CVE-2019-14603

Improper permissions in the installer for the License Server software for Intel® Quartus® Prime Pro Edition before version 19.3 may allow an authenticated user to potentially enable escalation of privilege via local access...

CVE-2002-2036

Sun Ray Server Software SRSS 1.3, when Non-Smartcard Mobility NSCM is enabled, allows remote attackers to login as another user by running dtlogin from a system that supports the XDMCP client...

CVE-2009-4295

Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic...

Adobe ColdFusion Input Validation Error Vulnerability

Adobe ColdFusion is a Server software developed by Adobe for creating and deploying Internet applications. Adobe ColdFusion suffers from an input validation error vulnerability that stems from a failure to properly validate input data. An attacker could exploit the vulnerability to execute...

PCMan FTP Server LCD Command Handler Buffer Overflow Vulnerability

PCMan FTP Server is PCMan open source set of FTP server software. PCMan FTP Server suffers from a buffer overflow vulnerability that originates from the LCD command handler failing to properly validate the length and size of input data, which can be exploited by an attacker to cause a denial of...

Adobe ColdFusion 输入验证错误漏洞

Adobe ColdFusion is a Server software developed by Adobe for creating and deploying Internet applications. Adobe ColdFusion is vulnerable to an input validation error vulnerability that originates from the system failing to properly process a specific input. No detailed vulnerability details are...

AZL-61739 CVE-2025-4207 affecting package postgresql for versions less than 14.18-1

Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...

159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure

As many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. "We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure," VulnCheck said in...

CVE-2025-32389 NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages

NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure...

DLA-4072-1 xorg-server - security update

Bulletin has no description...

GHSA-88H4-JW57-85V9 vulnerabilities

Vulnerabilities for packages: mysql...

Advisory ROSA-SA-2025-2551

Software: openssh 7.4p1 OS: rosa-server79 packageevrstring: openssh-7.4p1-23.0.6.res7 CVE-ID: CVE-2018-20685 BDU-ID: 2019-00773 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the OpenSSH cryptographic security tool is caused by errors in the validation of the scp.c directory name in the scp clien...

KLA77113 SUI vulnerability in Microsoft Server Software

Security UI vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to spoof user interface. Original advisories CVE-2024-49040 Exploitation Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details. Related...

run.codes 安全漏洞

run.codes is a server software from run.codes open source. A security vulnerability exists in run.codes version 1.5.2 and earlier, which stems from a Reset Password Contest Condition vulnerability in the file UsersController.php...

Arbitrary Code Execution

org.openrefine.dependencies, butterfly is vulnerable to Arbitrary Code Execution. The vulnerability is due to improper input handling in the Butterfly.prototype.parseJSON or getJSON functions, allowing crafted input to execute arbitrary JavaScript code on the server...

RHSA-2021:2561 Red Hat Security Advisory: Red Hat JBoss Web Server 5.5.0 Security release

Bulletin has no description...

GHSA-VR26-JCQ5-FJJ8 Denial of service in quinn-proto when using `Endpoint::retry()`

Summary As of quinn-proto 0.11, it is possible for a server to accept, retry, refuse, or ignore an Incoming connection. However, calling retry on an unvalidated connection exposes the server to a likely panic in the following situations: - Calling refuse or ignore on the resulting validated...

GO-2024-3093 Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server

Mattermost doesn't redact remote users' original email addresses in github.com/mattermost/mattermost-server...

GO-2022-0604 Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server

Cross-site Scripting in Mattermost in github.com/mattermost/mattermost-server...

Remote code execution in Spring Cloud Data Flow

In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server...