Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution

Monsta FTP = 2.11 contains an unrestricted file upload vulnerability caused by lack of authentication on file uploads, letting unauthenticated attackers execute arbitrary code by uploading crafted files. id: CVE-2025-34299 info: name: Monsta FTP = 2.11.2 - Unauthenticated Remote Code Execution...

BIT-JRE-2024-40896

In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content by setting "checked". This makes classic XXE attacks possible...

CVE-2025-13113 Web Accessibility by accessiBe <= 2.11 - Unauthenticated Sensitive Information Exposure

The Web Accessibility by accessiBe plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.11. This is due to the accessiberenderjsinfooter function logging the complete plugin options array to the browser console on public pages, without...

EUVD-2015-5392

Malware in sbrugna...

EUVD-2001-1128

Malware in sbrugna...

EUVD-2020-26447

Malware in sbrugna...

EUVD-2021-30602

Malicious code in bioql PyPI...

EUVD-2022-7375

Malicious code in bioql PyPI...

PT-2025-38245

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions prior to 2.11 Description: A security issue has been identified in Portabilis i-Educar. The vulnerability involves an unknown function within the /module/Avaliacao/diarioApi file, leading to information disclosure...

CVE-2022-41896

TensorFlow is an open source platform for machine learning. If ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be...

CVE-2022-41887

TensorFlow is an open source platform for machine learning. tf.keras.losses.poisson receives a ypred and ytrue that are passed through functor::mul in BinaryOp. If the resulting dimensions overflow an int32, TensorFlow will crash due to a size mismatch during broadcast assignment. We have patched...

CVE-2021-43695

issabelPBX version 2.11 is affected by a Cross Site Scripting XSS vulnerability. In file page.backuprestore.php, the exit function will terminate the script and print the message to the user. The message will contain $REQUEST without sanitization, then there is a XSS vulnerability...

CVE-2020-5221

In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in composeabspath. This has been fixed in versio...

CVE-2024-27279

Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a use...

BIT-TENSORFLOW-2022-41896 `tf.raw_ops.Mfcc` crashes in Tensorflow

TensorFlow is an open source platform for machine learning. If ThreadUnsafeUnigramCandidateSampler is given input filterbankchannelcount greater than the allowed max size, TensorFlow will crash. We have patched the issue in GitHub commit 39ec7eaf1428e90c37787e5b3fbd68ebd3c48860. The fix will be...

CVE-2023-37544 Apache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoS

Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8., from 2.9.0 through 2.9., from 2.10.0 through 2.10.4, from 2.11.0 throug...

Google TensorFlow 缓冲区错误漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A buffer error vulnerability exists in Google TensorFlow version 2.12 prior to version 2.12.0 and version 2.11 prior to version 2.11.1, which stems from out-of-bounds acce...

Google TensorFlow 代码问题漏洞

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google, Inc. in the United States. A code issue vulnerability exists in TensorFlow version 2.12 prior to version 2.12.0 and version 2.11 prior to version 2.11.1, which stems from a null pointer error in...

GHSA-368V-7V32-52FX Overflow in `ResizeNearestNeighborGrad`

Impact When tf.rawops.ResizeNearestNeighborGrad is given a large size input, it overflows. import tensorflow as tf aligncorners = True halfpixelcenters = False grads = tf.constant1, shape=1,8,16,3, dtype=tf.float16 size = tf.constant1879048192,1879048192, shape=2, dtype=tf.int32...

GHSA-F2W8-JW48-FR7J `FractionalMaxPoolGrad` Heap out of bounds read

Impact If FractionMaxPoolGrad is given outsize inputs rowpoolingsequence and colpoolingsequence, TensorFlow will crash. python import tensorflow as tf tf.rawops.FractionMaxPoolGrad originput = 1, 1, 1, 1, 1, origoutput = 1, 1, 1, outbackprop = 3, 3, 6, rowpoolingsequence = -0x4000000, 1, 1,...