36 matches found
Ray Static File - Local File Inclusion
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. id: CVE-2023-6020 info: name: Ray Static File - Local File Inclusion author: byt3bl33d3r severity: high description: | LFI in Ray's /static/ directory allows attackers to read any file on the...
Mongo-Express - Remote Code Execution
Mongo-Express before 1.0.0 is susceptible to remote code execution because it uses safer-eval to validate user supplied javascript. Unfortunately safer-eval sandboxing capabilities are easily bypassed leading to remote code execution in the context of the node server. id: CVE-2020-24391 info: nam...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005115)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005115 advisory. In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and fr...
EUVD-2025-205380
Malicious code in aiogram-sever-patch PyPI...
Malicious code in aiogram-sever-patch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0be41c08090971a10e54930628353748c82ed55c0f9795b26a932f806852fd4f During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...
MAL-2025-192931 Malicious code in aiogram-sever-patch (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 0be41c08090971a10e54930628353748c82ed55c0f9795b26a932f806852fd4f During installation or importing the module, the package starts a reverse shell to hardcoded locatiom --- Category: MALICIOUS - The campaign has clearly...
MAL-2025-39034 Malicious code in webpack-sever-render-middleware (npm)
The package webpack-sever-render-middleware was found to contain malicious code...
The vulnerability of the iucv_sever_path() function in the IUCV driver of the Linux operating system on the s/390 platform allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the iucvseverpath function in the net/iucv/afiucv.c driver of the Linux operating system’s IUCV kernel on the s/390 platform is related to the repeated use of previously freed memory. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
SUSE CVE-2024-42271
In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and from bh context. iucv-path is used as indicator whether somebody else is taking care of severing the path or it is already removed /...
DEBIAN-CVE-2024-42271
In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and from bh context. iucv-path is used as indicator whether somebody else is taking care of severing the path or it is already removed /...
AZL-47853 CVE-2024-42271 affecting package kernel for versions less than 5.15.167.1-1
In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and from bh context. iucv-path is used as indicator whether somebody else is taking care of severing the path or it is already removed /...
AZL-47808 CVE-2024-42271 affecting package kernel for versions less than 6.6.47.1-1
In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucvsockclose iucvseverpath is called from process context and from bh context. iucv-path is used as indicator whether somebody else is taking care of severing the path or it is already removed /...
xorg-x11-server-Xwayland security update
21.1.9-5 Fix for CVE-2023-6816, CVE-2024-0229, CVE-2024-21885, CVE-2024-21886, CVE-2024-0408, CVE-2024-0409 21.1.9-4 - Fix for CVE-2023-6377, CVE-2023-6478 22.1.9-3 - Fix for CVE-2023-5367...
NULL pointer dereference in HTTP/3
NULL pointer dereference in HTTP/3 Severity: major CVE-2024-24989 Not vulnerable: 1.25.4+ Vulnerable: 1.25.3...
The vulnerability of the monitoring software for V-Sever and V-Sever Lite lies in buffer overflow attacks, allowing attackers to execute arbitrary code.
The vulnerability of the monitoring software for V-Sever and V-Sever Lite devices is related to buffer overflow attacks. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted file...
The vulnerability of the monitoring software for PLK V-Sever and V-Sever Lite lies in the recording of data beyond the buffer boundaries in memory, allowing a hacker to execute arbitrary code.
The vulnerability of the monitoring software for V-Sever and V-Sever Lite lies in the writing of data beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially crafted file...
The vulnerability of the monitoring software for PLK V-Sever and V-Sever Lite lies in the ability to write beyond the buffer boundaries, allowing a hacker to execute arbitrary code.
The vulnerability of the monitoring software for V-Sever and V-Sever Lite lies in the fact that it allows data to be written beyond the buffer boundaries. Exploiting this vulnerability enables a remote attacker to execute arbitrary code using a specially crafted file...
## Significant roundoff error in melt() function
Lines of code Vulnerability details Significant roundoff error in melt function Significant roundoff error is caused when calculating numPeriods. Also frequent calling of this function caused sever error. Proof of Concept 70 function melt external notPausedOrFrozen 71 if uint48block.timestamp 0...
CVE-2022-0910
A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware...
Design/Logic Flaw
A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway SWG could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sev...