kavita 安全漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0.2 contained security vulnerabilities. These vulnerabilities stemmed from improper token verification, which could allow remote unauthenticated attackers to obtain user...

ISC BIND 9 安全漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. ISC BIND 9 has a security vulnerability that stems from an unlimited recursive loop within the resolver’s state machine. This vulnerability could allow remote unauthenticated attackers to cause severe resource...

VulnCheck KEV: CVE-2025-40601

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service DoS, which could cause an impacted firewall to crash...

CVE-2024-41249

An Incorrect Access Control vulnerability was found in /smsa/viewsubject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details...

CVE-2025-67709

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

EUVD-2017-14296

Malware in sbrugna...

EUVD-2018-10912

Malware in sbrugna...

CVE-2021-3512

Improper access control vulnerability in Buffalo broadband routers BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and...

Critical vulnerability in multiple SICK products

A critical vulnerability has been discovered in the .sdd files of several SICK products. This vulnerability could allow a remote, unauthenticated attacker to gain access to the "Authorized Client" user role, potentially impacting the availability and integrity of the affected SICK products. Users...

CVE-2024-28806

An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path...

CVE-2024-3871 Authenticated Remote Command Injection in Delta Electronics DVW

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers t...

CVE-2023-48903

Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...

MikroTik RouterOS Integer Underflow (CVE-2019-16160)

An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2022-29827

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally...

CVE-2020-22986

Cross-Site Scripting XSS vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task...

CVE-2021-41867

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature...

CVE-2021-41867

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature...

CVE-2021-35963

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks...

Format string

The specific parameter of upload function of the Orca HCM digital learning platform does not filter file format, which allows remote unauthenticated attackers to upload files containing malicious script to execute RCE attacks...

CVE-2021-3044

An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote unauthenticated attacker with network access to the Cortex XSOAR server to perform unauthorized actions through the REST API. This issue impacts: Cortex XSOAR 6.1.0 builds later than 1016923 and earlier th...