CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 2CVE-2011-10020 – Kaillera 0.86 Server DoS via Malformed UDP Packet
https://notcve.org/view.php?id=CVE-2011-10020
20 Aug 2025 — Kaillera Server version 0.86 is vulnerable to a denial-of-service condition triggered by sending a malformed UDP packet after the initial handshake. Once a client sends a valid HELLO0.83 packet and receives a response, any subsequent malformed packet causes the server to crash and become unresponsive. This flaw stems from improper input validation in the server’s UDP packet handler, allowing unauthenticated remote attackers to disrupt service availability. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/auxiliary/dos/windows/games/kaillera.rb • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2012-10043 – ActFax 4.32 Client Importer Buffer Overflow
https://notcve.org/view.php?id=CVE-2012-10043
08 Aug 2025 — A stack-based buffer overflow vulnerability exists in ActFax Server version 4.32, specifically in the "Import Users from File" functionality of the client interface. The application fails to properly validate the length of tab-delimited fields in .exp files, leading to unsafe usage of strcpy() during CSV parsing. An attacker can exploit this vulnerability by crafting a malicious .exp file and importing it using the default character set "ECMA-94 / Latin 1 (ISO 8859)". Successful exploitation may result in a... • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/actfax_import_users_bof.rb • CWE-121: Stack-based Buffer Overflow •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 2CVE-2025-34110 – ColoradoFTP Server <= 1.3 Build 8 Path Traversal Information Disclosure
https://notcve.org/view.php?id=CVE-2025-34110
15 Jul 2025 — A directory traversal vulnerability exists in ColoradoFTP Server ≤ 1.3 Build 8 for Windows, allowing unauthenticated attackers to read or write arbitrary files outside the configured FTP root directory. The flaw is due to insufficient sanitation of user-supplied file paths in the FTP GET and PUT command handlers. Exploitation is possible by submitting traversal sequences during FTP operations, enabling access to system-sensitive files. This issue affects only the Windows version of ColoradoFTP. • https://bitbucket.org/nolife/coloradoftp/commits/16a60c4a74ef477cd8c16ca82442eaab2fbe8c86 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-306: Missing Authentication for Critical Function CWE-552: Files or Directories Accessible to External Parties •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-27616 – Vela Server has Insufficient Webhook Payload Data Verification
https://notcve.org/view.php?id=CVE-2025-27616
28 Feb 2025 — Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Prior to versions 0.25.3 and 0.26.3, by spoofing a webhook payload with a specific set of headers and body data, an attacker could transfer ownership of a repository and its repo level secrets to a separate repository. These secrets could be exfiltrated by follow up builds to the repository. Users with an enabled repository with access to repo level CI secrets in Vela are vulnerable to the exploit, and any... • https://github.com/go-vela/server/commit/257886e5a3eea518548387885894e239668584f5 • CWE-290: Authentication Bypass by Spoofing CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-2406 – Gacjie Server Upload.php index unrestricted upload
https://notcve.org/view.php?id=CVE-2024-2406
12 Mar 2024 — A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. This affects the function index of the file /app/admin/controller/Upload.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://note.zhaoj.in/share/7kZiVRqSuiMx • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2021-43445
https://notcve.org/view.php?id=CVE-2021-43445
23 Jan 2023 — ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key. Todas las versiones de ONLYOFFICE con fecha posterior al 08/11/2021 se ven afectadas por un control de acceso incorrecto. Un atacante puede autenticarse con el servicio de socket web del editor de documentos ONLYOFFICE que está protegido por la autenticación JWT mediante ... • https://github.com/ONLYOFFICE/server • CWE-287: Improper Authentication •
CVSS: 6.4EPSS: 4%CPEs: 1EXPL: 1CVE-2021-43446
https://notcve.org/view.php?id=CVE-2021-43446
23 Jan 2023 — ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS). The "macros" feature of the document editor allows malicious cross site scripting payloads to be used. Todas las versiones de ONLYOFFICE con fecha posterior al 08/11/2021 son vulnerables a Cross Site Scripting (XSS). La función "macros" del editor de documentos permite realizar cross site scripting. • https://github.com/ONLYOFFICE/server • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43447
https://notcve.org/view.php?id=CVE-2021-43447
23 Jan 2023 — ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An authentication bypass in the document editor allows attackers to edit documents without authentication. • https://github.com/ONLYOFFICE/server • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-43448
https://notcve.org/view.php?id=CVE-2021-43448
23 Jan 2023 — ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation. A lack of input validation can allow an attacker to spoof the names of users who interact with a document, if the document id is known. Todas las versiones de ONLYOFFICE con fecha posterior al 08/11/2021 son vulnerables a una validación de entrada incorrecta. La falta de validación de entrada puede permitir que un atacante falsifique los nombres de los usuarios que interactúan con un documento, si se conoce la identificació... • https://github.com/ONLYOFFICE/server • CWE-20: Improper Input Validation •
CVSS: 9.4EPSS: 1%CPEs: 1EXPL: 1CVE-2021-43449
https://notcve.org/view.php?id=CVE-2021-43449
23 Jan 2023 — ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF). The document editor service can be abused to read and serve arbitrary URLs as a document. Todas las versiones de ONLYOFFICE con fecha posterior al 08/11/2021 se ven afectadas por una vulnerabilidad Server-Side Request Forgery (SSRF). Se puede abusar del servicio de edición de documentos para leer y servir URL arbitrarias como documento. • https://github.com/ONLYOFFICE/server • CWE-918: Server-Side Request Forgery (SSRF) •