:2294-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for redis (important)

openSUSE Security Update: Security update for redis Announcement ID: openSUSE-SU-2021:2294-1 Rating: important References: 1186722 Cross-References: CVE-2021-32625 CVSS scores: CVE-2021-32625 SUSE: 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 An update th...

Integer overflow

Redis is an open source BSD licensed, in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This ...

Unspecified Vulnerability in Oracle VM VirtualBox (CNVD-2019-37937)

Oracle VM VirtualBox is cross-platform virtualization software for x86 systems. An unspecified vulnerability exists in the Core component of Oracle VM VirtualBox versions prior to 5.2.34 and 6.0.14. An attacker can exploit this vulnerability to cause Oracle VM VirtualBox to hang or crash frequent...

UBUNTU-CVE-2019-3005

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

UBUNTU-CVE-2019-2926

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox...

CVE-2018-7431

Directory traversal vulnerability in the Splunk Django App in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.6, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote authenticated users to read arbitrary files v...

MySQL < 5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 MyISAM CREATE TABLE Privilege Check Bypass

The version of MySQL installed on the remote host is earlier than 5.0.88 / 5.1.42 / 5.5.0 / 6.0.14 and thus reportedly allows a local user to circumvent privileges through creation of MyISAM tables using the 'DATA DIRECTORY' and 'INDEX DIRECTORY' options to overwrite existing table files in the...

Apache Tomcat Host Manager cross-site scripting vulnerability

Overview Apache Tomcat, from the Apache Software Foundation, contains a cross-site scripting vulnerability. Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page JSP technologies. The Host Manager Servlet does not properly filter user...

CVE-2007-3386.txt

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2007-3386: XSS in Host Manager Severity: Low Cross-site scripting Vendor: The Apache Software Foundation Versions Affected: 6.0.0 to 6.0.13 5.5.0 to 5.5.24 Description: The Host Manager Servlet does not filter user supplied data before display. Th...