EUVD-2026-35420

A flaw was found in 389 Directory Server. The dereference control plugin does not check for allocation failure before using a BER structure, allowing an unauthenticated remote attacker to crash the LDAP server when the system is under memory pressure...

httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash

A flaw was found in the modauthnsocache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration...

CVE-2026-33007

A NULL pointer dereference in the modauthnsocache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue...

EUVD-2023-32340

Malicious code in bioql PyPI...

EUVD-2024-54461

Malicious code in bioql PyPI...

EUVD-2024-42211

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2021-26247

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - As an unauthenticated remote user, visit http:///authchangepassword.php?ref=alert1 to successfully execute the JavaScript payload present in the ref URL...

CVE-2024-6648

Absolute Path Traversal vulnerability in AP Page Builder versions prior to 4.0.0 could allow an unauthenticated remote user to modify the 'productitempath' within the 'config' JSON file, allowing them to read any file on the system...

CVE-2024-46668

An allocation of resources without limits or throttling vulnerability CWE-770 in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple...

CVE-2024-46668

CVE-2024-46668 describes an allocation of resources without limits or throttling (CWE-770) in Fortinet FortiOS. The vulnerability affects FortiOS versions 7.4.0–7.4.4, 7.2.0–7.2.8, 7.0.0–7.0.15, and 6.4.0–6.4.15, where an unauthenticated remote attacker could cause memory exhaustion by uploading ...

CVE-2023-34409

In Percona Monitoring and Management PMM server 2.x before 2.37.1, the authenticate function in authserver.go does not properly formalize and sanitize URL paths to reject path traversal attempts. This allows an unauthenticated remote user, when a crafted POST request is made against unauthenticat...

CVE-2023-28698

Wade Graphic Design FANTSY has a vulnerability of insufficient authorization check. An unauthenticated remote user can exploit this vulnerability by modifying URL parameters to gain administrator privileges to perform arbitrary system operation or disrupt service...

ManageEngine ADSelfService Plus < build 6218 DoS

According to its self-reported version, the ManageEngine ADSelfService Plus application running on the remote host is prior to build 6218. It is, therefore, affected by a denial of service DoS vulnerability which allows any unauthenticated remote user to cause an application restart by sending a...

Input validation

The validate JSON endpoint of the Secvisogram csaf-validator-service in versions 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the attacker is affected b...

CVE-2023-24842 HGiga MailSherlock - Broken Access Control

HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to access partial content of another user’s mail by changing user ID and mail ID within URL...

CVE-2022-45096

Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information...

Northstar Club Management 路径遍历漏洞

Northstar Club Management is a web-based solution from Northstar, Inc. that allows organizations to manage all elements of a club, such as memberships, guests, events, and more. A path traversal vulnerability exists in Northstar Club Management version 6.3, which stems from the software's lack of...

CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

CVE-2021-26247

As an unauthenticated remote user, visit "http:///authchangepassword.php?ref=alert1" to successfully execute the JavaScript payload present in the "ref" URL parameter...

redis: Denial of service via Redis Standard Protocol (RESP) request

A flaw was found in redis. When parsing an incoming Redis Standard Protocol RESP request, redis allocates memory according to user-specified values, which determine the number of elements in the multi-bulk header and size of each element in the bulk header. This flaw allows an unauthenticated,...