12610 matches found
CVE-2024-58299
PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access...
EUVD-2025-203250
ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...
CVE-2025-36747
ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...
CVE-2025-36747
ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...
CVE-2025-36747 Hardcoded FTP Credentials within the firmware
ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...
CVE-2025-36747 Hardcoded FTP Credentials within the firmware
ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...
Growatt ShineLan-X 安全漏洞
Growatt ShineLan-X is a data logger for PV inverters from Growatt, a Chinese company. A security vulnerability exists in the Growatt ShineLan-X that stems from the inclusion of FTP server credentials in the firmware, which could lead to the replacement of legitimate files with malicious versions...
PT-2025-51097
ShineLan-X contains a set of credentials for an FTP server was found within the firmware, allowing testers to establish an insecure FTP connection with the server. This may allow an attacker to replace legitimate files being deployed to devices with their own malicious versions, since the firmwar...
EUVD-2024-55352
PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access...
CVE-2024-58299 PCMan FTP Server 2.0 Remote Buffer Overflow via 'pwd' Command
PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access...
EUVD-2025-203093
Weaviate OSS has path traversal vulnerability via the Shard Movement API...
CVE-2025-67819
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
Exploit for Deserialization of Untrusted Data in Facebook React
⚛️ React2Shell CVE-2025-55182 !Pythonhttps://img.shields...
CVE-2025-67737
CVE-2025-67737 affects AzuraCast versions 0.23.1, where an API endpoint intended for internal use by sftpgo was exposed in the public HTTP API (at /api/internal/sftp-event). A user with valid SFTP credentials and knowledge of the station’s internal filesystem can craft a tailored HTTP request to ...
PT-2025-50896
Name of the Vulnerable Software and Affected Versions AzuraCast versions 0.23.1 Description AzuraCast is a self-hosted, all-in-one web radio management suite. Version 0.23.1 mistakenly includes an API endpoint intended for internal use by the SFTP software sftpgo, exposing it to the public-facing...
PCMan FTP Server 安全漏洞
PCMan FTP Server is a suite of FTP server software from PCMan Open Source. A security vulnerability exists in PCMan FTP Server version 2.0, which stems from a buffer overflow in the pwd command that could lead to the execution of arbitrary code...
CVE-2025-67819
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
Weaviate 安全漏洞
Weaviate is an open source vector database from Weaviate Open Source. A security vulnerability exists in Weaviate versions prior to 1.33.4, which stems from an unvalidated fileName field in the transfer logic and could result in the reading of arbitrary files accessible to the service process...
CVE-2025-67819
An issue was discovered in Weaviate OSS before 1.33.4. Due to a lack of validation of the fileName field in the transfer logic, an attacker who can call the GetFile method while a shard is in the "Pause file activity" state and the FileReplicationService is reachable can read arbitrary files...
Exploit for Deserialization of Untrusted Data in Facebook React
🚀 R2S - Next.js RSC Exploit Framework !Versionhttps://im...