35 matches found
CVE-2021-33107
Insufficiently protected credentials in USB provisioning for IntelR AMT SDK before version 16.0.3, IntelR SCS before version 12.2 and IntelR MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure vi...
CVE-2025-1101
A CWE-204 "Observable Response Discrepancy" in the login page in Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to enumerate valid usernames via crafted HTTP requests...
EUVD-2021-11890
Malware in sbrugna...
EUVD-2019-18380
Malware in sbrugna...
EUVD-2018-19715
Malware in sbrugna...
EUVD-2024-34064
Malicious code in bioql PyPI...
EUVD-2022-40955
Malicious code in bioql PyPI...
EUVD-2024-25296
Malicious code in bioql PyPI...
EUVD-2024-50357
Malicious code in bioql PyPI...
EUVD-2024-44435
Malicious code in bioql PyPI...
CVE-2022-3124
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server...
CVE-2022-0656
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter in its udrawconverturltobase64 AJAX action available to both unauthenticated and authenticated users before using it in the filegetcontents function and returning its content base64 encoded in the...
CVE-2020-8751
Insufficient control flow management in subsystem for IntelR CSME versions before 11.8.80, IntelR TXE versions before 3.1.80 may allow an unauthenticated user to potentially enable information disclosure via physical access...
CVE-2020-27481
An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin = 2.1.4 exists due to the usage of "wpajaxnopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlrlmscancelbooking" where POST Parameter "id" was sent straight into SQL query witho...
CVE-2019-17270
Yachtcontrol through 2019-10-06: It's possible to perform direct Operating System commands as an unauthenticated user via the "/pages/systemcall.php?command=COMMAND" page and parameter, where COMMAND will be executed and returning the results to the client. Affects Yachtcontrol webservers disclos...
PT-2025-19796 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions 3.5.0.beta4 before commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b Description: A data leak issue affects Discourse, an open-source community platform, allowing some content on the site's homepage to be visible to...
📄 BentoML 1.4.2 Remote Code Execution
A remote code execution vulnerability caused by insecure deserialization has been identified in version 1.4.2 of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2025-27442 Zoom Workplace Apps - Cross Site Scripting
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access...
CVE-2025-25683
AlekSIS-Core is vulnerable to Incorrect Access Control. Unauthenticated users can access all PDF files. This affects AlekSIS-Core 3.0, 3.1, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.2.0 and 3.2.1...
CVE-2025-25683
CVE-2025-25683 affects AlekSIS-Core versions 3.0–3.2.1, with an underlying Incorrect Access Control that allows unauthenticated users to access all PDF files. Exploitation details are not provided in the documents, but multiple sources confirm the vulnerability and affected ranges. Remediation (w...