14 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-35406
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes...
CVE-2025-58889
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Towny towny allows PHP Local File Inclusion.This issue affects Towny: from n/a through = 1.16...
CVE-2025-53453
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in axiomthemes Hygia hygia allows PHP Local File Inclusion.This issue affects Hygia: from n/a through = 1.16...
Roundcube Webmail Multiple Vulnerabilities (Dec 2025) - Linux
Roundcube Webmail is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:roundcube:webmail";...
CVE-2025-55763
Buffer Overflow in the URI parser of CivetWeb 1.14 through 1.16 latest allows a remote attacker to achieve remote code execution via a crafted HTTP request. This vulnerability is triggered during request processing and may allow an attacker to corrupt heap memory, potentially leading to denial of...
Linux Distros Unpatched Vulnerability : CVE-2022-30699
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NLnet Labs Unbound, up to and including version 1.16.1, is vulnerable to a novel type of the ghost domain names attack. The vulnerability works by targeting an...
jenkins-2-plugins: Improper input sanitization in HTML Publisher Plugin
A flaw was found in jenkins-2-plugins. In the HTML Publisher Plugin 1.16 through 1.32, fallback for reports created in HTML Publisher Plugin 1.15 and earlier does not properly sanitize input. This can allow attackers with Item/Configure permissions to implement stored cross-site scripting XSS...
PT-2024-2110 · Jenkins · Jenkins Html Publisher Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins HTML Publisher Plugin versions 1.16 through 1.32 Description: The issue arises from the plugin's failure to properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting XSS attacks. This...
PT-2024-20668 · Unknown · Otwthemes.Com Buttons Shortcode/Widget
Name of the Vulnerable Software and Affected Versions: OTWthemes.Com Buttons Shortcode and Widget versions 1.16 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attack...
cn.yanyvpingsheng:bililive-sdk (=0.1.0), com.cesanta:cloud-service-stubs (>=0.0.1 <=0.0.3) +26 more potentially affected by CVE-2017-1000209 via com.neovisionaries:nv-websocket-client (>=1.16 <=1.4)
com.neovisionaries:nv-websocket-client MAVEN version =1.16, =0.0.1, =0.0.1, =1.2, =1.2, =1.3.2, =1.9.1.10.0, =0.4.2, =1.5.1.9.2, =0.4.0, =2.6.0, =1.2.0, =1.0.0, =7.2.0 and more Source cves: CVE-2017-1000209 Source advisory: OSV:GHSA-4HXV-95RC-JQG7...
UBUNTU-CVE-2021-31525
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service panic via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations...
CloudBees Jenkins Matrix Project Plugin Cross-Site Scripting Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Matrix Project Plugin is used in one of the...
PT-2020-15440 · Jenkins · Jenkins Matrix Project Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Matrix Project Plugin versions 1.16 and earlier Description: The issue is related to a stored cross-site scripting vulnerability. It occurs because the node names shown in tooltips on the overview page of builds with a single axis are...
PT-2002-2634 · Skystream · Skystream Emr5000
Name of the Vulnerable Software and Affected Versions: SkyStream EMR5000 versions 1.16 through 1.18 Description: The issue allows remote attackers to cause a denial of service, resulting in a null pointer exception and kernel panic, by sending a large number of packets when the buffers are full...