kavita 安全漏洞

Kavita is a fast and feature-rich cross-platform reading server developed by Kavita OpenSource. Versions of Kavita prior to 0.9.0.2 contained security vulnerabilities. These vulnerabilities stemmed from improper token verification, which could allow remote unauthenticated attackers to obtain user...

ISC BIND 9 安全漏洞

ISC BIND 9 is a domain name system software developed by the ISC organization. ISC BIND 9 has a security vulnerability that stems from an unlimited recursive loop within the resolver’s state machine. This vulnerability could allow remote unauthenticated attackers to cause severe resource...

VulnCheck KEV: CVE-2025-40601

A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service DoS, which could cause an impacted firewall to crash...

CVE-2024-41249

An Incorrect Access Control vulnerability was found in /smsa/viewsubject.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view SUBJECT details...

CVE-2025-67709

There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victim’s browser...

EUVD-2017-14296

Malware in sbrugna...

EUVD-2018-10912

Malware in sbrugna...

CVE-2025-57879

There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks...

CVE-2021-3512

Improper access control vulnerability in Buffalo broadband routers BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and...

CVE-2020-22983

A Server-Side Request Forgery SSRF vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery SSRF attack via the srcURL parameter to the shortURL task...

Critical vulnerability in multiple SICK products

A critical vulnerability has been discovered in the .sdd files of several SICK products. This vulnerability could allow a remote, unauthenticated attacker to gain access to the "Authorized Client" user role, potentially impacting the availability and integrity of the affected SICK products. Users...

CVE-2024-28806

An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path...

CVE-2024-3871 Authenticated Remote Command Injection in Delta Electronics DVW

The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers t...

CVE-2023-48903

Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...

MikroTik RouterOS Integer Underflow (CVE-2019-16160)

An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

CVE-2022-29827

Use of Hard-coded Cryptographic Key vulnerability in Mitsubishi Electric GX Works3 versions from 1.000A and later allows a remote unauthenticated attacker to disclose sensitive information. As a result, unauthenticated attackers may view programs and project files or execute programs illegally...

CVE-2020-22986

Cross-Site Scripting XSS vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task...

ClamAV 资源管理错误漏洞

Clam AntiVirus is an open source antivirus engine for detecting Trojans, viruses, malware and other malicious threats.Clam AntiVirus suffers from a resource management error vulnerability that stems from an infinite loop in the TIFF file parser and can be exploited by unauthenticated remote...

CVE-2021-41867

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature...

CVE-2021-41867

An information disclosure vulnerability in OnionShare 2.3 before 2.4 allows remote unauthenticated attackers to retrieve the full list of participants of a non-public OnionShare node via the --chat feature...