CVE-2019-19250

OpenTrade before 2019-11-23 allows SQL injection, related to server/modules/api/v1.js and server/utils.js...

CVE-2018-16719

In Jingyun Antivirus v2.4.2.39, the driver file hookbody.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482...

CVE-2017-8401

In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function pngload in lib/png.c:724. This issue can be triggered by a malformed PNG file that is mishandled by png2swf. Attackers could exploit this issue for DoS...

CVE-2018-5084

In K7 AntiVirus 15.1.0306, the driver file K7FWHlpr.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x8300212C...

CVE-2018-5218

In K7 Antivirus 15.1.0306, the driver file K7Sentry.sys allows local users to cause a denial of service BSOD or possibly have unspecified other impact because of not validating input values from IOCtl 0x950025b0...

CVE-2009-5053

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file...

Alibaba Cloud Linux 3 : 0044: edk2 (ALINUX3-SA-2023:0044)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0044 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-4304: A timing based side channel...

Drupal Sportsleague 安全漏洞

Drupal Sportsleague is a module plugin in the Drupal content management system for the Drupal community. A security vulnerability exists in Drupal Sportsleague that stems from a problem with the project file that affects usability...

CVE-2025-32953

z80pack is a mature emulator of multiple platforms with 8080 and Z80 CPU. In version 1.38 and prior, the makefile-ubuntu.yml workflow file uses actions/upload-artifact@v4 to upload the z80pack-ubuntu artifact. This artifact is a zip of the current directory, which includes the automatically...

CVE-2025-24651

Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Retrieve Embedded Sensitive Data.This issue affects WordPress Backup & Migration: from n/a through = 1.5.3...

Apache POI < 5.4.0 Improper Input Validation

The version of Apache POI installed on the remote host is a version prior to 5.4.0. It is, therefore, affected by an improper input validation vulnerability. The issue affects the parsing of OOXML format files like xlsx, docx, and pptx. These file formats are essentially zip files, and it is...

CVE-2025-31672

CVE-2025-31672 is an Improper Input Validation issue in Apache POI’s OOXML parsing. The root cause is acceptance of duplicate zip entry names (including paths) within OOXML files (xlsx/docx/pptx), which can cause reads of different data depending on which duplicate entry is chosen. Affects poi-oo...

CVE-2025-29389

PbootCMS v3.2.9 contains a XSS vulnerability in admin.php?p=/Content/index/mcode/2tab=t2...

CVE-2025-30596 WordPress include-file plugin <= 1 - Arbitrary File Download Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in tstafford include-file include-file allows Path Traversal.This issue affects include-file: from n/a through = 1...

CBL Mariner 2.0 Security Update: vim (CVE-2025-29768)

The version of vim installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-29768 advisory. - Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions...

CVE-2025-30595 WordPress include-file plugin <= 1 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tstafford include-file include-file allows Stored XSS.This issue affects include-file: from n/a through = 1...

GHSA-G5PG-73FC-HJWQ LiteLLM Reveals Portion of API Key via a Logging File

In berriai/litellm before version 1.44.12, the litellm/litellmcoreutils/litellmlogging.py file contains a vulnerability where the API key masking code only masks the first 5 characters of the key. This results in the leakage of almost the entire API key in the logs, exposing a significant amount ...

CVE-2025-29768 Vim vulnerable to potential data loss with zip.vim and special crafted zip files

Vim, a text editor, is vulnerable to potential data loss with zip.vim and special crafted zip files in versions prior to 9.1.1198. The impact is medium because a user must be made to view such an archive with Vim and then press 'x' on such a strange filename. The issue has been fixed as of Vim...

Linux Distros Unpatched Vulnerability : CVE-2022-41946

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either PreparedStatement.setTextint, InputStream or...

Linux Distros Unpatched Vulnerability : CVE-2023-52707

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in epremovewaitqueue If a non-root cgroup gets removed when...