21 matches found
EUVD-2015-0847
Malware in sbrugna...
EUVD-2018-18319
Malware in sbrugna...
EUVD-2018-3488
Malware in sbrugna...
EUVD-2014-2104
Malware in sbrugna...
EUVD-2023-31735
Malicious code in bioql PyPI...
EUVD-2024-1810
Malicious code in bioql PyPI...
EUVD-2023-44447
Malicious code in bioql PyPI...
CVE-2025-7371
Okta On-Premises Provisioning OPP agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You...
CVE-2025-4828 Support Board <= 3.8.0 - Unauthenticated Arbitrary File Deletion
The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sbfiledelete function in all versions up to, and including, 3.8.0. This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to...
CVE-2025-27457 CVE-2025-27457
All communication between the VNC server and clients is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data...
CVE-2022-1386
The Fusion Builder WordPress plugin before 3.6.2, used in the Avada theme, does not validate a parameter in its forms which could be used to initiate arbitrary HTTP requests. The data returned is then reflected back in the application's response. This could be used to interact with hosts on the...
CVE-2024-8699
The Z-Downloads WordPress plugin before 1.11.5 does not properly validate files uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to for example in multisite setup...
CVE-2024-9070
A deserialization vulnerability exists in BentoML's runner server in bentoml/bentoml versions =1.3.4.post1. By setting specific parameters, an attacker can execute unauthorized arbitrary code on the server, causing severe harm. The vulnerability is triggered when the args-number parameter is...
Mautic allows Relative Path Traversal in assets file upload
Summary This advisory addresses a file placement vulnerability that could allow assets to be uploaded to unintended directories on the server. Improper Limitation of a Pathname to a Restricted Directory: A vulnerability exists in the asset upload functionality that allows users to upload files to...
CVE-2024-32046
Mattermost versions 9.6.x = 9.6.0, 9.5.x = 9.5.2, 9.4.x = 9.4.4 and 8.1.x = 8.1.11 fail to remove detailed error messages in API requests even if the developer mode is off which allows an attacker to get information about the server such as the full path were files are stored...
MGASA-2020-0211 Updated netkit-telnet packages fix security vulnerability
Updated netkit-telnetd packages fix security vulnerability: A vulnerability was found where incorrect bounds checks in the telnet server’s telnetd handling of short writes and urgent data, could lead to information disclosure and corruption of heap data. An unauthenticated remote attacker could...
XXE Vulnerability in Depart.asmx, a Universal Online Learning Platform for MicroXia
Micro Xia Online Learning Platform is an online education system based on B/S architecture. The product/SOPA/Depart.asmx suffers from XXE injection vulnerability, which can be exploited by an attacker to remotely read arbitrary files from the server...
PHP 4.x5 - cURL open_basedir Restriction Bypass
PHP 4.x5 - cURL openbasedir Restriction Bypass source: https://www.securityfocus.com/bid/11557/info It is reported that cURL allows malicious users to bypass 'openbasedir' restrictions in PHP scripts. This issue is due to a failure of the cURL module to properly enforce PHPs 'openbasedir'...
CVS directory traversal
Server can send absolute path to client...
Microsoft IIS 404 Response Service Pack Signature
The Patch level Service Pack of the remote IIS server appears to be lower than the current IIS service pack level. As each service pack typically contains many security patches, the server may be at risk. Note that this test makes assumptions of the remote patch level based on static return value...