EUVD-2025-4057

Malicious code in bioql PyPI...

Notepad++ <= 8.8.1 Privilege Escalation Vulnerability

Notepad++ is prone to a privilege escalation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-46805

Screen version 5.0.0 and older version 4 releases have a TOCTOU race potentially allowing to send SIGHUP, SIGCONT to privileged processes when installed setuid-root...

CVE-2024-10977 PostgreSQL libpq retains an error message from man-in-the-middle

Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a human or screen-scraper user of psql mistake...

CVE-2021-39318 H5P CSS Editor <= 1.0 Reflected Cross-Site Scripting

The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the /h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0...

UBUNTU-CVE-2021-2126

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. The supported version that is affected is Prior to 6.1.18. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

RCE-CVE-2020-5902 BIG-IP F5 Remote Code Execution Descripti...

CVE-2018-10918

A null pointer dereference flaw was found in the way samba checked database outputs from the LDB database layer. An authenticated attacker could use this flaw to crash a samba server in an Active Directory Domain Controller configuration. Samba versions before 4.7.9 and 4.8.4 are vulnerable...

CVE-2017-1000203

ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution...

osCommerce 3.0a5 Local File Include and HTML Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/39820/info osCommerce is prone to a local file-include vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit the local file-include...

EditTag 1.2 edittag.cgi file Variable Arbitrary File Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/21890/info EditTag is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow a remote attacker to access any file...

Openfire 3.x jabber:iq:auth 'passwd_change' Remote Password Change Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34804/info Openfire is prone to a vulnerability that can permit an attacker to change the password of arbitrary users. Exploiting this issue can allow the attacker to gain unauthorized access to the affected application a...

FreeBSD Ports: webmin

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Zend Framework 1.9.6 - Multiple Input Validation Vulnerabilities Security Bypass

Zend Framework 1.9.6 - Multiple Input Validation Vulnerabilities Security Bypass source: https://www.securityfocus.com/bid/37809/info Zend Framework is prone to multiple input-validation vulnerabilities and a weakness: - Multiple cross-site scripting issues - An HTML-injection issue - A...

PHP-Ultimate WebBoard 2.0 - &#039;admindel.php&#039; Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/30822/info PHP-Ultimate Webboard is prone multiple-input validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input. Successful exploits will allow unauthorized attackers to delete arbitrary questions and answers...

Blue Coat ProxySG Management Console - URI Handler Multiple Cross-Site Scripting Vulnerabilities

Blue Coat ProxySG Management Console - URI Handler Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/26286/info Blue Coat ProxySG Management Console is prone to two cross-site scripting vulnerabilities because the application fails to properly sanitize...