8064 matches found
Linux Distros Unpatched Vulnerability : CVE-2010-1398
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions,...
Linux Distros Unpatched Vulnerability : CVE-2006-0670
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service crash through a wireless Bluetooth connection via a malformed...
Linux Distros Unpatched Vulnerability : CVE-2011-4693
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows and Mac OS X allows remote attackers to execute arbitrary code via a crafted SWF file, as...
Linux Distros Unpatched Vulnerability : CVE-2011-2022
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The agpgenericremovememory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows...
Linux Distros Unpatched Vulnerability : CVE-2011-4462
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Plone 4.1.3 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote...
Linux Distros Unpatched Vulnerability : CVE-2011-2199
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow in tftp-hpa before 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the utimeout option...
Linux Distros Unpatched Vulnerability : CVE-2008-3196
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bound...
Linux Distros Unpatched Vulnerability : CVE-2009-3736
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la...
WordPress CMS Tree Page View Plugin < 0.8.9 XSS Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cmstreepageviewproject:cmstreepageview"; ifdescription...
CVE-2024-8651
A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...
PT-2024-39152 · Unknown · Netcat Cms
Name of the Vulnerable Software and Affected Versions: NetCat CMS versions 6.4.0.24126.2 through 6.4.0.24247 Description: A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue enables cross-site...
Ankitects Anki MPV script injection vulnerability
Talos Vulnerability Report TALOS-2024-1993 Ankitects Anki MPV script injection vulnerability July 22, 2024 CVE Number CVE-2024-26020 SUMMARY An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary...
Ankitects Anki Latex Incomplete Blocklist Vulnerability
Talos Vulnerability Report TALOS-2024-1992 Ankitects Anki Latex Incomplete Blocklist Vulnerability July 22, 2024 CVE Number CVE-2024-29073 SUMMARY An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package,...
Peplink Smart Reader /bin/login privilege escalation vulnerability
Talos Vulnerability Report TALOS-2023-1868 Peplink Smart Reader /bin/login privilege escalation vulnerability April 17, 2024 CVE Number CVE-2023-40146 SUMMARY A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 in QEMU. A specially crafted...
PT-2024-14897
Name of the Vulnerable Software and Affected Versions Egehan Security WebPDKS versions through 20240329 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. The vendor w...
Ivanti Connect Secure Unauthenticated Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Connect Secure Unauthenticated Remote Code Execution', 'Description' = %q This module chains a server side request forgery SSRF...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP global config Command injection Vulnerability
Talos Vulnerability Report TALOS-2023-1856 TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP global config Command injection Vulnerability February 6, 2024 CVE Number CVE-2023-42664 SUMMARY A post authentication command injection vulnerability exists when setting up the PPTP global configuratio...
TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability
Talos Vulnerability Report TALOS-2023-1853 TP-Link ER7206 Omada Gigabit VPN Router uhttpd PPTP client Command injection Vulnerability February 6, 2024 CVE Number CVE-2023-36498 SUMMARY A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206...
CVE-2024-0937
A vulnerability, which was classified as critical, has been found in vanderSchaar LAB synthcity 0.2.9. Affected by this issue is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been...
CVE-2024-0937 van_der_Schaar LAB synthcity PKL File load_from_file deserialization
A vulnerability, which was classified as critical, has been found in vanderSchaar LAB synthcity 0.2.9. Affected by this issue is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been...