4571 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-14380
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libopenmpt before 0.4.5 allows a crash during playback due to an out-of-bounds read in XM and MT2 files. CVE-2019-14380 Note that Nessus relies on the presence ...
WordPress WPAvatar plugin <= 1.9.4 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by theviper17 Patchstack Alliance in WordPress Plugin WPAvatar versions = 1.9.4...
WordPress WordPress HTML plugin <= 0.51 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by muhammad yudha Patchstack Alliance in WordPress Plugin WordPress HTML versions = 0.51...
Linux Distros Unpatched Vulnerability : CVE-2017-6903
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ioquake3 before 2017-03-14, the auto-downloading feature has insufficient content restrictions. This also affects Quake III Arena, OpenArena, OpenJK, iortcw,...
Linux Distros Unpatched Vulnerability : CVE-2018-8004
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There are multiple HTTP smuggling and cache poisoning issues when clients making malicious requests interact with Apache Traffic Server ATS. This affects versio...
Linux Distros Unpatched Vulnerability : CVE-2017-12672
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the function ReadMATImage in coders/mat.c, which allows attackers to cause a denial of service...
Linux Distros Unpatched Vulnerability : CVE-2017-2365
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. tvOS before 10.1.1 is affected. The issue...
Linux Distros Unpatched Vulnerability : CVE-2018-5383
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before th...
Linux Distros Unpatched Vulnerability : CVE-2019-6285
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The SingleDocParser::HandleFlowSequence function in yaml-cpp aka LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service stack consumption and...
CVE-2025-9397
CVE-2025-9397 affects givanz Vvveb up to 1.0.7.2. The flaw resides in /system/traits/media.php, where manipulating the files[] argument can cause unrestricted file uploads. This enables remote exploitation with publicly available exploits. A patch is advised; the code maintainer indicates a fix a...
CVE-2025-9394
A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...
CVE-2025-9394 PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free
A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...
Linux Distros Unpatched Vulnerability : CVE-2022-45919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvbcaen50221.c, a use-after-free can occur is there is a disconnect after ...
Linux Distros Unpatched Vulnerability : CVE-2017-7018
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected...
Linux Distros Unpatched Vulnerability : CVE-2017-2808
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An exploitable use-after-free vulnerability exists in the account parsing component of the Ledger-CLI 3.1.1. A specially crafted ledger file can cause a...
Linux Distros Unpatched Vulnerability : CVE-2017-9064
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In WordPress before 4.7.5, a Cross Site Request Forgery CSRF vulnerability exists in the filesystem credentials dialog because a nonce is not required for...
Linux Distros Unpatched Vulnerability : CVE-2005-0406
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of...
Linux Distros Unpatched Vulnerability : CVE-2019-12402
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The file name encoding algorithm used internally in Apache Commons Compress 1.15 to 1.18 can get into an infinite loop when faced with specially crafted inputs...
Linux Distros Unpatched Vulnerability : CVE-2017-7177
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching. CVE-2017-7177 Note that...
CVE-2025-53363
Summary: Dpanel (Go) versions 1.2.0–1.7.2 are affected by an arbitrary file read vulnerability in /api/app/compose/get-from-uri. The GetFromUri function passes the user-provided uri directly to os.ReadFile, enabling an authenticated user to read arbitrary files on the host and disclose sensitive ...