Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution

Creolabs Gravity 1.0 contains a stack based buffer overflow in the operator_string_add function, resulting in remote code execution.

rust-base64 version <= 0.5.1 is vulnerable to a buffer overflow when calculating the size of a buffer to use when encoding base64 using the 'encode_config_buf' and 'encode_config' functions

b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation (backslash and single quote escape) in basic install functionality resulting in unauthenticated attacker gaining PHP code execution...

Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in the read_gif function resulting potential code execution

The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows...

NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This af...

A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using certain setuid binaries. This affects NetBSD 7.1 and pos...

A flaw exists in OpenBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code execution using setuid binaries such as /usr/bin/at. This affects OpenB...

The re-key admin monitor was introduced in Jenkins 1.498 and re-encrypted all secrets in JENKINS_HOME with a new key. It also created a backup directory with all old secrets, and the key used to encry...

Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers...

Redis-store <=v1.3.0 allows unsafe objects to be loaded from redis

The SSH Plugin stores credentials which allow jobs to access remote servers via the SSH protocol. User passwords and passphrases for encrypted SSH keys are stored in plaintext in a configuration file.

I, Librarian version <=4.6 & 4.7 is vulnerable to Server-Side Request Forgery in the ajaxsupplement.php resulting in the attacker being able to reset any user's password.

I, Librarian version <=4.6 & 4.7 is vulnerable to OS Command Injection in batchimport.php resulting the web server being fully compromised.

A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.

A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.

nodejs ejs versions older than 2.5.3 is vulnerable to remote code execution due to weak input validation in ejs.renderFile() function

soyuka/pidusage <=1.1.4 is vulnerable to command injection in the module resulting in arbitrary command execution

npm/KyleRoss windows-cpu all versions vulnerable to command injection resulting in code execution as Node.js user

LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.

ROOT xrootd version 4.6.0 and below is vulnerable to an unauthenticated shell command injection resulting in remote code execution

GitPHP by xiphux is vulnerable to OS Command Injections

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then...