GeoServer and GeoTools - Remote Code Execution

GeoTools is an open source Java library that provides tools for geospatial data. Prior to versions 31.2, 30.4, and 29.6, Remote Code Execution RCE is possible if an application uses certain GeoTools functionality to evaluate XPath expressions supplied by user input. Versions 31.2, 30.4, and 29.6...

EUVD-2025-0207

Malicious code in bioql PyPI...

EUVD-2024-52858

Malicious code in bioql PyPI...

EUVD-2022-28264

Malicious code in bioql PyPI...

CVE-2022-36060

matrix-react-sdk is a Matrix chat protocol SDK for React Javascript. Events sent with special strings in key places can temporarily disrupt or impede the matrix-react-sdk from functioning properly, such as by causing room or event tile crashes. The remainder of the application can appear...

CVE-2024-24777

A cross-site request forgery CSRF vulnerability exists in the Web Application functionality of the LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious web page to trigger this vulnerability...

CVE-2024-1144 Improper Access Control at Alma Devklan Blog

Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials...

CVE-2023-50935

IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115...

Code injection

IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may allow a remote attacker to obtain unauthorized access to application functionality and/or resources. IBM X-Force ID: 275115...

Moxa AWK-3131A HTTP GET Denial of Service (CVE-2016-8723)

An exploitable null pointer dereference exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. Any HTTP GET request not preceded by an '/' will cause a segmentation fault in the web server. An attacker can send any of a multitude of potentially...

Lin CMS Spring Boot 安全漏洞

Lin CMS Spring Boot is a SpringBoot-based CMS/DMS/Management System development framework from the team at TaleLin. A security vulnerability exists in Lin CMS Spring Boot version v0.2.1, which can be exploited by an attacker to access back-end information and functionality within an application...

August 13, 2019—KB4512482 (Security-only update)

August 13, 2019—KB4512482 Security-only update Improvements and fixes This security update includes quality improvements. Key changes include: Security updates to Windows App Platform and Frameworks, Windows Wireless Networking, Windows Storage and Filesystems, Windows Server, Windows Input and...

Cannot connect to company network" when accessing O365 accounts

Citrix documentation indicates Secure Mail is supposed to support an MS hosted O365 back end account but user is unable to get a known good O365 account to function with Secure Mail. That same account works fine either via the web or via the Mobile Outlook App but I cannot get it to connect when...

CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

CVE-2018-11759

The Apache Web Server httpd specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK modjk Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was...

CVE-2018-1323

The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector 1.2.0 to 1.2.42 that normalised the requested path before matching it to the URI-worker map did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via IIS, then it was possible fo...

May 9, 2017—KB4019474 (OS Build 10240.17394)

May 9, 2017—KB4019474 OS Build 10240.17394 Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where Windows Event Forwarding between two 2012 R2 servers makes reports...

May 9, 2017—KB4019472 (OS Build 14393.1198)

May 9, 2017—KB4019472 OS Build 14393.1198 Improvements and fixes This security update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addressed issue where the PC Settings pages do not display the correct options after the...

CVE-2016-8720

An exploitable HTTP Header Injection vulnerability exists in the Web Application functionality of the Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted HTTP request can inject a payload in the bkpath parameter which will be copied in to Location header of the HTTP...

Microsoft Messenger unauthorized ActiveX access

Messenger.UIAutomation.1 ActiveX allows access to applciation functionality...