CVE-2026-52810

CVE-2026-52810 affects Gogs (Git self-hosted) where the authorization policy is derived from the client-supplied service parameter (e.g., service=git-upload-pack) instead of the actual RPC path. Consequently, requests to the write endpoint /repo.git/git-receive-pack can be treated as read, while ...

CVE-2026-33005

Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID metadata only NOT contents. Metadata includes id, type, name and some other field. Full list of fields...

CVE-2025-57213

Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request...

EUVD-2008-7096

Malware in sbrugna...

EUVD-2017-18045

Malware in sbrugna...

EUVD-2023-34863

Malicious code in bioql PyPI...

CVE-2024-51473

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 10.5.0.0 through 10.5.0.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query...

PT-2025-17878 · WordPress · Shoplentor

Name of the Vulnerable Software and Affected Versions: The ShopLentor plugin for WordPress versions up to, and including, 3.1.2 Description: The issue allows unauthenticated attackers to make web requests to arbitrary locations originating from the web application, potentially querying and...

389-ds-base: potential denial of service via specially crafted kerberos AS-REQ request

A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of service...

CVE-2020-27782

A flaw was found in the Undertow AJP connector. Malicious requests and abrupt connection closes could be triggered by an attacker using query strings with non-RFC compliant characters resulting in a denial of service. The highest threat from this vulnerability is to system availability. This...

rubygems: DNS hijacking vulnerability

A vulnerability was found where rubygems did not sanitize DNS responses when requesting the hostname of the rubygems server for a domain, via a rubygems.tcp DNS SRV query. An attacker with the ability to manipulate DNS responses could direct the gem command towards a different domain...

Windows Services Stop

If the Windows services got started manually by a VT then stop those services at the end of a scan. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

dns-service-discovery NSE Script

Attempts to discover target hosts' services using the DNS Service Discovery protocol. The script first sends a query for services.dns-sd.udp.local to get a list of services. It then sends a followup query for each one to try to get more information. Script Arguments max-newtargets, newtargets See...

CVE-2008-5277

PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service daemon crash via a CH HINFO query...

CVE-2004-0096

Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...

CVE-2004-0096

Unknown vulnerability in modpython 2.7.9 allows remote attackers to cause a denial of service httpd crash via a certain query string, a variant of CAN-2003-0973...

CVE-2003-0973

Unknown vulnerability in modpython 3.0.x before 3.0.4, and 2.7.x before 2.7.9, allows remote attackers to cause a denial of service httpd crash via a certain query string...

CVE-2000-0887

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer ZXFR request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."...

CVE-2000-0887

ISC BIND 8.2.x before 8.2.2-P7 is vulnerable to a remote denial‑of‑service via a compressed ZXFR zone transfer and a subsequent non‑cached authoritative query (the zxfr bug). An attacker permitted to perform zone transfers can crash the named daemon, disrupting DNS resolution. A patch to BIND 8.2...