π¨ CVE-2024-48291
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
π@cveNotify
dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/doAdminAction.php?act=editAdmin&id=17
π@cveNotify
GitHub
cms/4/readme.md at main Β· Gxxxxxxxxxxxxxxxxxx/cms
Contribute to Gxxxxxxxxxxxxxxxxxx/cms development by creating an account on GitHub.
π¨ CVE-2024-42835
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
π@cveNotify
langflow v1.0.12 was discovered to contain a remote code execution (RCE) vulnerability via the PythonCodeTool component.
π@cveNotify
GitHub
Code Execution vulnerability with tool PythonCodeTool Β· Issue #2908 Β· langflow-ai/langflow
Bug Description When compose an LLM app with langflow, PythonCodeTool is available to developers to implement a tool with StructuredTool in langchain. However, there is a lack of validation for the...
π¨ CVE-2021-21353
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade.
π@cveNotify
Pug is an npm package which is a high-performance template engine. In pug before version 3.0.1, if a remote attacker was able to control the `pretty` option of the pug compiler, e.g. if you spread a user provided object such as the query parameters of a request into the pug template inputs, it was possible for them to achieve remote code execution on the node.js backend. This is fixed in version 3.0.1. This advisory applies to multiple pug packages including "pug", "pug-code-gen". pug-code-gen has a backported fix at version 2.0.3. This advisory is not exploitable if there is no way for un-trusted input to be passed to pug as the `pretty` option, e.g. if you compile templates in advance before applying user input to them, you do not need to upgrade.
π@cveNotify
GitHub
fix: sanitise and escape the `pretty` option (#3314) Β· pugjs/pug@991e78f
Pug β robust, elegant, feature rich template engine for Node.js - fix: sanitise and escape the `pretty` option (#3314) Β· pugjs/pug@991e78f
π¨ CVE-2022-31022
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a nodeβs filesystem where the bleve index resides, if the user has used bleveβs own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit
handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. Version 2.5.0 relocated the `http/` dir used _only_ by bleve-explorer to `blevesearch/bleve-explorer`, thereby addressing the issue. However, the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.
π@cveNotify
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a nodeβs filesystem where the bleve index resides, if the user has used bleveβs own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit
handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. Version 2.5.0 relocated the `http/` dir used _only_ by bleve-explorer to `blevesearch/bleve-explorer`, thereby addressing the issue. However, the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.
π@cveNotify
GitHub
Link security advisory to README (#1694) Β· blevesearch/bleve@1c7509d
A modern text/numeric/geo-spatial/vector indexing library for go - Link security advisory to README (#1694) Β· blevesearch/bleve@1c7509d
π¨ CVE-2021-43310
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.
π@cveNotify
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.
π@cveNotify
GitHub
Keylime: malicious reset or replay of U and V encryption
### Impact
This vulnerability allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. These new keys will break attestati...
This vulnerability allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. These new keys will break attestati...
π¨ CVE-2022-23949
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
π@cveNotify
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
π@cveNotify
GitHub
Validate user ID in all public interfaces Β· keylime/keylime@387e320
The user ID is read from the config file, or from some public REST API.
We should validate that is composed with valid set of chars.
Signed-off-by: Alberto Planas <aplanas@suse.com>
We should validate that is composed with valid set of chars.
Signed-off-by: Alberto Planas <aplanas@suse.com>
π¨ CVE-2022-23950
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
π@cveNotify
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
π@cveNotify
GitHub
revocation_notifier: move zmq socket to /var/run/keylime Β· keylime/keylime@ea5d037
Currently we are placing the zmq IPC socket in /tmp, that can be
accessed by all the users.
This patch moves the socket into /var/run/keylime, making sure that the
directory is created and present...
accessed by all the users.
This patch moves the socket into /var/run/keylime, making sure that the
directory is created and present...
π¨ CVE-2022-23951
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
π@cveNotify
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
π@cveNotify
GitHub
tpm: do not compress quote with zlib by default Β· keylime/keylime@6e44758
Pythons zlib decompression has no mitigations against zip bombs or similar
attacks, so we remove the compression for the quote data.
The data itself is rather small compared to the IMA or UEFI eve...
attacks, so we remove the compression for the quote data.
The data itself is rather small compared to the IMA or UEFI eve...
π¨ CVE-2025-30440
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass ASLR.
π@cveNotify
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass ASLR.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.5 - Apple Support
This document describes the security content of macOS Sequoia 15.5.
π¨ CVE-2025-31213
A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.
π@cveNotify
A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.
π@cveNotify
Apple Support
About the security content of iPadOS 17.7.7 - Apple Support
This document describes the security content of iPadOS 17.7.7.
π¨ CVE-2025-31217
The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
π@cveNotify
The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
π@cveNotify
Apple Support
About the security content of iOS 18.5 and iPadOS 18.5 - Apple Support
This document describes the security content of iOS 18.5 and iPadOS 18.5.
π¨ CVE-2025-31218
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to observe the hostnames of new network connections.
π@cveNotify
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to observe the hostnames of new network connections.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.5 - Apple Support
This document describes the security content of macOS Sequoia 15.5.
π¨ CVE-2025-31219
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
π@cveNotify
Apple Support
About the security content of iOS 18.5 and iPadOS 18.5 - Apple Support
This document describes the security content of iOS 18.5 and iPadOS 18.5.
π¨ CVE-2025-31220
A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information.
π@cveNotify
A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information.
π@cveNotify
Apple Support
About the security content of iPadOS 17.7.7 - Apple Support
This document describes the security content of iPadOS 17.7.7.
π¨ CVE-2025-32440
NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14.
π@cveNotify
NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14.
π@cveNotify
GitHub
Release v25.4.14 - Styling, Workflows and other fixes Β· jokob-sk/NetAlertX
Hi,
This is a small release to fix some of the outstanding styling issues and a workflow issue, where a newly created workflow won't trigger unless the trigger type is changed.
Best,
Jokob
What...
This is a small release to fix some of the outstanding styling issues and a workflow issue, where a newly created workflow won't trigger unless the trigger type is changed.
Best,
Jokob
What...
π¨ CVE-2025-40911
Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.
Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.
Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.
π@cveNotify
Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.
Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.
Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.
π@cveNotify
blog.urth.org
Security Issues in Perl IP Address distros
Edit on 2021-03-29 21:40(ish) UTC: Added Net-Subnet (appears unaffected) and reordered the details to match the list at the top of the post.
Edit on 2021-03-30 14:50(ish) UTC: Added Net-Works (appears unaffected).
Edit on 2021-03-30 15:40(ish) UTC: Addedβ¦
Edit on 2021-03-30 14:50(ish) UTC: Added Net-Works (appears unaffected).
Edit on 2021-03-30 15:40(ish) UTC: Addedβ¦
π¨ CVE-2024-3669
The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
WPScan
Web Directory Free < 1.7.2 - Reflected XSS
See details on Web Directory Free < 1.7.2 - Reflected XSS CVE 2024-3669. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-4096
The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks
π@cveNotify
The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks
π@cveNotify
WPScan
Responsive Tabs < 4.0.11 - Contributor+ Stored XSS
See details on Responsive Tabs < 4.0.11 - Contributor+ Stored XSS CVE 2024-4096. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5765
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
π@cveNotify
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
π@cveNotify
WPScan
WpStickyBar <= 2.1.0 - Unauthenticated SQLi
See details on WpStickyBar <= 2.1.0 - Unauthenticated SQLi CVE 2024-5765. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5807
The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.
π@cveNotify
The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.
π@cveNotify
WPScan
Business Card <= 1.0.0 - Admin+ File Upload
See details on Business Card <= 1.0.0 - Admin+ File Upload CVE 2024-5807. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5808
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack
π@cveNotify
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack
π@cveNotify
WPScan
WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF
See details on WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF CVE 2024-5808. View the latest Plugin Vulnerabilities on WPScan.