CVE-2021-29493

Kennnyshiwa-cogs contains cogs for Red Discordbot. An RCE exploit has been found in the Tickets module of kennnyshiwa-cogs. This exploit allows discord users to craft a message that can reveal sensitive and harmful information. Users can upgrade to version 5a84d60018468e5c0346f7ee74b2b4650a6dade7...

CVE-2021-21410

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. An out-of-bounds read can be triggered by 6LoWPAN packets sent to devices running Contiki-NG 4.6 and prior. The IPv6 header decompression function uncompresshdriphc does not perform proper boundary chec...

CVE-2021-32643

Http4s is a Scala interface for HTTP services. StaticFile.fromUrl can leak the presence of a directory on a server when the URL scheme is not file://, and the URL points to a fetchable resource under its scheme and authority. The function returns FNone, indicating no resource, if url.getFile is a...

CVE-2025-47782

MotionEye vulnerability CVE-2025-47782: in versions 0.43.1b1–0.43.1b3, an attacker with admin credentials can trigger remote code execution by crafting a malicious device path via the add/add_camera API, allowing arbitrary shell commands to run as the motion user. Root cause: unsafe command execu...

CVE-2025-47271

The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects...

PT-2025-21915 · V-Sft · V-Sft

Name of the Vulnerable Software and Affected Versions: V-SFT versions 6.2.5.0 and earlier Description: The issue is related to an out-of-bounds write in the VS6MemInIF!set temp type default function. Opening specially crafted V7 or V8 files may lead to a crash, information disclosure, and arbitra...

PT-2025-21180 · Motioneye · Motioneye

Name of the Vulnerable Software and Affected Versions: motionEye versions 0.43.1b1 through 0.43.1b3 Description: The issue allows an attacker with admin user credentials to execute any command within a non-interactive shell as the motionEye run user, motion by default, by using a constructed devi...

PT-2025-19839 · Mrcms · Mrcms

Name of the Vulnerable Software and Affected Versions: MRCMS version 3.1.2 Description: A vulnerability was found in the processing of the file "/admin/chip/add.do" of the component "Add Fragment Page". This issue leads to cross-site scripting and can be initiated remotely. The manipulation of th...

PT-2025-19781 · Unknown · Shiro-Action

Name of the Vulnerable Software and Affected Versions: Shiro-Action version 0.6 Description: The issue is related to incorrect access control in the component /user/list of Shiro-Action, allowing attackers to access sensitive information via a crafted payload. Recommendations: For Shiro-Action...

CVE-2025-32956

Summary: CVE-2025-32956 affects the ManageWiki MediaWiki extension. The vulnerability is an SQL injection in NamespaceMigrationJob triggered when renaming a namespace in Special:ManageWiki/namespaces using a page prefix. The issue stems from unsanitized input in the namespace rename flow and has ...

Traefik has a possible vulnerability with its path matchers

Impact There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a /../ in its path, it’s possible to target a backend,...

PT-2025-15035 · Unknown · Xujiangfei Admintwo

Name of the Vulnerable Software and Affected Versions: xujiangfei admintwo version 1.0 Description: A critical issue affects some unknown functionality of the file /user/updateSet, where the manipulation of the email argument leads to improper access controls. This issue can be exploited remotely...

Linux Distros Unpatched Vulnerability : CVE-2025-24030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Envoy Gateway is an open source project for managing Envoy Proxy as a standalone or Kubernetes-based application gateway. A user with access to the Kubernetes...

Linux Distros Unpatched Vulnerability : CVE-2024-32460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based based clients using /bpp:32 legacy GDI drawing path with a version of FreeRDP pri...

CVE-2022-24800

October/System is the system module for October CMS, a self-hosted CMS platform based on the Laravel PHP Framework. Prior to versions 1.0.476, 1.1.12, and 2.2.15, when the developer allows the user to specify their own filename in the fromData method, an unauthenticated user can perform remote co...

CVE-2022-46179

LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUBACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest...

CVE-2024-56335

Vaultwarden (unofficial Bitwarden server in Rust) is affected by CVE-2024-56335 when ORG_GROUPS_ENABLED is enabled. An account with admin/owner rights in an unrelated organization, who also has a user account on the server, can update or delete groups in a target organization if they know the tar...

CVE-2024-55877 XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList

XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of XWiki.WikiMacroClass to any page. This compromises the confidentiality, integrity...

CVE-2024-49753 Denied Host Validation Bypass in Zitadel Actions

Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have a flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests to localhost 127.0.0.1. The isHostBlocked...

PT-2024-27802 · Unknown · Itsourcecode Payroll Management System Project In Php With Source Code

Name of the Vulnerable Software and Affected Versions: Itsourcecode Payroll Management System Project In PHP With Source Code version 1.0 Description: The issue allows remote attackers to execute arbitrary SQL commands via the id parameter in the view payslip.php file. This enables attackers to...