UBUNTU-CVE-2026-33222

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them...

CVE-2025-62004

BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...

CVE-2025-62003

BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also ...

EUVD-2025-34654

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

EUVD-2003-1517

Malware in sbrugna...

EUVD-2020-29045

Malware in sbrugna...

CVE-2003-1527

BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets...

Avoid Using USB Storage

USB storage devices are usually used to transfer data between servers. However, in most cases, data on USB storage devices cannot be protected by technical methods, thereby increasing the risk of attacks. Viruses and Trojan horses on USB devices may infect and damage the server. If the USB storag...

Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI

Exchange Server and SharePoint Server are business-critical assets and considered crown jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server now integrate with th...

CVE-2024-55354

Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected...

CVE-2024-55354

Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected...

GoPhish 安全漏洞

GoPhish is an open source phishing framework from GoPhish Open Source. A security vulnerability exists in GoPhish version v0.12.1, which stems from insufficient credential protection in the mail server configuration, which allows an attacker to access configured IMAP and SMTP servers with plainte...

SUSE-SU-2023:4907-1 Security update for mariadb

This update for mariadb fixes the following issues: - CVE-2023-22084: Fixed an easily exploitable vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server bsc1217405...

AZL-31647 CVE-2023-39325 affecting package moby-containerd-cc for versions less than 1.7.1-5

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

U.S. Department of State: Bypassing Whitelist to perform SSRF for internal host scanning

A misconfiguration in the server-side request forgery SSRF protection of geonode.state.gov allowed for bypassing the whitelist and performing internal host scanning. The backend parsed the whitelist host as a credential host, allowing requests to be sent to hosts identified before the ""...

CVE-2022-25331

Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process...

CVE-2022-25331

Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process...

How to detect Apache HTTP Server Exploitation

With recent news of the critical, zero-day vulnerability Apache Log4Shell, we explore how to detect and protect your Apache HTTP servers...

CVE-2020-3442 DuoConnect SSH Connection Vulnerability

The DuoConnect client enables users to establish SSH connections to hosts protected by a DNG instance. When a user initiates an SSH connection to a DNG-protected host for the first time using DuoConnect, the user’s browser is opened to a login screen in order to complete authentication determined...

SQL Injection Bypass Vulnerability in D-Shield Firewalls

D Shield Firewall is a free IIS firewall software, this software protects websites and servers from intrusion. D Shield Firewall suffers from a SQL injection bypass vulnerability. An attacker can exploit the vulnerability to gain access to sensitive database information...