131 matches found
CVE-2025-3200
CVE-2025-3200 affects the Com-Server component, where an unauthenticated remote attacker could exploit the use of insecure TLS 1.0 and TLS 1.1 to intercept and manipulate encrypted communications between the Com-Server and connected systems. The issue stems from weak cryptographic protocol suppor...
PT-2025-17168 · Unknown · Mapsvg Lite
Name of the Vulnerable Software and Affected Versions: MapSVG Lite versions prior to 8.5.35 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential...
CVE-2025-32823
A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockProject' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...
CVE-2024-55372
Wallos =2.38.2 has a file upload vulnerability in the restore database function, which allows unauthenticated users to restore database by uploading a ZIP file. The contents of the ZIP file are extracted on the server. This functionality enables an unauthenticated attacker to upload malicious fil...
CVE-2024-55371
CVE-2024-55371 concerns Wallos
PT-2025-13441 · Unknown · A-Blog Cms
Name of the Vulnerable Software and Affected Versions: a-blog cms affected versions not specified Description: A critical issue exists due to the deserialization of untrusted data in a-blog cms, allowing an attacker to store arbitrary files on the server. This can lead to the execution of arbitra...
CVE-2025-30355
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known...
CVE-2024-10361
An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allowing path traversal techniques to delete arbitrary files on the server. Attackers can exploit thi...
Linux Distros Unpatched Vulnerability : CVE-2021-31535
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - LookupCol.c in X.Org X through X11R7.7 and libX11 before 1.7.1 might allow remote attackers to execute arbitrary code. The libX11 XLookupColor request intended...
CVE-2025-27364
In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web...
TShock allows chat while not fully connected, possible ban evasion
This issue was reported to TShock by @ohayo, but was found by the Discord user by the name of sofurry.com. Please note that this user does not own this domain on the internet, just the discord handle. TShock overrides certain Terraria vanilla systems, including chat, and the connection handling,...
CVE-2024-12087 Rsync: path traversal vulnerability in rsync
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the --inc-recursive option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the --inc-recursive option, a lack of proper...
PT-2025-22321
Name of the Vulnerable Software and Affected Versions libsoup versions 2.4 through 3 Description A flaw was found in the libsoup package due to its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP...
CVE-2021-4451
The NinjaFirewall plugin for WordPress is vulnerable to Authenticated PHAR Deserialization in versions up to, and including, 4.3.3. This allows authenticated attackers to perform phar deserialization on the server. This deserialization can allow other plugin or theme exploits if vulnerable softwa...
CVE-2024-39397
Adobe Commerce (Magento) is affected by CVE-2024-39397: Unrestricted Upload of File with Dangerous Type that could lead to arbitrary code execution. Affected versions include 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier. The issue arises from uploading a dangerous file that is then executed...
Code Injection
nukeviet/nukeviet is vulnerable to Code Injection. The vulnerability is due to improper validation in the /admin/extensions/upload.php component. An attacker can exploit this vulnerability to execute arbitrary code on the server...
Exploit for Code Injection in Crushftp
CVE-2024-4040 - exploit scanners This repository contains fil...
Earth Krahang APT Campaign Targeting Global Governments
Summary: Earth Krahang, an APT campaign since 2022, targets global government entities, employing spear phishing and server exploitation tactics. Operating independently but with potential links to Chinese threat actors, it utilizes malware like Cobalt Strike and XDealer for espionage, urging...
Design/Logic Flaw
This issue affects Progress Application Server PAS for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system...
curl: HTTP multi-header compression denial of service
A flaw was found in the Curl package. A malicious server can insert an unlimited number of compression steps. This decompression chain could result in out-of-memory errors...