CVE-2025-62501 SSH Hostkey Misconfiguration Vulnerability in TP-Link Archer AX53

SSH Hostkey misconfiguration vulnerability in TP-Link Archer AX53 v1.0 tmpserver modules allows attackers to obtain device credentials through a specially crafted man‑in‑the‑middle MITM attack. This could enable unauthorized access if captured credentials are reused.This issue affects Archer AX53...

EUVD-2017-16465

Malware in sbrugna...

EUVD-2021-7713

Malicious code in bioql PyPI...

OpenPubkey 安全漏洞

OpenPubkey is an OpenPubkey reference implementation of OpenPubkey open source. A security vulnerability exists in OpenPubkey versions prior to 0.10.0, which stems from a specially crafted JWS that can bypass signature verification...

Odoo 访问控制错误漏洞

Odoo is an Enterprise Resource Planning ERP and Customer Relationship Management CRM system from Odoo Belgium. The system is developed using Python language, PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. An Access Control...

AZL-56198 CVE-2024-11187 affecting package dhcp for versions less than 4.4.3.P1-3

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either the authoritative server itself or an independent resolver to use disproportionate resources...

CVE-2024-50986

An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file...

CVE-2024-39205

An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request...

CVE-2024-22189

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

CVE-2022-24669

It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services...

CVE-2022-24669

Technical details for CVE-2022-24669 are not publicly available in the provided documents. Monitor for updates.

CVE-2022-24669 Anonymous users can register / de-register for configuration change notifications

It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services...

PT-2022-16787 · Forgerock · Access Management

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: It may be possible to gain some details of the deployment through a well-crafted attack, allowing the data to be used to probe internal network services. Recommendations: At the...

Design/Logic Flaw

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. User...

CVE-2021-28129 DEB packaging for Apache OpenOffice 4.1.8 installed with a non-root userid and groupid

While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. User...

Sql injection

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 without hotfix and 8.0.0 without hotfix...

CVE-2021-25655 URL redirection to untrusted site possible in Avaya Aura Experience Portal

A vulnerability in the system Service Menu component of Avaya Aura Experience Portal may allow URL Redirection to any untrusted site through a crafted attack. Affected versions include 7.0 through 7.2.3 without hotfix and 8.0.0 without hotfix...

CVE-2020-8218

A code injection vulnerability exists in Pulse Connect Secure 9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface...

ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet

Network Time Foundation reports: A crafted malicious authenticated mode 6 ntpq packet from a permitted network address can trigger a NULL pointer dereference, crashing ntpd. Note that for this attack to work, the sending system must be on an address that the target's ntpd accepts mode 6 packets...

Design/Logic Flaw

Decrypted S/MIME parts, when included in HTML crafted for an attack, can leak plaintext when included in a a HTML reply/forward. This vulnerability affects Thunderbird 52.9...