CVE-2021-41163

Discourse is an open source platform for community discussion. In affected versions maliciously crafted requests could lead to remote code execution. This resulted from a lack of validation in subscribeurl values. This issue is patched in the latest stable, beta and tests-passed versions of...

CVE-2023-41318

matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with Content-Disposition: inline upon download. This vulnerability could b...

CVE-2022-39202

matrix-appservice-irc is an open source Node.js IRC bridge for Matrix. The Internet Relay Chat IRC protocol allows you to specify multiple modes in a single mode command. Due to a bug in the underlying matrix-org/node-irc library, affected versions of matrix-appservice-irc perform parsing of such...

CVE-2025-32442

The CVE-2025-32442 issue affects Fastify (Node.js) where applications that specify different validation strategies for multiple content types can bypass validation by supplying a slightly altered Content-Type (e.g., different casing or whitespace before ";"). Affected versions include Fastify 5.0...

CVE-2025-32783 XWiki allows unregistered users to see "public" messages from a closed wiki via notifications from a different wiki

XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting "Prevent unregistered users to view pages" in the Administrations Rights. The vulnerability is that any message sent i...

CVE-2024-28181

turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...

PT-2025-2046 · Microworld · Microword Escan Antivirus

Name of the Vulnerable Software and Affected Versions: MicroWorld eScan Antivirus version 7.0.32 Description: A critical issue affects some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler, leading to incorrect default permissions. The attack must be...

PT-2024-31896 · Unknown · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tours and Travels Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS that can be triggered by sending a crafted payload to specific parameters in the travellers.php file. The...

PT-2024-25143 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.3.10 EN Description: A stack-based buffer overflow issue was discovered via the deviceMac parameter at the "ip/goform/addWifiMacFilter" endpoint. This issue can be exploited, potentially leading to unintended...

CVE-2024-28181 Arbitrary method invocation turbo_boost-commands

turboboost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should...

CVE-2022-39384 OpenZeppelin Contracts initializer reentrancy may lead to double initialization

OpenZeppelin Contracts is a library for secure smart contract development. Before version 4.4.1 but after 3.2.0, initializer functions that are invoked separate from contract creation the most prominent example being minimal proxies may be reentered if they make an untrusted non-view external cal...

PT-2022-26754 · Tenda · Tenda Ac23

Name of the Vulnerable Software and Affected Versions: Tenda AC23 version 16.03.07.45 cn Description: A stack overflow issue was discovered via the wpapsk crypto parameter in the fromSetWirelessRepeat function. This issue may allow for exploitation, potentially leading to unauthorized access or...

WinRAR 3.30 - Filename Local Buffer Overflow (2)

WinRAR 3.30 - Filename Local Buffer Overflow 2 / IHS public source code WinRAR 3.3.0 and below local BOF exploit author : c0d3r , kaveh razavi advisory : http://www.securityfocus.com/archive/1/420679 tnx to alpha who reported the vulnerability workaround: use the lastest version special tnx to Lo...

Advisory: Corrupt RPM Query Vulnerability

Description: Arbitrary command executing on query of corrupt RPM files note: you do not have to install the file to be affected Severity: Very Low to Low Unless running an lpd with no access restrictions, in which case, it may allow remote compromize. Affects: rpm-4.0.2-7x probably also earlier...

FreeBSD-SA-00:24.libedit

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:24 Security Advisory FreeBSD, Inc. Topic: libedit reads config file from current directory Category: core Module: libedit Announced: 2000-07-05 Affects: All versions of...