Esri ArcGIS Server Cross-Site Scripting Vulnerability (CNVD-2025-05059)

Esri ArcGIS Server is Esri's Web-oriented enterprise software platform for providing geolocation services. A cross-site scripting vulnerability exists in Esri ArcGIS Server versions 10.9.1 through 11.3, which can be exploited by an attacker to create a specially crafted link that, when clicked, m...

Linux Distros Unpatched Vulnerability : CVE-2024-1023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the Eclipse Vert.x toolkit results in a memory leak due to using Netty FastThreadLocal data structures. Specifically, when the Vert.x HTTP...

Linux Distros Unpatched Vulnerability : CVE-2023-5732

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could have created a malicious link using bidirectional characters to spoof the location in the address bar when visited. This vulnerability affects...

Linux Distros Unpatched Vulnerability : CVE-2019-1010204

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GNU binutils gold gold v1.11-v1.16 GNU binutils v2.21-v2.31.1 is affected by: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read. The...

Linux Distros Unpatched Vulnerability : CVE-2017-5897

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The ip6greerr function in net/ipv6/ip6gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6...

Open Redirect

Overview codechecker is an analyzer tooling, defect database and viewer extension Affected versions of this package are vulnerable to Open Redirect due to improper sanitization of URL path segments after the product name. An attacker can redirect users to a malicious website by crafting a URL tha...

CVE-2025-0684 Grub2: reiserfs: integer overflow when handling symlinks may lead to heap based out-of-bounds write when reading data

A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesyste...

Exploit for CVE-2025-23942

WP Load Gallery Exploit CVE-2025-23942 📌 Description Unr...

NETGEAR DGN2200 安全漏洞

The NETGEAR DGN2200 is a wireless router from NETGEAR. The NETGEAR DGN2200 is vulnerable to a privilege issue. An attacker can exploit the vulnerability by adding "?x=1.gif" to the requested URL to be recognized as authenticated...

The vulnerability of the ethtool component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the ethtool component in the Linux operating system’s kernel is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Linux operating system’s kernel component, which allows a hacker to cause a service failure

The vulnerability of the kernel component in the Linux operating system is related to the assignment of the NULL pointer. Exploiting this vulnerability can allow an attacker to cause a service failure...

Vulnerabilities fixed in Microsoft Visual Studio

Microsoft has fixed vulnerabilities in Visual Studio. A malicious person could exploit the vulnerabilities to grant themselves elevated privileges, potentially executing arbitrary code with developer privileges. Successful exploitation requires the malicious party to trick the victim into opening...

WordPress plugin Munk Sites 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

CVE-2024-11415

The WP-Orphanage Extended plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the wporphanageexmenusettings function. This makes it possible for unauthenticated attackers to escalate th...

CVE-2024-10238 fld->used_bytes without sanity check causes stack overflow

A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6. An attacker can upload a specially crafted image that will cause a stack overflow is caused by not checking fld-usedbytes...

One policy to rule them all

Windows group policies are a powerful management tool that allows administrators to define and control user and computer settings within a domain environment in a centralized manner. While group policies offer functionality and utility, they are unfortunately a prime target for attackers. In...

rsync: Info Leak via Uninitialized Stack Contents

A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length s2length to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time...

The vulnerability of the Linux operating system’s kernel, related to improper release of memory before deleting the last reference, allows a hacker to trigger a service failure.

The vulnerability of the Linux operating system’s kernel is related to the improper release of memory before deleting the last reference. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-28766 IBM Security Directory Integrator information disclosure

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the system...

PT-2025-5646 · Asteval · Asteval

Name of the Vulnerable Software and Affected Versions: asteval affected versions not specified Description: The issue arises from how asteval performs attribute access verification, specifically in the on attribute node handler. This handler prevents access to attributes that are either present i...