Linux Distros Unpatched Vulnerability : CVE-2019-16942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled either globally or for a specific...

CVE-2025-9179

An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents slightly different privileges from the content process. This vulnerability was fixed in Firefox 142, Firefox ESR 115.27, Firefox ESR 128.14,...

CVE-2025-54880 Mermaid does not properly sanitize architecture diagram iconText leading to XSS

Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html...

Authentication Bypass

github.com/hashicorp/vault is vulnerable to Authentication Bypass. The vulnerability is due to improper enforcement of the user lockout feature due to flaws in the Userpass and LDAP authentication methods that allow lockout bypass...

Mermaid 安全漏洞

Mermaid is a mermaid-js open source application. Creates diagrams and visualizations using text and code. A security vulnerability exists in Mermaid 11.9.0 and earlier versions, which stems from user-entered architecture diagram icons being passed to the d3 html method, potentially leading to...

CVE-2025-53192

An expression injection flaw has been discovered in the Apache Commons OGNL library. When using the API Ognl.getValue​, the OGNL engine parses and evaluates the provided expression with powerful capabilities, including accessing and invoking related methods. Although OgnlRuntime attempts to...

CVE-2025-53192

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluates the provided expression with powerful capabilities...

UBUNTU-CVE-2025-53192

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluates the provided expression with powerful capabilities...

Liferay Portal Login Bypass Vulnerability

Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel via the login process when multi-factor authentication is enabled. An attacker can gain unauthorized access by submitting valid credentials and changing the HTTP method from POST ...

Linux Distros Unpatched Vulnerability : CVE-2025-6442

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ruby WEBrick readheader HTTP Request Smuggling Vulnerability. This vulnerability allows remote attackers to smuggle arbitrary HTTP requests on affected...

Linux Distros Unpatched Vulnerability : CVE-2024-22513

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their...

Linux Distros Unpatched Vulnerability : CVE-2018-16487

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying...

Linux Distros Unpatched Vulnerability : CVE-2019-7343

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Reflected - Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, allowing an attacker to execute HTML or JavaScript code via a vulnerable...

PT-2025-33693 · Apache +1 · Apache Commons Ognl +1

Name of the Vulnerable Software and Affected Versions: Apache Commons OGNL affected versions not specified Description: An improper neutralization of expression/command delimiters issue exists in Apache Commons OGNL. The OGNL engine, when used with the Ognl.getValue API, parses and evaluates...

Linux Distros Unpatched Vulnerability : CVE-2021-22166

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method CVE-2021-22166 Note that Nessus relies...

Remote Code Execution (RCE)

ms-swift is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper output neutralization for logs because malicious input passed into the train method is concatenated into shell commands, allowing arbitrary command execution...

CVE-2011-10019

Spreecommerce versions prior to 0.60.2 contains a remote command execution vulnerability in its search functionality. The application fails to properly sanitize input passed via the searchsend parameter, which is dynamically invoked using Ruby’s send method. This allows attackers to execute...

UBUNTU-CVE-2025-53859

NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happe...

Linux Distros Unpatched Vulnerability : CVE-2021-46966

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ACPI: custommethod: fix potential use-after-free issue In cmwrite, buf is always freed when...