CVE-2025-26819

Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections...

CVE-2023-26269

Apache James server version 3.7.3 and earlier provides a JMX management service without authentication by default. This allows privilege escalation by a malicious local user. Administrators are advised to disable JMX, or set up a JMX password. Note that version 3.7.4 onward will set up a JMX...

CVE-2025-0513

CVE-2025-0513 affects Octopus Server; root cause is unsafe handling of error page messages. If an attacker can influence any part of an error message, they may embed code, potentially affecting the user viewing the error. Documents provide CVSS v3.1 (Base 5.4, Network, Low privileges, User intera...

Security Updates for Microsoft Office Online Server (February 2025)

The Microsoft Office Online Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

PT-2025-10603

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 9.0.0.M1 through 9.0.98 Apache Tomcat versions 10.1.0-M1 through 10.1.34 Apache Tomcat versions 11.0.0-M1 through 11.0.2 Description The issue affects Apache Tomcat due to a path equivalence vulnerability, allowing remot...

SAP NetWeaver Server ABAP 安全漏洞

SAP NetWeaver Server ABAP is an application server from SAP, a German company. A security vulnerability exists in SAP NetWeaver Server ABAP that stems from a lack of authorization checking and could lead to an unauthenticated attacker accessing otherwise inaccessible data...

CVE-2025-21611

tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions...

CVE-2025-0069

Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a...

CVE-2024-52384

Unrestricted Upload of File with Dangerous Type vulnerability in wpmonks Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation ai-content-generator allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generatio...

CVE-2024-56052

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplmsplugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.5.2...

CVE-2024-50420

Unrestricted Upload of File with Dangerous Type vulnerability in aDirectory aDirectory adirectory allows Upload a Web Shell to a Web Server.This issue affects aDirectory: from n/a through = 1.3...

CVE-2024-49653

Unrestricted Upload of File with Dangerous Type vulnerability in james-eggers Portfolleo portfolleo allows Upload a Web Shell to a Web Server.This issue affects Portfolleo: from n/a through = 1.2...

CVE-2024-49669

Unrestricted Upload of File with Dangerous Type vulnerability in Alexander De Ridder INK Official ink-official allows Upload a Web Shell to a Web Server.This issue affects INK Official: from n/a through = 4.1.2...

CVE-2024-9005

CWE-502: Deserialization of Untrusted Data vulnerability exists that could allow code to be remotely executed on the server when unsafely deserialized data is posted to the web server...

CVE-2024-54214

Unrestricted Upload of File with Dangerous Type vulnerability in roninwp Revy revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through = 1.18...

CVE-2024-54285

Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10...

CVE-2024-48914

Vendure is an open-source headless commerce platform. Prior to versions 3.0.5 and 2.3.3, a vulnerability in Vendure's asset server plugin allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data...

CVE-2024-0323

The FTP server used on the B Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients...

CVE-2024-9644

The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to an authentication bypass vulnerability in the administrative web server. Authentication is not enforced on some administrative functionality when using the "bapply.cgi" endpoint instead of the normal "apply.cgi" endpoint. A remote...

Security update for rsync

This update for rsync fixes the following issues: CVE-2024-12084: Fixed Heap Buffer Overflow in Checksum Parsing bsc1234100. CVE-2024-12085: Fixed Info Leak via uninitialized Stack contents defeating ASLR bsc1234101. CVE-2024-12086: Fixed server leaking arbitrary client files bsc1234102...