Pingvin Share 授权问题漏洞

Pingvin Share is a self-hosted file sharing platform developed by Elias Schneider as an individual project. Versions of Pingvin Share from 1.14.1 to 1.16.2 have vulnerabilities related to authorization. These vulnerabilities stem from critical authentication bypass exploits, which could allow...

EUVD-2013-3385

Malware in sbrugna...

EUVD-2015-7587

Malware in sbrugna...

EUVD-2020-21870

Malware in sbrugna...

EUVD-2019-7594

Malware in sbrugna...

EUVD-2021-19313

Malware in sbrugna...

EUVD-2021-27672

Malicious code in bioql PyPI...

EUVD-2023-31761

Malicious code in bioql PyPI...

EUVD-2024-44419

Malicious code in bioql PyPI...

EUVD-2022-38108

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-1773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to...

CVE-2025-48461 Weak Session Cookie Entropy

Successful exploitation of the vulnerability could allow an unauthenticated attacker to conduct brute force guessing and account takeover as the session cookies are predictable, potentially allowing the attackers to gain root, admin or user access and reset passwords...

CVE-2024-12070

A Denial of Service DoS vulnerability exists in the file upload feature of haotian-liu/llava, specifically in Release v1.2.0 LLaVA-1.6. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large...

PT-2023-28152 · Unknown · Home-Assistant-Js-Websocket +1

Name of the Vulnerable Software and Affected Versions: Home Assistant Core versions prior to 2023.8.0 home-assistant-js-websocket versions prior to 8.2.0 Description: The issue concerns an open-source home automation system where the WebSocket authentication logic is vulnerable to exploitation...

CVE-2021-29157

Dovecot before 2.3.15 allows ../ Path Traversal. An attacker with access to the local filesystem can trick OAuth2 authentication into using an HS256 validation key from an attacker-controlled location. This occurs during use of local JWT validation with the posix fs driver...

CVE-2019-19383

freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a crafted SIZE command this is exploitable even if logging is disabled...

CVE-2017-16666

Xplico before 1.2.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the name of an uploaded PCAP file. NOTE: this issue can be exploited without authentication by leveraging the user registration feature...

JGS-Portal 3.0.1/3.0.2 - 'jgs_portal_statistik.php?year' SQL Injection

source: https://www.securityfocus.com/bid/13650/info JGS-Portal is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Successful exploitation of the SQL injection issues could...

SqWebMail 4.0.4.20040524 - Email Header HTML Injection

source: https://www.securityfocus.com/bid/10588/info SqWebMail is reported to be prone to an email header HTML injection vulnerability. This issue presents itself due to a failure of the application to properly sanitize user-supplied email header strings. The problem presents itself when an...

LSH 1.x - Remote Buffer Overflow (1)

LSH 1.x - Remote Buffer Overflow 1 // source: https://www.securityfocus.com/bid/8655/info lsh has been reported prone to a remote buffer overflow vulnerability. The condition is reported to present itself in fairly restrictive circumstances, and has been reported to be exploitable...