ROS-20260508-73-0015

A vulnerability in the ngxhttpmp4module module of the NGINX Plus and NGINX Open Source HTTP server is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service or execute arbitrary code...

hackage-server 跨站脚本漏洞

hackage-server is a Haskell open-source package repository server. hackage-server has a cross-site scripting vulnerability, which stems from the direct provision of HTML and JavaScript files. This vulnerability could allow malicious package maintainers to hijack user sessions...

PT-2026-33532

ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory, which performs no file...

GenieACS 安全漏洞

GenieACS is an open-source high-performance automatic configuration server designed for remote management of devices enabled with TR-069. Version 1.2.13 of GenieACS contains a security vulnerability, which stems from unvalidated access to the NBI API endpoint...

CVE-2026-30790 RustDesk Server Controls All Handshake Entropy (Salt/Challenge), Enabling Offline Brute-Force

Improper Restriction of Excessive Authentication Attempts, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-server-pro RustDesk Server Pro rustdesk-server-pro on Windows, MacOS, Linux Peer authentication, API login modules, rustdesk-server RustDesk Server OSS...

continuwuity 安全漏洞

Continuwity is an open-source family server developed by Continuwity. There is a security vulnerability in Continuwity, which arises when users leave a room, join another room, or make a knock sound. In such cases, the victim’s server may sign any event provided by the remote server...

Monkey Server security vulnerabilities

Monkey Server is an open-source HTTP server developed by Monkey I/O. There is a security vulnerability in Monkey Server, which stems from out-of-bounds read accesses in the http parser-transferencodingchunked function. This vulnerability could lead to denial-of-service attacks...

EUVD-2015-2171

Malware in sbrugna...

ROS-20251007-03

The vulnerability of the high-performance open source DNS server PowerDNS Recursor is related to a a bug in the ECS implementation. Exploitation of the vulnerability could allow an attacker acting remotely, perform cache poisoning attacks...

SUSE CVE-2025-8396

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 i.e., fixed in 1.26.3, 1.27.3,...

GO-2025-3953 Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling in go.temporal.io/server

Temporal OSS Server Vulnerable to Allocation of Resources Without Limits or Throttling in go.temporal.io/server...

CVE-2025-8396

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 i.e., fixed in 1.26.3, 1.27.3,...

CVE-2022-50241

CVE-2022-50241 is a Linux kernel local-use-after-free in NFSD during inter-server copy. The race occurs when a CLOSE may be sent before FREE_STATEID, leaving a freed lock/state entry on the s2s_cp_stateids/sc_cp_list and triggering a BAD_STATEID on subsequent FREE_STATEID. The referenced patches ...

PT-2025-37567

Name of the Vulnerable Software and Affected Versions Temporal Server versions prior to 1.26.3 Temporal Server versions prior to 1.27.3 Temporal Server versions prior to 1.28.1 Description Insufficiently specific bounds checking on the authorization header could lead to denial of service in the...

CVE-2025-55283

aiven-db-migrate is an Aiven database migration tool. Prior to 1.0.7, there is a privilege escalation vulnerability that allows elevation to superuser inside PostgreSQL databases during a migration from an untrusted source server. The vulnerability stems from psql executing commands embedded in a...

CVE-2024-38524 GWC Home Page communicate version and revision information

GeoServer is an open source server that allows users to share and edit geospatial data. org.geowebcache.GeoWebCacheDispatcher.handleFrontPageHttpServletRequest, HttpServletResponse has no check to hide potentially sensitive information from users except for a hidden system property to hide the...

ProFTPD 安全漏洞

ProFTPD is the ProFTPD open source suite of highly configurable, open source FTP server software. A security vulnerability exists in ProFTPD that stems from the inclusion of a buffer overflow vulnerability allowing remote attackers to execute arbitrary code...

Xorg-x11-server: heap buffer overflow in disabledevice

...

Owncast 安全漏洞

Owncast is an open source, self-hosted, decentralized, single-user real-time video streaming and chat server. A security vulnerability exists in Owncast 0.1.2 and earlier versions, which stems from a loose CORS policy that allows an attacker to make cross-origin requests to read privileged...

Navidrome License Issues Vulnerability

Navidrome is a web-based open source music collection server and streamer. Used to freely listen to music collections from any browser or mobile device. An authorization issue vulnerability exists in Navidrome versions prior to 0.50.2, which stems from the presence of an authentication bypass...