CVE-1999-0132

Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access...

CVE-2021-25064

The Wow Countdowns WordPress plugin through 3.1.2 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection...

CVE-2025-3223 WorkstationST EGD Configuration Server Path Traversal Vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in GE Vernova WorkstationST on Windows EGD Configuration Server modules allows Path Traversal.This issue affects WorkstationST: WorkstationST V07.10.10C and earlier...

CVE-2025-29137

creationtimestamp| type| source ---|---|--- 2025-03-19 18:43:48+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lkqtncb32b26 2025-03-19 18:49:24+00:00| seen| https://t.me/cvedetector/20649 2025-03-19 21:18:39+00:00| published-proof-of-concept|...

Linux Distros Unpatched Vulnerability : CVE-2020-16023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Linux Distros Unpatched Vulnerability : CVE-2016-2372

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An information leak exists in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could potentially result in an...

CVE-2024-57617

An issue in the dameraulevenshtein component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service DoS via crafted SQL statements...

SUSE: Security Advisory (SUSE-SU-2024:3198-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-24194

CVE-2024-24194 concerns robdns with commit d76d2e6, which has a NULL pointer dereference via the item->tokens component in /src/conf-parse.c. The NVD metrics indicate a high impact vulnerability (CVSS 3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H, base score 7.5). The connected PT-security entry pr...

RHEL 6 : imagemmagick (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - ImagemMagick: Division by zero in WaveImage of MagickCore/visual-effects.c CVE-2021-20309 Note that Nessus has not...

aquiethome.com Cross Site Scripting vulnerability OBB-3781520

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

bondeboutique.dk Cross Site Scripting vulnerability OBB-3583039

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE: Security Advisory (SUSE-SU-2023:1926-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Why Did the OpenSSL Punycode Vulnerability Happen

Some room-temperature takes on yesterdays not-quite-RCE vulnerabilities in OpenSSL 3.0, and on what there is to learn about safe cryptography engineering. A recap Yesterday OpenSSL published version 3.0.7, which was pre-announced to contain a fix for a CRITICAL vulnerability, the first one since...

supperstudio.com Cross Site Scripting vulnerability OBB-2756510

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-27962

Bluecms 1.6 has a SQL injection vulnerability at cooike...

NFT can be minted for free after sale ended

Handle s1m0 Vulnerability details Impact The getPrice return 0 after the sale ended and SALELIMIT - numSales nft can be minted for free. Proof of Concept Tools Used Manual analysis Recommended Mitigation Steps Without documentation i'm not sure if it's the expected behaviour or not. If it's not y...

Code injection

Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content...

enseignement.uliege.be Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1069533 Security Researcher Hchabik Helped patch 2360 vulnerabilities Received 5 Coordinated Disclosure badges Received 2 recommendations , a holder of 5 badges for responsible and coordinated disclosure, found a security vulnerability affecting enseignement.uliege.be...

CVE-2019-16706

The CVE-2019-16706 entry concerns kkcms v1.3, where a CSRF vulnerability allows an attacker to add a new user via admin/cms_user_add.php. The vulnerability affects the CMS component responsible for user management and is evidenced by multiple feeds (NVD entry notes CSRF with impact to confidentia...