2773 matches found
CVE-2025-8554 atjiu pybbs list cross site scripting
A vulnerability, which was classified as problematic, has been found in atjiu pybbs up to 6.0.0. This issue affects some unknown processing of the file /admin/user/list. The manipulation of the argument Username leads to cross site scripting. The attack may be initiated remotely. The exploit has...
CVE-2025-8548
Affects atjiu pybbs up to 6.0.0 in the Registered Email Handler: the sendEmailCode function (SettingsApiController.java) exposes information via error messages when the email argument is manipulated. The issue can be remotely triggered with high attack complexity; exploitation is publicly disclos...
Linux Distros Unpatched Vulnerability : CVE-2025-38189
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/v3d: Avoid NULL pointer dereference in v3djobupdatestats The following kernel Oops was recently reported by Mesa CI: 800.139824 Unable to handle kernel NULL...
Linux Distros Unpatched Vulnerability : CVE-2021-47148
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix a buffer overflow in otx2setrxfhcontext This function is called from...
Linux Distros Unpatched Vulnerability : CVE-2025-38091
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amd/display: check stream id dml21 wrapper to get planeid Why & How Fix a false positive warning which occurs due to lack of correct checks when querying...
PT-2025-31910 · Unknown · Atjiu Pybbs
Name of the Vulnerable Software and Affected Versions: atjiu pybbs versions up to 6.0.0 Description: A critical issue exists in atjiu pybbs up to version 6.0.0 related to weak password requirements in the update function of the file...
Linux Distros Unpatched Vulnerability : CVE-2023-52524
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add lock when modifying device list The device list needs its associated loc...
Linux Distros Unpatched Vulnerability : CVE-2025-38045
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: iwlwifi: fix debug actions order The order of actions taken for debug was implemented incorrectly. Now we implemented the dump split and do the FW reset...
Linux Distros Unpatched Vulnerability : CVE-2025-22057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: decrease cached dst counters in dstrelease Upstream fix ac888d58869b net: do not delay dstentriesadd in dstrelease moved decrementing the dst count from...
Linux Distros Unpatched Vulnerability : CVE-2022-49980
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - USB: gadget: Fix use-after-free Read in usbudcuevent The syzbot fuzzer found a race between uevent callbacks and gadget driver unregistration that can cause a...
CVE-2025-8534
CVE-2025-8534 affects libtiff 4.6.0, specifically PS_Lvl2page in tools/tiff2ps.c (tiff2ps). The vulnerability yields a null pointer dereference and can be triggered locally; attack complexity is high, but exploitation has been disclosed. A patch exists (6ba36f159fd396ad11bf6b7874554197736ecc8b) a...
CVE-2025-8519 givanz Vvveb Drag-and-Drop Editor editor information disclosure
A vulnerability classified as problematic has been found in givanz Vvveb up to 1.0.5. This affects an unknown part of the file /vadmin123/index.php?module=editor/editor of the component Drag-and-Drop Editor. The manipulation of the argument url leads to information disclosure. It is possible to...
GHSA-VF2R-CXG9-P7RF The ADOdb sqlite3 driver allows SQL injection
Improper escaping of a query parameter may allow an attacker to execute arbitrary SQL statements when the code using ADOdb connects to a sqlite3 database and calls the metaColumns, metaForeignKeys or metaIndexes methods with a crafted table name. Note that the indicated Severity corresponds to a...
Linux Distros Unpatched Vulnerability : CVE-2019-19043
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak in the i40esetupmacvlans function in drivers/net/ethernet/intel/i40e/i40emain.c in the Linux kernel through 5.3.11 allows attackers to cause a...
Linux Distros Unpatched Vulnerability : CVE-2024-27390
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: remove one synchronizenet barrier in ipv6mcdown As discussed in the past commit...
Linux Distros Unpatched Vulnerability : CVE-2025-5991
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - There is a Use After Free vulnerability in Qt's QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected ...
CVE-2025-5999 Vault Root Namespace Operator May Elevate Token Privileges
A privileged Vault operator with write permissions to the root namespace’s identity endpoint could escalate their own or another user’s token privileges to Vault’s root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22...
CVE-2025-48071 OpenEXR's Forged Unpacked Size can Lead to Heap-Based Buffer Overflow in Deep Scanline Parsing
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.2 through 3.3.0, there is a heap-based buffer overflow during a write operation when decompressing ZIPS-packed deep scan-line EXR files...
CVE-2025-54584 GitProxy is vulnerable to a packfile parsing exploit
GitProxy is an application that stands between developers and a Git remote endpoint e.g., github.com. In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within comm...
WordPress JetEngine Plugin plugin <= 3.7.1.2 - Cross Site Scripting (XSS) Vulnerability
Cross Site Scripting XSS Vulnerability discovered by stealthcopter in WordPress Plugin JetEngine versions = 3.7.1.2...