CVE-2017-8219

TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI...

CVE-2019-13927

A vulnerability has been identified in Desigo PX automation controllers PXC00-E.D, PXC50-E.D, PXC100-E.D, PXC200-E.D with Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 All firmware versions V6.00.320, Desigo PX automation controllers PXC00-U, PXC64-U, PXC128-U with Desigo PX Web modules...

CVE-2018-4018

An exploitable firmware update vulnerability exists in the NT9665X Chipset firmware, running on Anker Roav A1 Dashcam version RoavA1SWV1.9. The HTTP server allows for arbitrary firmware binaries to be uploaded which will be flashed upon next reboot. An attacker can send an HTTP PUT request or...

CVE-2002-1968

Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and possibly other versions before 2.1.1.108.003, downloads a DOCSIS configuration file from a TFTP server running on the internal network, which allows local users to modify configuration of the modem via a malicious TFTP server...

MariaDB 10.5.0 < 10.5.29 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.5.29. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.5.29 advisory. - Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are...

CBL Mariner 2.0 Security Update: erlang (CVE-2025-32433)

The version of erlang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-32433 advisory. - Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.3,...

CVE-2025-27791 Collabora Online Vulnerable to Arbitrary File Write

Collabora Online is a collaborative online office suite based on LibreOffice technology. In versions prior to 24.04.12.4, 23.05.19, and 22.05.25, there is a path traversal flaw in handling the CheckFileInfo BaseFileName field returned from WOPI servers. This allows for a file to be written anywhe...

CVE-2025-1451

A vulnerability in parisneo/lollms-webui v13 arises from the server's handling of multipart boundaries in file uploads. The server does not limit or validate the length of the boundary or the characters appended to it, allowing an attacker to craft requests with excessively long boundaries, leadi...

CVE-2024-8769 Arbitrary File Deletion via Relative Path Traversal in aimhubio/aim

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...

CVE-2024-8769

CVE-2024-8769 affects aimhubio/aim where the LockManager.release_locks function concatenates a user-controlled run_hash into a path, enabling relative path traversal that can delete arbitrary files. The flaw is exposed through Repo._close_run() via the tracking server instruction API, potentially...

CVE-2024-8028 Denial of Service in danswer-ai/danswer

A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service DoS by uploading a file with a malformed multipart boundary. By appending a large number of characters to the end of the multipart boundary, the server continuously processes each character, rendering th...

CVE-2024-10572 Denial of Service and Arbitrary File Write in h2oai/h2o-3

In h2oai/h2o-3 version 3.46.0.1, the runtool command exposes classes in the water.tools package through the ast parser. This includes the XGBoostLibExtractTool class, which can be exploited to shut down the server and write large files to arbitrary directories, leading to a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2024-21177

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and...

Linux Distros Unpatched Vulnerability : CVE-2024-21165

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Pluggable Auth. Supported versions that are affected are 8.0.37 and prior. Easily...

Linux Distros Unpatched Vulnerability : CVE-2024-21125

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior...

Linux Distros Unpatched Vulnerability : CVE-2019-3856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A...

CLSA-2025-1738958235 rsync: Fix of CVE-2024-12087

CVE-2024-12087: fix path traversal vulnerability that allows write files outside of the client's intended destination directory by malicious server...

CVE-2024-37903

Mastodon is a self-hosted, federated microblogging platform. Starting in version 2.6.0 and prior to versions 4.1.18 and 4.2.10, by crafting specific activities, an attacker can extend the audience of a post they do not own to other Mastodon users on a target server, thus gaining access to the...

MariaDB 10.11.0 < 10.11.11

The version of MariaDB installed on the remote host is prior to 10.11.11. It is, therefore, affected by a vulnerability as referenced in the 10.11.11 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.40 and prior,...

MariaDB 11.4.0 < 11.4.5

The version of MariaDB installed on the remote host is prior to 11.4.5. It is, therefore, affected by a vulnerability as referenced in the 11.4.5 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.40 and prior, 8.4...