CVE-2025-27505

GeoServer contains a REST API index authorization bypass vulnerability (CVE-2025-27505). The REST security excludes paths with extensions (for example rest.html), allowing unauthenticated access to the REST API Index and potentially revealing installed extensions and API endpoints. Affected codep...

CVE-2024-31988

XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, b...

EUVD-2024-1290

XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, b...

CVE-2023-22465 Http4s has fatal error parsing User-Agent and Server headers

Http4s is a Scala interface for HTTP services. Starting with version 0.1.0 and prior to versions 0.21.34, 0.22.15, 0.23.17, and 1.0.0-M38, the User-Agent and Server header parsers are susceptible to a fatal error on certain inputs. In http4s, modeled headers are lazily parsed, so this only applie...

PT-2021-15554 · Unknown · Unisharp/Laravel-Filemanager

Name of the Vulnerable Software and Affected Versions: unisharp/laravel-filemanager versions prior to 2.6.2 Description: The issue arises from insufficient validation of file types during the upload process, specifically in the upload function. This allows an attacker to potentially upload...

Honeyd remote detection vulnerability via a probe packet

Background Honeyd is a virtual honeypot daemon that can simulate virtual hosts on unallocated IP addresses. Description A bug in handling NMAP fingerprints caused Honeyd to reply to TCP packets with both the SYN and RST flags set. Watching for replies, it is possible to detect IP addresses...