Microsoft Exchange - Pre-Auth SSRF / ACL Bypass (ProxyNotFound)

Microsoft Exchange Server contains a remote code execution caused by improper input validation in the server component, letting remote attackers execute arbitrary code, exploit requires network access to the server. id: CVE-2021-28480 info: name: Microsoft Exchange - Pre-Auth SSRF / ACL Bypass...

EUVD-2026-23007

IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capability or any custom capability with the ViewAccessDebugPage SPRight to incorrectly create new...

EUVD-2016-2339

Malware in sbrugna...

EUVD-2018-13313

Malware in sbrugna...

EUVD-2023-2496

Malicious code in bioql PyPI...

EUVD-2023-36305

Malicious code in bioql PyPI...

CVE-2020-8197

Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands...

CVE-2025-47794

Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud...

Azure Linux 3.0 Security Update: kernel (CVE-2024-56593)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56593 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL...

CVE-2024-45051

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

PT-2024-3723 · Oracle +1 · Oracle Graalvm Enterprise Edition +2

Name of the Vulnerable Software and Affected Versions: Oracle GraalVM for JDK versions 17.0.10, 21.0.2, 22 Oracle GraalVM Enterprise Edition versions 20.3.13, 21.3.9 Description: The issue is related to insufficient protection of internal data in the Compiler component of Oracle GraalVM for JDK a...

PT-2024-2503 · Hitachi · Hitachi Virtual Storage Platform G400 +39

Name of the Vulnerable Software and Affected Versions: Hitachi Virtual Storage Platform versions prior to DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00 Hitachi Virtual Storage Platform VP9500 versions prior to DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00 Hitachi Virtual Storage Platform...

CVE-2018-17455

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals"...

PT-2022-24774 · Siemens · Parasolid +1

Name of the Vulnerable Software and Affected Versions: Parasolid versions prior to V33.1.263 Parasolid V34.0 versions prior to V34.0.252 Parasolid V34.1 versions prior to V34.1.242 Parasolid V35.0 versions prior to V35.0.164 Simcenter Femap V2022.1 versions prior to V2022.1.3 Simcenter Femap...

PT-2009-2912

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel versions 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 Excel Viewer 2003 Gold and SP3 Excel Viewer Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 Microsoft Office 2004 and 2008 for Mac Description ...

GLSA-200503-06 : BidWatcher: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200503-06 BidWatcher: Format string vulnerability Ulf Harnhammar discovered a format string vulnerability in 'netstuff.cpp'. Impact : Remote attackers can potentially exploit this vulnerability by sending specially crafted respons...

HP-UX PHCO_21567 : HPSBUX0005-113 Sec. Vulnerability with shutdown command (rev.1)

s700800 11.04 VVOS patch for shutdown1M : shutdown1M improperly handles input variables. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHCO21567. The text itself is copyright C Hewlett-Packard Development...

FreeBSD Ports : rsync < 2.6.2_2

The remote host has an old version of rsync installed. There is a flaw in this version of rsync which, due to an input validation error, would allow a remote attacker to gain access to the remote system. An attacker, exploiting this flaw, would need network access to the TCP port. Successful...

SuSE-SA:2003:051: lftp

The remote host is missing the patch for the advisory SuSE-SA:2003:051 lftp. The the flexible and powerful FTP command-line client lftp is vulnerable to two remote buffer overflows. When using lftp via HTTP or HTTPS to execute commands like 'ls' or 'rels' specially prepared directories on the...

FreeBSD Ports: phpBB < 2.0.8

The remote host has an old version of phpBB installed. phpBB is a PHP-based bulletin board. There is a cross-site scripting issue in the remote version of this software which may allow an attacker to damage the remote phpBB installation %NASLMINLEVEL 999999 @DEPRECATED@ This script has been...