CVE-2024-50644

zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token...

CVE-2011-10023

MJM QuickPlayer likely now referred to as MJM Player version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitra...

CVE-2011-10026

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...

CVE-2011-10024

MJM Core Player likely now referred to as MJM Player 2011 is vulnerable to a stack-based buffer overflow when parsing specially crafted .s3m music files. The vulnerability arises from improper bounds checking in the file parser, allowing an attacker to overwrite memory on the stack and execute...

CVE-2025-9341 Garbage collection can delay for AES CBC Native support, resulting in heap exhaustion

Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java FIPS bc-fips on All API modules, Legion of the Bouncy Castle Inc. Bouncy Castle for Java LTS bcprov-lts8on on All API modules allows Excessive Allocation. This vulnerability is associated wi...

Blog 安全漏洞

Blog is a personal blogging system by Xuzijia Individual Developers in China. A security vulnerability exists in Blog version 3.0.1-SNAPSHOT, which stems from an authentication bypass that could lead to unauthorized access to the API...

CVE-2024-50644

CVE-2024-50644 affects zhisheng17 blog 3.0.1-SNAPSHOT. The provided documents describe an authentication bypass vulnerability that allows an attacker to access the API without a token. Affected component is the Blog software’s authentication mechanism; the root cause is an authentication bypass, ...

PT-2025-34446 · Unknown · Zhisheng17 Blog

Name of the Vulnerable Software and Affected Versions: zhisheng17 blog version 3.0.1-SNAPSHOT Description: The software contains an authentication bypass issue that allows an attacker to access the API without a token. Recommendations: At the moment, there is no information about a newer version...

SUSE CVE-2025-44004

Mattermost Confluence Plugin version 1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint...

SUSE CVE-2025-54478

Mattermost Confluence Plugin version 1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF due to empty request bodies not being properly rejected. An attacker can cause users to perform unintended actions by tricking them into clicking malicious links through post actions. Remediation Upgrade...

CVE-2025-27215

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect Display Cast devices to make unsupported changes to the system. Affected Products: UniFi Connect Display Cast Version 1.10.3 and earlier UniFi Connect Display Cast Pro Version 1.0.89 and...

CVE-2025-27215

CVE-2025-27215 describes an improper access control in the API of UniFi Connect Display Cast devices that, when authenticated, allows a malicious actor to make unsupported changes to the system. Affected products and versions are: UniFi Connect Display Cast 1.10.3 and earlier; Cast Pro 1.0.89 and...

CVE-2025-27213

An Improper Access Control could allow a malicious actor authenticated in the API of certain UniFi Connect devices to enable Android Debug Bridge ADB and make unsupported changes to the system. Affected Products: UniFi Connect EV Station Pro Version 1.5.18 and earlier UniFi Connect Display Versio...

Linux Distros Unpatched Vulnerability : CVE-2017-3650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: C API. Supported versions that are affected are 5.7.18 and earlier. Difficult to explo...

Exagrid EX10 安全漏洞

Exagrid EX10 is a backup storage server from Exagrid Corporation, USA. A security vulnerability exists in Exagrid EX10 version 7.0.1p02, which originates from the presence of XML external entity injection in the /init API endpoint, which could lead to information disclosure and elevation of...

PT-2025-34269

Name of the Vulnerable Software and Affected Versions: PandoraNext-TokensTool versions 0.6.8 and earlier Description: An authentication bypass allows an attacker to access the API without a token. Recommendations: Update to a version later than 0.6.8...

CVE-2011-10024

MJM Core Player likely now referred to as MJM Player 2011 is vulnerable to a stack-based buffer overflow when parsing specially crafted .s3m music files. The vulnerability arises from improper bounds checking in the file parser, allowing an attacker to overwrite memory on the stack and execute...

CVE-2011-10023

MJM QuickPlayer also known as MJM Player version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitrary code...

CVE-2011-10026 Spreecommerce < 0.50.x API RCE

Spreecommerce versions prior to 0.50.x contain a remote command execution vulnerability in the API's search functionality. Improper input sanitation allows attackers to inject arbitrary shell commands via the searchinstanceeval parameter, which is dynamically invoked using Ruby’s send method. Thi...