GHSA-PHVX-9MGW-67R5 zeroconf: Unbounded exception-dedup state retains packet buffers via traceback frame locals, enabling LAN-local memory exhaustion

Impact DNSIncoming.logexceptiondebug and the four QuietLogger exception-dedup methods stored an unbounded seenlogs dict keyed by strsys.excinfo1. The seven IncomingDecodeError messages raised from readname / decodelabelsatoffset RFC 6762 §18 name-decoding error paths all embed self.source — the...

FastNetMon 安全漏洞

FastNetMon is a high-performance DDoS detector/sensor developed by Pavel Odintsov. It is built using multiple packet capture engines. Versions of FastNetMon Community Edition prior to 1.2.9 contained security vulnerabilities. These vulnerabilities stemmed from the use of predictable file paths an...

Softland FBackup 后置链接漏洞

Softland FBackup is a Windows backup software developed by the Romanian company Softland. Versions of Softland FBackup 9.9 and earlier had a post-release link vulnerability. This vulnerability stemmed from improper handling of links in the backup/restore component, which could allow local...

EUVD-2025-14803

Malicious code in bioql PyPI...

CVE-2025-30371

Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...

CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint

Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...

CVE-2025-30371

CVE-2025-30371 affects Metabase (self-hosted) prior to versions v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8. The issue is a circumvention of local link access protection in the GeoJson endpoint, potentially impacting deployments where Metabase is colocated with other unsecured resources. Remedia...

CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint

Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...

CVE-2025-30371 Metabase vulnerable to circumvention of local link access protection in GeoJson endpoint

Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potential...

SUSE CVE-2009-3934

The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclientimpl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated ...

CVE-2021-40411

An OS command injection vulnerability exists in the device network settings functionality of reolink RLC-410W v3.0.0.13620121102. At 6 the dnsdata-dns2 variable, that has the value of the dns2 parameter provided through the SetLocalLink API, is not validated properly. This would lead to an OS...

PT-2022-12069 · Reolink · Reolink Rlc-410W

Name of the Vulnerable Software and Affected Versions: reolink RLC-410W version 3.0.0.136 20121102 Description: A denial of service issue exists in the cgiserver.cgi JSON command parser functionality. This can be triggered by a specially-crafted HTTP request, leading to a reboot. The SetLocalLink...

Multicast DNS (mDNS) implementations may respond to unicast queries originating outside the local link

Overview Multicast DNS implementations may respond to unicast queries that originate from sources outside of the local link network. Such responses may disclose information about network devices or be used in denial-of-service DoS amplification attacks. Description Multicast DNS mDNS is a way for...

Zen Cart local file disclosure-vulnerability warning-the black bar safety net

by t00ls Get the page path where the url/extras/ipntestreturn.php To obtain site configuration information url/extras/curltest. php? url=file://path/includes/configure.php Read the server passwd url/extras/curltest. php? url=file:///etc/passwd Get the MYSQL password, but the database only allows...

CVE-2009-3934

The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclientimpl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated ...

CVE-2009-3934

The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function in src/webkit/glue/webframeloaderclientimpl.cc in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service via a page-local link, related to an "empty redirect chain," as demonstrated ...

CVE-2009-3934

Removed by vendor...

php session ID leakage

The outputaddrewritevar function in PHP before 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which allows remote attackers to obtain potentially sensitive information by reading the requests for this URL, as demonstrated by a rewritten form containing a loca...