EUVD-2020-2653

Malware in sbrugna...

CVE-2025-4633

CVE-2025-4633 concerns Airpointer 2.4.107-2 where default credentials in the web portal allow an unauthenticated attacker to log in. Affected component: the web portal of Airpointer 2.4.107-2; root cause is default credentials enabling access without authentication. Impact notes from sources indi...

CVE-2021-38155

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking related to PCI DSS features. By guessing the name of an account and failing to authenticate multiple times, any unauthenticated...

Flask-AppBuilder open redirect vulnerability using HTTP host injection

Flask-AppBuilder prior to 4.6.2 would allow for a malicious unauthenticated actor to perform an open redirect by manipulating the Host header in HTTP requests...

CVE-2025-34028

The Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files that represent install packages that, when expanded by the target server, are vulnerable to path traversal vulnerability that can result in Remote Code Execution via malicious JSP. This issue affec...

CVE-2024-38815

VMware NSX contains a content spoofing vulnerability (CVE-2024-38815). An unauthenticated attacker can craft a URL that redirects victims to an attacker‑controlled domain, potentially leading to information disclosure. Affects VMware NSX and related NSX components; CVSSv3 base score up to 4.3 (Me...

PT-2024-37296 · Rockwell Automation · Rockwell Automation Thinserver

Name of the Vulnerable Software and Affected Versions: Rockwell Automation ThinServer affected versions not specified Description: The issue is caused by improper input validation, allowing an unauthenticated threat actor to send a malicious message to a monitor thread and cause a denial-of-servi...

VulnCheck KEV: CVE-2023-41724

A command injection vulnerability in Ivanti Sentry prior to 9.19.0 allows unauthenticated threat actor to execute arbitrary commands on the underlying operating system of the appliance within the same physical or logical network...

Security Bulletin: IBM Security Verify Privilege could allow an unauthenticated actor to obtain sensitive information (CVE-2024-31887)

Summary IBM Security Verify Privilege could allow an unauthenticated actor to obtain sensitive information. The issue has been addressed in an update. Vulnerability Details CVEID:CVE-2024-31887 DESCRIPTION: IBM Security Verify Privilege could allow an unauthenticated actor to obtain sensitive...

R Radio Network FM Transmitter 1.07 system.cgi - Password Disclosure Vulnerability

R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...

FreeBSD : phpmyfaq -- multiple vulnerabilities (cbfc1591-c8c0-11ee-b45a-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the cbfc1591-c8c0-11ee-b45a-589cfc0f81b0 advisory. - phpMyFAQ team reports: phpMyFAQ doesn't implement sufficient checks to avoid XSS when storing on...

CVE-2023-6356

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service...

CVE-2023-6535

A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service...

Design/Logic Flaw

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

CVE-2024-22208 phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a...

CVE-2024-22208

CVE-2024-22208 affects phpMyFAQ, where the front-end sharing feature allows unauthenticated users to email multiple recipients (the UI supports 5 addresses) and, due to backend lack of enforcement, can be abused to send thousands of phishing emails via the app’s mail server. The issue stems from ...

phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes

Summary The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. Details The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality...

GHSA-GHMW-RWH8-6QMR pyload Log Injection vulnerability

Summary A log injection vulnerability was identified in pyload. This vulnerability allows any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Details pyload will generate a log entry when attempting to sign in with faulty credentials. This entry will be in the...

CVE-2024-21645

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...

CVE-2024-21645 pyLoad Log Injection

pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in pyload allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by pyload. Forged or otherwise, corrupted log files can be used to cover an...