CVE-2025-11945 - toeverything AFFiNE Avatar Upload Image Endpoint cross site scripting
CVE ID : CVE-2025-11945
Published : Oct. 19, 2025, 9:15 p.m. | 3 hours, 20 minutes ago
Description : A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11945
Published : Oct. 19, 2025, 9:15 p.m. | 3 hours, 20 minutes ago
Description : A vulnerability was identified in toeverything AFFiNE up to 0.24.1. This vulnerability affects unknown code of the component Avatar Upload Image Endpoint. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11946 - LogicalDOC Community Edition Add Contact frontend.jsp cross site scripting
CVE ID : CVE-2025-11946
Published : Oct. 19, 2025, 10:15 p.m. | 2 hours, 20 minutes ago
Description : A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11946
Published : Oct. 19, 2025, 10:15 p.m. | 2 hours, 20 minutes ago
Description : A security flaw has been discovered in LogicalDOC Community Edition up to 9.2.1. This issue affects some unknown processing of the file /frontend.jsp of the component Add Contact Page. Performing manipulation of the argument First Name/Last Name/Company/Address/Phone/Mobile results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11947 - bftpd Configuration File options.c expand_groups heap-based overflow
CVE ID : CVE-2025-11947
Published : Oct. 19, 2025, 10:15 p.m. | 2 hours, 20 minutes ago
Description : A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11947
Published : Oct. 19, 2025, 10:15 p.m. | 2 hours, 20 minutes ago
Description : A weakness has been identified in bftpd up to 6.2. Impacted is the function expand_groups of the file options.c of the component Configuration File Handler. Executing manipulation can lead to heap-based buffer overflow. It is possible to launch the attack on the local host. Attacks of this nature are highly complex. The exploitability is considered difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-11948 - Excellent Infotek|Document Management System - Arbitrary File Upload
CVE ID : CVE-2025-11948
Published : Oct. 20, 2025, 4:15 a.m. | 20 minutes ago
Description : Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-11948
Published : Oct. 20, 2025, 4:15 a.m. | 20 minutes ago
Description : Document Management System developed by Excellent Infotek has an Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40004 - net/9p: Fix buffer overflow in USB transport layer
CVE ID : CVE-2025-40004
Published : Oct. 20, 2025, 6:15 a.m. | 2 hours, 20 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying allows a malicious USB host to overflow heap buffers. The issue occurs because: - usb9pfs_rx_header() validates only the declared size in packet header - usb9pfs_rx_complete() uses req->actual (actual received bytes) for memcpy This allows an attacker to craft packets with small declared size (bypassing validation) but large actual payload (triggering overflow in memcpy). Add validation in usb9pfs_rx_complete() to ensure req->actual does not exceed the buffer capacity before copying data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40004
Published : Oct. 20, 2025, 6:15 a.m. | 2 hours, 20 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix buffer overflow in USB transport layer A buffer overflow vulnerability exists in the USB 9pfs transport layer where inconsistent size validation between packet header parsing and actual data copying allows a malicious USB host to overflow heap buffers. The issue occurs because: - usb9pfs_rx_header() validates only the declared size in packet header - usb9pfs_rx_complete() uses req->actual (actual received bytes) for memcpy This allows an attacker to craft packets with small declared size (bypassing validation) but large actual payload (triggering overflow in memcpy). Add validation in usb9pfs_rx_complete() to ensure req->actual does not exceed the buffer capacity before copying data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62577 - Fsas Technologies Inc. ETERNUS SF Incorrect Default Permissions Privilege Escalation
CVE ID : CVE-2025-62577
Published : Oct. 20, 2025, 6:15 a.m. | 2 hours, 20 minutes ago
Description : ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62577
Published : Oct. 20, 2025, 6:15 a.m. | 2 hours, 20 minutes ago
Description : ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57837 - "Tileservice Information Disclosure Vulnerability"
CVE ID : CVE-2025-57837
Published : Oct. 20, 2025, 8:12 a.m. | 23 minutes ago
Description : Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57837
Published : Oct. 20, 2025, 8:12 a.m. | 23 minutes ago
Description : Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-31342 - Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type
CVE ID : CVE-2025-31342
Published : Oct. 20, 2025, 8:15 a.m. | 20 minutes ago
Description : An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-31342
Published : Oct. 20, 2025, 8:15 a.m. | 20 minutes ago
Description : An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57838 - Honor Information Leak Vulnerability
CVE ID : CVE-2025-57838
Published : Oct. 20, 2025, 8:15 a.m. | 20 minutes ago
Description : Some Honor products are affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57838
Published : Oct. 20, 2025, 8:15 a.m. | 20 minutes ago
Description : Some Honor products are affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57839 - Adobe Photo Information Leak Vulnerability
CVE ID : CVE-2025-57839
Published : Oct. 20, 2025, 8:15 a.m. | 20 minutes ago
Description : Photo module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57839
Published : Oct. 20, 2025, 8:15 a.m. | 20 minutes ago
Description : Photo module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61932 - Lanscope Endpoint Manager RCE
CVE ID : CVE-2025-61932
Published : Oct. 20, 2025, 8:15 a.m. | 20 minutes ago
Description : Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61932
Published : Oct. 20, 2025, 8:15 a.m. | 20 minutes ago
Description : Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-41028 - SQL injection in Epsilon RH
CVE ID : CVE-2025-41028
Published : Oct. 20, 2025, 9:15 a.m. | 3 hours, 20 minutes ago
Description : A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-41028
Published : Oct. 20, 2025, 9:15 a.m. | 3 hours, 20 minutes ago
Description : A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8349 - Cross-Site Scripting (XSS) stored in Tawk Live Chat
CVE ID : CVE-2025-8349
Published : Oct. 20, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed without proper sanitisation when other users access it. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8349
Published : Oct. 20, 2025, 10:15 a.m. | 2 hours, 20 minutes ago
Description : Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed without proper sanitisation when other users access it. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54957 - Dolby UDC DD+ Decoder Buffer Overflow Vulnerability
CVE ID : CVE-2025-54957
Published : Oct. 20, 2025, 3:15 p.m. | 1 hour, 20 minutes ago
Description : An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can overflow due to an integer wraparound. This can lead to the allocated buffer being too small, and the out-of-bounds check of the subsequent write to be ineffective, leading to an out-of-bounds write.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54957
Published : Oct. 20, 2025, 3:15 p.m. | 1 hour, 20 minutes ago
Description : An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can overflow due to an integer wraparound. This can lead to the allocated buffer being too small, and the out-of-bounds check of the subsequent write to be ineffective, leading to an out-of-bounds write.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-57738 - Apache Syncope: Remote Code Execution by delegated administrators
CVE ID : CVE-2025-57738
Published : Oct. 20, 2025, 3:15 p.m. | 1 hour, 20 minutes ago
Description : Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machinery is set for runtime reload. Such a feature has been available for a while, but recently it was discovered that a malicious administrator can inject Groovy code that can be executed remotely by a running Apache Syncope Core instance. Users are recommended to upgrade to version 3.0.14 / 4.0.2, which fix this issue by forcing the Groovy code to run in a sandbox.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-57738
Published : Oct. 20, 2025, 3:15 p.m. | 1 hour, 20 minutes ago
Description : Apache Syncope offers the ability to extend / customize the base behavior on every deployment by allowing to provide custom implementations of a few Java interfaces; such implementations can be provided either as Java or Groovy classes, with the latter being particularly attractive as the machinery is set for runtime reload. Such a feature has been available for a while, but recently it was discovered that a malicious administrator can inject Groovy code that can be executed remotely by a running Apache Syncope Core instance. Users are recommended to upgrade to version 3.0.14 / 4.0.2, which fix this issue by forcing the Groovy code to run in a sandbox.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61417 - TastyIgniter SVG File XSS Vulnerability
CVE ID : CVE-2025-61417
Published : Oct. 20, 2025, 3:15 p.m. | 1 hour, 20 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to perform unauthorized actions such as modifying the admin account credentials.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61417
Published : Oct. 20, 2025, 3:15 p.m. | 1 hour, 20 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability exists in TastyIgniter 3.7.7, affecting the /admin/media_manager component. Attackers can upload a malicious SVG file containing JavaScript code. When an administrator previews the file, the code executes in their browser context, allowing the attacker to perform unauthorized actions such as modifying the admin account credentials.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-61456 - Bhabishya-123 E-commerce XSS
CVE ID : CVE-2025-61456
Published : Oct. 20, 2025, 3:15 p.m. | 1 hour, 20 minutes ago
Description : A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who visits a malicious link or submits a crafted request.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-61456
Published : Oct. 20, 2025, 3:15 p.m. | 1 hour, 20 minutes ago
Description : A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the index endpoint. Unsanitized input in the /index parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who visits a malicious link or submits a crafted request.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-8884 - IDOR in VHS Electronic Software's ACE Center
CVE ID : CVE-2025-8884
Published : Oct. 20, 2025, 3:15 p.m. | 1 hour, 20 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers.This issue affects ACE Center: from 3.10.100.1768 before 3.10.161.2255.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-8884
Published : Oct. 20, 2025, 3:15 p.m. | 1 hour, 20 minutes ago
Description : Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers.This issue affects ACE Center: from 3.10.100.1768 before 3.10.161.2255.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-62429 - ClipBucket v5 executes arbitrary PHP code
CVE ID : CVE-2025-62429
Published : Oct. 20, 2025, 4:08 p.m. | 28 minutes ago
Description : ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PHP tags and executed. Proper sanitization is not performed, and by injecting malicious code an attacker can execute arbitrary PHP code. This allows an attacker to achieve RCE. This issue has been resolved in version 5.5.2 #147.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-62429
Published : Oct. 20, 2025, 4:08 p.m. | 28 minutes ago
Description : ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.2 #147, ClipBucket v5 is vulnerable to arbitrary PHP code execution. In /upload/admin_area/actions/update_launch.php, the "type" parameter from a POST request is embedded into PHP tags and executed. Proper sanitization is not performed, and by injecting malicious code an attacker can execute arbitrary PHP code. This allows an attacker to achieve RCE. This issue has been resolved in version 5.5.2 #147.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-6515 - Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers
CVE ID : CVE-2025-6515
Published : Oct. 20, 2025, 4:13 p.m. | 22 minutes ago
Description : The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses from the oatpp-mcp server.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-6515
Published : Oct. 20, 2025, 4:13 p.m. | 22 minutes ago
Description : The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses from the oatpp-mcp server.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-55568 - Samsung Exynos Denial of Service (DoS) in MM Packet Processing
CVE ID : CVE-2024-55568
Published : Oct. 20, 2025, 4:15 p.m. | 20 minutes ago
Description : An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The absence of a NULL check leads to a Denial of Service when an attacker sends malformed MM packets to the target.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-55568
Published : Oct. 20, 2025, 4:15 p.m. | 20 minutes ago
Description : An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The absence of a NULL check leads to a Denial of Service when an attacker sends malformed MM packets to the target.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...