12638 matches found
CVE-2025-5998
The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...
CVE-2025-55163
A flaw was found in Netty where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...
CVE-2025-54074
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth...
CVE-2025-9021
A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely...
CVE-2025-9021
SourceCodester Online Bank Management System up to version 1.0 contains a SQL injection in /bank/transfer.php caused by manipulation of the email parameter. The vulnerability is reported as remotely exploitable, with attack complexity low and no privileges required; CVSS data indicates a high-imp...
CVE-2025-9021 SourceCodester Online Bank Management System transfer.php sql injection
A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely...
CVE-2025-9021 SourceCodester Online Bank Management System transfer.php sql injection
A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely...
PT-2025-33455 · Sourcecodester · Sourcecodester Online Dj Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Bank Management System version 1.0 Description: A vulnerability exists in SourceCodester Online Bank Management System up to version 1.0. The issue affects unknown code within the /bank/transfer.php file. Manipulation of...
FreeBSD : nginx -- worker process memory disclosure (eb03714d-79f0-11f0-b4c1-ac5afc632ba3)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eb03714d-79f0-11f0-b4c1-ac5afc632ba3 advisory. F5 reports: NGINX Open Source and NGINX Plus have a vulnerability in the ngxmailsmtpmodule that might...
Linux Distros Unpatched Vulnerability : CVE-2021-47304
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcpinittransfer to not reset icskcainitialized This commit fixes a bug found by...
Linux Distros Unpatched Vulnerability : CVE-2019-9807
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When arbitrary text is sent over an FTP connection and a page reload is initiated, it is possible to create a modal alert message with this text as the content...
Linux Distros Unpatched Vulnerability : CVE-2021-47475
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: vmk80xx: fix transfer-buffer overflows The driver uses endpoint-sized USB transfer buffers but up until recently had no sanity checks on the sizes. Comm...
SourceCodester Online Bank Management System 注入漏洞
SourceCodester Online Bank Management System is a SourceCodester open source online bank management system. SourceCodester Online Bank Management System 1.0 and earlier versions exist injection vulnerability, the vulnerability stems from the file /bank/transfer.php parameter email mishandling lea...
Malicious code in ftp-adaptor (npm)
The package ftp-adaptor was found to contain malicious code...
CVE-2025-20306
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center FMC Software could allow an authenticated, remote attacker with Administrator-level privileges to execute arbitrary commands on the underlying operating system. This vulnerability is due to insufficie...
CVE-2025-20268 Cisco Secure Firewall Threat Defense Software Geolocation Remote Access VPN Bypass Vulnerability
A vulnerability in the Geolocation-Based Remote Access RA VPN feature of Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass configured policies to allow or deny HTTP connections based on a country or region. This vulnerability exists becaus...
CVE-2025-20263 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Buffer Overflow Denial of Service Vulnerability
A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. This vulnerability is due to...
CVE-2025-20251
CVE-2025-20251 affects Cisco Secure Firewall ASA/FTD VPN Web Server: authenticated remote attacker can use crafted HTTP requests to create or delete arbitrary files on the OS due to insufficient input validation, potentially dropping VPN sessions and causing DoS; device reboot may be required. Ex...
CVE-2025-5998 PPWP < 1.9.11 - Subscriber+ Access Bypass via REST API
The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...
FreeBSD : www/varnish7 -- Denial of Service in HTTP/2 (e2d49973-785a-11f0-a1c0-0050569f0b83)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the e2d49973-785a-11f0-a1c0-0050569f0b83 advisory. Varnish Development Team reports: A denial of service attack can be performed on Varnish Cache servers...