CVE-2010-20113 – EasyFTP Server Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2010-20113

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2009-20004 – GAlan Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2009-20004

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : gAlan 0.2.1, a modular audio processing environment for Windows, is vulnerable to a stack-based buffer overflow when parsing .galan files. The application fails to properly validate the length of input data, allowing a specially crafted file to overwrite the stack and execute arbitrary code. Exploitation requires local interaction, typically by convincing a user to open the malicious file.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2010-20034 – Gekko Manager FTP Client FTP Buffer Overflow

CVE ID : CVE-2010-20034

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : Gekko Manager FTP Client
Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2010-20115 – Arcane Software Vermillion FTP Daemon PORT Command Memory Corruption Vulnerability

CVE ID : CVE-2010-20115

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2010-20122 – Xftp FTP Client Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2010-20122

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : Xftp FTP Client version up to and including 3.0 (build 0238) contain a stack-based buffer overflow vulnerability triggered by a maliciously crafted PWD response from an FTP server. When the client connects to a server and receives an overly long directory string in response to the PWD command, the client fails to properly validate the length of the input before copying it into a fixed-size buffer. This results in memory corruption and allows remote attackers to execute arbitrary code on the client system.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2010-20123 – Steinberg MyMP3Player Stack-Based Buffer Overflow Vulnerability

CVE ID : CVE-2010-20123

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : Steinberg MyMP3Player version 3.0 (build 3.0.0.67) is vulnerable to a stack-based buffer overflow when parsing .m3u playlist files. The application fails to properly validate the length of input data within the playlist, allowing a specially crafted file to overwrite critical memory structures and execute arbitrary code. This vulnerability can be exploited locally by convincing a user to open a malicious .m3u file.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2010-20120 – Maple Maplet Remote Code Execution

CVE ID : CVE-2010-20120

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : Maple versions up to and including 13’s Maplet framework allows embedded commands to be executed automatically when a .maplet file is opened. This behavior bypasses standard security restrictions that normally prevent code execution in regular Maple worksheets. The vulnerability enables attackers to craft malicious .maplet files that execute arbitrary code without user interaction.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2010-20114 – VariCAD EN Stack-Based Buffer Overflow

CVE ID : CVE-2010-20114

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : VariCAD EN up to and including version 2010-2.05 is vulnerable to a stack-based buffer overflow when parsing .dwb drawing files. The application fails to properly validate the length of input data embedded in the file, allowing a crafted .dwb file to overwrite critical memory structures. This flaw can be exploited locally by convincing a user to open a malicious file, resulting in arbitrary code execution.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-43747 – Liferay DXP SSRF

CVE ID : CVE-2025-43747

Published : Aug. 21, 2025, 9:15 p.m. | 3 hours, 39 minutes ago

Description : A server-side request forgery (SSRF) vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation is not distinguishing between trusted subdomains and malicious domains.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-51606 – Hippo4J JWT Secret Key Hard-Coded Vulnerability

CVE ID : CVE-2025-51606

Published : Aug. 21, 2025, 9:15 p.m. | 3 hours, 39 minutes ago

Description : hippo4j 1.0.0 to 1.5.0, uses a hard-coded secret key in its JWT (JSON Web Token) creation. This allows attackers with access to the source code or compiled binary to forge valid access tokens and impersonate any user, including privileged ones such as “admin”. The vulnerability poses a critical security risk in systems where authentication and authorization rely on the integrity of JWTs.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2023-3948 – CVE-2021-4034: Cisco ASA SSL/TLS Downgrade Vulnerability

CVE ID : CVE-2023-3948

Published : Aug. 21, 2025, 11:15 p.m. | 1 hour, 39 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2023-4143 – Apache Struts Remote Code Execution Vulnerability

CVE ID : CVE-2023-4143

Published : Aug. 21, 2025, 11:15 p.m. | 1 hour, 39 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2023-4131 – CVE-2022-1234: OpenSSL SSL/TLS Denial of Service

CVE ID : CVE-2023-4131

Published : Aug. 21, 2025, 11:15 p.m. | 1 hour, 39 minutes ago

Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-43753 – Liferay Portal Liferay DXP Reflected Cross-Site Scripting (XSS)

CVE ID : CVE-2025-43753

Published : Aug. 21, 2025, 11:15 p.m. | 1 hour, 39 minutes ago

Description : A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.32 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 update 32 through update 92 allows an remote authenticated user to inject JavaScript into the embedded message field from the form container.

Severity: 2.1 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…