Security

CVE ID : CVE-2010-20121

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-27721

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : Unauthorized users can access INFINITT PACS System Manager without proper authorization,
which could lead to unauthorized access to system resources.

Severity: 8.7 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3128

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : A remote unauthenticated attacker who has bypassed authentication could
execute arbitrary OS commands to disclose, tamper with, destroy or
delete information in Mitsubishi Electric smartRTU, or cause a denial-of
service condition on the product.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53763

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : Improper access control in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-53795

Published : Aug. 21, 2025, 8:15 p.m. | 5 hours, 4 minutes ago

Description : Improper authorization in Microsoft PC Manager allows an unauthorized attacker to elevate privileges over a network.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-55105

Published : Aug. 21, 2025, 8:15 p.m. | 4 hours, 39 minutes ago

Description : There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-55107

Published : Aug. 21, 2025, 8:15 p.m. | 4 hours, 39 minutes ago

Description : There is a stored
Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites
versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to
inject malicious a file with an embedded xss script which when loaded could
potentially execute arbitrary JavaScript code in the victim’s browser. The
privileges required to execute this attack are high. The attack could
disclose a privileged token which may result in the attacker gaining full
control of the Portal.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-55106

Published : Aug. 21, 2025, 8:15 p.m. | 4 hours, 39 minutes ago

Description : There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 – 11.4 that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-55231

Published : Aug. 21, 2025, 8:15 p.m. | 4 hours, 39 minutes ago

Description : Concurrent execution using shared resource with improper synchronization (‘race condition’) in Windows Storage allows an unauthorized attacker to execute code over a network.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-55230

Published : Aug. 21, 2025, 8:15 p.m. | 4 hours, 39 minutes ago

Description : Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.

Severity: 7.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-55229

Published : Aug. 21, 2025, 8:15 p.m. | 4 hours, 39 minutes ago

Description : Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2009-20002

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : Millenium MP3 Studio versions up to and including 2.0 is vulnerable to a stack-based buffer overflow when parsing .pls playlist files. The application fails to properly validate the length of the File1 field within the playlist, allowing an attacker to craft a malicious .pls file that overwrites the Structured Exception Handler (SEH) and executes arbitrary code. Exploitation requires the victim to open the file locally, though remote execution may be possible if the .pls extension is registered to the application and opened via a browser.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2009-20003

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-20113

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : EasyFTP Server 1.7.0.11 and earlier contains a stack-based buffer overflow vulnerability in its HTTP interface. When processing a GET request to list.html, the server fails to properly validate the length of the path parameter. Supplying an excessively long value causes a buffer overflow on the stack, potentially corrupting control flow structures. The vulnerability is exposed through the embedded web server and does not require authentication due to default anonymous access. The issue was resolved in version 1.7.0.12, after which the product was renamed to UplusFtp.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-20108

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : FTPPad
Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-20007

Published : Aug. 21, 2025, 9:15 p.m. | 3 hours, 39 minutes ago

Description : Seagull FTP Client
Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-20107

Published : Aug. 21, 2025, 9:15 p.m. | 3 hours, 39 minutes ago

Description : A stack-based buffer overflow exists in FTP Synchronizer Professional
Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2009-20004

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : gAlan 0.2.1, a modular audio processing environment for Windows, is vulnerable to a stack-based buffer overflow when parsing .galan files. The application fails to properly validate the length of input data, allowing a specially crafted file to overwrite the stack and execute arbitrary code. Exploitation requires local interaction, typically by convincing a user to open the malicious file.

Severity: 8.4 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-20034

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : Gekko Manager FTP Client
Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2010-20115

Published : Aug. 21, 2025, 9:15 p.m. | 4 hours, 4 minutes ago

Description : Arcane Software’s Vermillion FTP Daemon (vftpd) versions up to and including 1.31 contains a memory corruption vulnerability triggered by a malformed FTP PORT command. The flaw arises from an out-of-bounds array access during input parsing, allowing an attacker to manipulate stack memory and potentially execute arbitrary code. Exploitation requires direct access to the FTP service and is constrained by a single execution attempt if the daemon is installed as a Windows service.

Severity: 9.3 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…