CVE-2026-44260

efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the readonly flag set on the JSP tag is intended to prevent file modifications. When protected=true, elfindercheckRisk enforces that the client sends readonly=true matching the session value, but no event handler checks the readonly...

UBUNTU-CVE-2026-33222

NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected against them...

CVE-2025-62004

BullWall Server Intrusion Protection SIP services are initialized after login services during system startup. A local, authenticated attacker can log in after boot and before SIP MFA is running. The SIP services do not retroactively enforce MFA or disconnect sessions that were not subject to SIP...

CVE-2025-62003

BullWall Server Intrusion Protection has a noticeable configuration-dependent delay before the MFA check for RDP connections. A remote, authenticated attacker can potentially bypass detection during this delay. Versions 4.6.0.0, 4.6.0.6, 4.6.0.7, and 4.6.1.4 are affected. Other versions may also ...

EUVD-2025-34654

When BIG-IP Advanced WAF is configured on a virtual server with Server-Side Request Forgery SSRF protection or when an NGINX server is configured with App Protect Bot Defense, undisclosed requests can disrupt new client requests. Note: Software versions which have reached End of Technical Support...

EUVD-2020-29045

Malware in sbrugna...

EUVD-2003-1517

Malware in sbrugna...

CVE-2003-1527

BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configured to automatically block attacks, allows remote attackers to block IP addresses and cause a denial of service via spoofed packets...

Avoid Using USB Storage

USB storage devices are usually used to transfer data between servers. However, in most cases, data on USB storage devices cannot be protected by technical methods, thereby increasing the risk of attacks. Viruses and Trojan horses on USB devices may infect and damage the server. If the USB storag...

Stopping attacks against on-premises Exchange Server and SharePoint Server with AMSI

Exchange Server and SharePoint Server are business-critical assets and considered crown jewels for many organizations, making them attractive targets for attacks. To help customers protect their environments and respond to these attacks, Exchange Server and SharePoint Server now integrate with th...

CVE-2024-55354

Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected...

CVE-2024-55354

Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected...

GoPhish 安全漏洞

GoPhish is an open source phishing framework from GoPhish Open Source. A security vulnerability exists in GoPhish version v0.12.1, which stems from insufficient credential protection in the mail server configuration, which allows an attacker to access configured IMAP and SMTP servers with plainte...

SUSE-SU-2023:4907-1 Security update for mariadb

This update for mariadb fixes the following issues: - CVE-2023-22084: Fixed an easily exploitable vulnerability that allowed high privileged attacker with network access via multiple protocols to compromise MySQL Server bsc1217405...

AZL-31647 CVE-2023-39325 affecting package moby-containerd-cc for versions less than 1.7.1-5

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...

U.S. Department of State: Bypassing Whitelist to perform SSRF for internal host scanning

A misconfiguration in the server-side request forgery SSRF protection of geonode.state.gov allowed for bypassing the whitelist and performing internal host scanning. The backend parsed the whitelist host as a credential host, allowing requests to be sent to hosts identified before the ""...

The vulnerability of the virtual server protection feature of the application security tool BIG-IP Advanced Web Application Firewall (AWAF) lies in its ability to allow unlimited loading of dangerous files, enabling attackers to execute arbitrary code.

The vulnerability of the virtual server protection feature of BIG-IP Advanced Web Application Firewall AWAF is related to the unlimited loading of dangerous files. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2022-25331

Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process...

CVE-2022-25331

Uncaught exceptions that can be generated in Trend Micro ServerProtection 6.0/5.8 Information Server could allow a remote attacker to crash the process...

How to detect Apache HTTP Server Exploitation

With recent news of the critical, zero-day vulnerability Apache Log4Shell, we explore how to detect and protect your Apache HTTP servers...