Critical · CVSS 9.3
VestaCP commit a3f0fa1 (2018-05-31) up to commit ee03eff (2018-06-13) contain embedded malicious code that resulted in a supply-chain compromise. New installations created from the compromised installer since at least May 2018 were subject to installation of Linux/ChachaDDoS, a multi-stage DDoS bot that uses Lua for second- and third-stage components. The compromise leaked administrative credentials (base64-encoded admin password and server domain) to an external URL during installation and/or resulted in the installer dropping and executing a DDoS malware payload under local system privileges. Compromised servers were subsequently observed participating in large-scale DDoS activity. Vesta acknowledged exploitation in the wild in October 2018.
Published Oct 15, 2025 · Updated Jun 23, 2026
Critical · CVSS 9.3
D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life.
Published Oct 29, 2025 · Updated May 14, 2026
High · CVSS 7.5
Qemu has a Buffer Overflow in rtl8139_do_receive in hw/net/rtl8139.c because an incorrect integer data type is used.
Published Oct 9, 2018 · Updated Apr 28, 2026
Medium · CVSS 4.3
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.
Published Oct 31, 2018 · Updated Apr 16, 2026
Medium · CVSS 4.3
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
Published Oct 31, 2018 · Updated Apr 15, 2026
Medium · CVSS 4.4
Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.
Published Oct 31, 2018 · Updated Apr 15, 2026
Critical · CVSS 9.8
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in the /inc/root.php file in versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to download arbitrary files from the server and upload arbitrary files that can be used for remote code execution.
Published Oct 16, 2024 · Updated Apr 8, 2026
Critical · CVSS 10
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the vendor. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.
Published Oct 20, 2025 · Updated Apr 7, 2026
Unknown · CVSS Not scored
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.
Published Oct 24, 2018 · Updated Mar 2, 2026
High · CVSS 7.5
The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().
Published Oct 3, 2019 · Updated Dec 17, 2025
High · CVSS 7.5
The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().
Published Oct 3, 2019 · Updated Dec 3, 2025
High · CVSS 7.5
The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().
Published Oct 3, 2019 · Updated Dec 3, 2025
High · CVSS 7.5
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).
Published Oct 3, 2019 · Updated Dec 3, 2025
High · CVSS 7.5
The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().
Published Oct 3, 2019 · Updated Dec 3, 2025
High · CVSS 7.5
The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().
Published Oct 3, 2019 · Updated Dec 3, 2025
High · CVSS 7
The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().
Published Oct 3, 2019 · Updated Dec 3, 2025
Critical · CVSS 9.8
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).
Published Oct 3, 2019 · Updated Dec 3, 2025
Critical · CVSS 9.8
The ICMPv6 parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp6.c.
Published Oct 3, 2019 · Updated Dec 3, 2025
Critical · CVSS 9.8
The HNCP parser in tcpdump before 4.9.3 has a buffer over-read in print-hncp.c:print_prefix().
Published Oct 3, 2019 · Updated Dec 3, 2025
Critical · CVSS 9.8
The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_print() (MP_REACH_NLRI).
Published Oct 3, 2019 · Updated Dec 3, 2025
High · CVSS 7.5
The BGP parser in tcpdump before 4.9.3 allows stack consumption in print-bgp.c:bgp_attr_print() because of unlimited recursion.
Published Oct 3, 2019 · Updated Dec 3, 2025
Critical · CVSS 9.8
The SMB parser in tcpdump before 4.9.3 has buffer over-reads in print-smb.c:print_trans() for \MAILSLOT\BROWSE and \PIPE\LANMAN.
Published Oct 3, 2019 · Updated Dec 3, 2025
High · CVSS 7.5
The SMB parser in tcpdump before 4.9.3 has stack exhaustion in smbutil.c:smb_fdata() via recursion.
Published Oct 3, 2019 · Updated Dec 3, 2025
Medium · CVSS 5.1
Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting (XSS) via the "fusionwindow" parameter. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Published Oct 30, 2025 · Updated Nov 17, 2025
High · CVSS 8.5
Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing component. MRTG-related processes/scripts executed with excessive privileges, allowing a local attacker with limited system access to abuse file/command execution paths or writable resources to gain elevated privileges.
Published Oct 30, 2025 · Updated Nov 17, 2025
High · CVSS 8.7
Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inject commands or otherwise execute arbitrary code with the privileges of the application service.
Published Oct 30, 2025 · Updated Nov 17, 2025
Medium · CVSS 5.1
Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser.
Published Oct 30, 2025 · Updated Nov 17, 2025
Unknown · CVSS Not scored
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
Published Oct 11, 2018 · Updated Nov 4, 2025
High · CVSS 7.8 · CISA KEV
An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
Published Oct 10, 2018 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06.23_CN(AC10). A command Injection vulnerability allows attackers to execute arbitrary OS commands via a crafted goform/setUsbUnload request. This occurs because the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input.
Published Oct 30, 2018 · Updated Oct 21, 2025
High · CVSS 8 · CISA KEV
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later
Published Oct 28, 2020 · Updated Oct 21, 2025
Critical · CVSS 9.8 · CISA KEV
If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
Published Oct 28, 2020 · Updated Oct 21, 2025
Medium · CVSS 6.1 · CISA KEV
If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109.
Published Oct 28, 2020 · Updated Oct 21, 2025
Unknown · CVSS Not scored
A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected as unauthorized."
Published Oct 16, 2018 · Updated Aug 29, 2025
High · CVSS 8.8
A buffer overflow vulnerability in the dhcp6 client of systemd allows a malicious dhcp6 server to overwrite heap memory in systemd-networkd. Affected releases are systemd: versions up to and including 239.
Published Oct 26, 2018 · Updated Jun 9, 2025
High · CVSS 7
A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. Affected releases are systemd versions up to and including 239.
Published Oct 26, 2018 · Updated Jun 9, 2025
High · CVSS 7.8
A race condition in chown_one() of systemd allows an attacker to cause systemd to set arbitrary permissions on arbitrary files. Affected releases are systemd versions up to and including 239.
Published Oct 26, 2018 · Updated Jun 9, 2025
Critical · CVSS 9.8
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
Published Oct 12, 2022 · Updated May 16, 2025
Critical · CVSS 9.8
dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 2 of 2).
Published Oct 12, 2022 · Updated May 16, 2025
High · CVSS 7.5
snmp_oid_compare in snmplib/snmp_api.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an unauthenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
Published Oct 8, 2018 · Updated May 6, 2025
Critical · CVSS 9.8
IBM FlashSystem 900 product GUI allows a specially crafted attack to bypass the authentication requirements of the system, resulting in the ability to remotely change the superuser password. This can be used by an attacker to gain administrative control or to deny service. IBM X-Force ID: 150296.
Published Oct 18, 2018 · Updated Feb 13, 2025
Unknown · CVSS Not scored
A vulnerability in the VLAN Trunking Protocol (VTP) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to corrupt the internal VTP database on an affected device and cause a denial of service (DoS) condition. The vulnerability is due to a logic error in how the affected software handles a subset of VTP packets. An attacker could exploit this vulnerability by sending VTP packets in a sequence that triggers a timeout in the VTP message processing code of the affected software. A successful exploit could allow the attacker to impact the ability to create, modify, or delete VLANs and cause a DoS condition. There are workarounds that address this vulnerability. This vulnerability affects Cisco devices that are running a vulnerable release of Cisco IOS Software or Cisco IOS XE Software, are operating in VTP client mode or VTP server mode, and do not have a VTP domain name configured. The default configuration for Cisco devices that are running Cisco IOS Software or Cisco IOS XE Software and support VTP is to operate in VTP server mode with no domain name configured.
Published Oct 5, 2018 · Updated Nov 26, 2024
Unknown · CVSS Not scored
A vulnerability in the web-based UI of Cisco Secure Access Control Server could allow an authenticated, remote attacker to gain read access to certain information in an affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file.
Published Oct 5, 2018 · Updated Nov 26, 2024
Unknown · CVSS Not scored
A vulnerability in TCP connection management in Cisco Prime Access Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition when the application unexpectedly restarts. The vulnerability is due to incorrect handling of incoming TCP SYN packets to specific listening ports. The improper handling of the TCP SYN packets could cause a system file description to be allocated and not freed. An attacker could exploit this vulnerability by sending a crafted stream of TCP SYN packets to the application. A successful exploit could allow the attacker to cause the application to eventually restart if a file description cannot be obtained.
Published Oct 5, 2018 · Updated Nov 26, 2024
Unknown · CVSS Not scored
A vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. The vulnerability is due to folder permissions that grant a user the permission to read, write, and execute files in the Webex folders. An attacker could exploit this vulnerability to write malicious files to the Webex client directory, affecting all other users of the targeted device. A successful exploit could allow a user to execute commands with elevated privileges. Attacks on single-user systems are less likely to occur, as the attack must be carried out by the user on the user's own system. Multiuser systems have a higher risk of exploitation because folder permissions have an impact on all users of the device. For an attacker to exploit this vulnerability successfully, a second user must execute the locally installed malicious file to allow remote code execution to occur.
Published Oct 5, 2018 · Updated Nov 26, 2024
Unknown · CVSS Not scored
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to cause a denial of service condition or to execute arbitrary code. The vulnerability is due to improper boundary restrictions on user-supplied input in the Guest user feature of the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device, triggering a buffer overflow condition. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a denial of service condition, or could allow the attacker to execute arbitrary code.
Published Oct 5, 2018 · Updated Nov 26, 2024
Unknown · CVSS Not scored
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary commands. The vulnerability is due to improper validation of user-supplied input to scripts by the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the root user.
Published Oct 5, 2018 · Updated Nov 26, 2024
Unknown · CVSS Not scored
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to a targeted device. A successful exploit could allow the attacker to gain access to sensitive configuration information, including user authentication credentials.
Published Oct 5, 2018 · Updated Nov 26, 2024
Unknown · CVSS Not scored
A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within the web-based management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted device. A successful exploit could allow the attacker to gain access to arbitrary files on the affected device, resulting in the disclosure of sensitive information.
Published Oct 5, 2018 · Updated Nov 26, 2024
Unknown · CVSS Not scored
A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Software could allow an authenticated, remote attacker to inject and execute arbitrary commands with root privileges on an affected device. The vulnerability is due to insufficient validation of command input by the affected software. An attacker could exploit this vulnerability by sending crafted commands to the web-based management interface of the affected software. A successful exploit could allow the attacker to inject and execute arbitrary, system-level commands with root privileges on an affected device.
Published Oct 5, 2018 · Updated Nov 26, 2024