π¨ CVE-2022-23949
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
π@cveNotify
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.
π@cveNotify
GitHub
Validate user ID in all public interfaces Β· keylime/keylime@387e320
The user ID is read from the config file, or from some public REST API.
We should validate that is composed with valid set of chars.
Signed-off-by: Alberto Planas <aplanas@suse.com>
We should validate that is composed with valid set of chars.
Signed-off-by: Alberto Planas <aplanas@suse.com>
π¨ CVE-2022-23950
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
π@cveNotify
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.
π@cveNotify
GitHub
revocation_notifier: move zmq socket to /var/run/keylime Β· keylime/keylime@ea5d037
Currently we are placing the zmq IPC socket in /tmp, that can be
accessed by all the users.
This patch moves the socket into /var/run/keylime, making sure that the
directory is created and present...
accessed by all the users.
This patch moves the socket into /var/run/keylime, making sure that the
directory is created and present...
π¨ CVE-2022-23951
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
π@cveNotify
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.
π@cveNotify
GitHub
tpm: do not compress quote with zlib by default Β· keylime/keylime@6e44758
Pythons zlib decompression has no mitigations against zip bombs or similar
attacks, so we remove the compression for the quote data.
The data itself is rather small compared to the IMA or UEFI eve...
attacks, so we remove the compression for the quote data.
The data itself is rather small compared to the IMA or UEFI eve...
π¨ CVE-2025-30440
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass ASLR.
π@cveNotify
The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass ASLR.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.5 - Apple Support
This document describes the security content of macOS Sequoia 15.5.
π¨ CVE-2025-31213
A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.
π@cveNotify
A logging issue was addressed with improved data redaction. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to access associated usernames and websites in a user's iCloud Keychain.
π@cveNotify
Apple Support
About the security content of iPadOS 17.7.7 - Apple Support
This document describes the security content of iPadOS 17.7.7.
π¨ CVE-2025-31217
The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
π@cveNotify
The issue was addressed with improved input validation. This issue is fixed in watchOS 11.5, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, Safari 18.5. Processing maliciously crafted web content may lead to an unexpected Safari crash.
π@cveNotify
Apple Support
About the security content of iOS 18.5 and iPadOS 18.5 - Apple Support
This document describes the security content of iOS 18.5 and iPadOS 18.5.
π¨ CVE-2025-31218
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to observe the hostnames of new network connections.
π@cveNotify
This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.5. An app may be able to observe the hostnames of new network connections.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.5 - Apple Support
This document describes the security content of macOS Sequoia 15.5.
π¨ CVE-2025-31219
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. An attacker may be able to cause unexpected system termination or corrupt kernel memory.
π@cveNotify
Apple Support
About the security content of iOS 18.5 and iPadOS 18.5 - Apple Support
This document describes the security content of iOS 18.5 and iPadOS 18.5.
π¨ CVE-2025-31220
A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information.
π@cveNotify
A privacy issue was addressed by removing sensitive data. This issue is fixed in iPadOS 17.7.7, macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. A malicious app may be able to read sensitive location information.
π@cveNotify
Apple Support
About the security content of iPadOS 17.7.7 - Apple Support
This document describes the security content of iPadOS 17.7.7.
π¨ CVE-2025-32440
NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14.
π@cveNotify
NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14.
π@cveNotify
GitHub
Release v25.4.14 - Styling, Workflows and other fixes Β· jokob-sk/NetAlertX
Hi,
This is a small release to fix some of the outstanding styling issues and a workflow issue, where a newly created workflow won't trigger unless the trigger type is changed.
Best,
Jokob
What...
This is a small release to fix some of the outstanding styling issues and a workflow issue, where a newly created workflow won't trigger unless the trigger type is changed.
Best,
Jokob
What...
π¨ CVE-2025-40911
Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.
Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.
Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.
π@cveNotify
Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses.
Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.
Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.
π@cveNotify
blog.urth.org
Security Issues in Perl IP Address distros
Edit on 2021-03-29 21:40(ish) UTC: Added Net-Subnet (appears unaffected) and reordered the details to match the list at the top of the post.
Edit on 2021-03-30 14:50(ish) UTC: Added Net-Works (appears unaffected).
Edit on 2021-03-30 15:40(ish) UTC: Addedβ¦
Edit on 2021-03-30 14:50(ish) UTC: Added Net-Works (appears unaffected).
Edit on 2021-03-30 15:40(ish) UTC: Addedβ¦
π¨ CVE-2024-3669
The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
The Web Directory Free WordPress plugin before 1.7.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
WPScan
Web Directory Free < 1.7.2 - Reflected XSS
See details on Web Directory Free < 1.7.2 - Reflected XSS CVE 2024-3669. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-4096
The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks
π@cveNotify
The Responsive Tabs WordPress plugin through 4.0.8 does not sanitise and escape some of its Tab settings, which could allow high privilege users such as Contributors and above to perform Stored Cross-Site Scripting attacks
π@cveNotify
WPScan
Responsive Tabs < 4.0.11 - Contributor+ Stored XSS
See details on Responsive Tabs < 4.0.11 - Contributor+ Stored XSS CVE 2024-4096. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5765
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
π@cveNotify
The WpStickyBar WordPress plugin through 2.1.0 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection
π@cveNotify
WPScan
WpStickyBar <= 2.1.0 - Unauthenticated SQLi
See details on WpStickyBar <= 2.1.0 - Unauthenticated SQLi CVE 2024-5765. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5807
The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.
π@cveNotify
The Business Card WordPress plugin through 1.0.0 does not prevent high privilege users like administrators from uploading malicious PHP files, which could allow them to run arbitrary code on servers hosting their site, even in MultiSite configurations.
π@cveNotify
WPScan
Business Card <= 1.0.0 - Admin+ File Upload
See details on Business Card <= 1.0.0 - Admin+ File Upload CVE 2024-5807. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5808
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack
π@cveNotify
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not have CSRF check in place when deleting emails from the email list, which could allow attackers to make a logged in admin perform such action via a CSRF attack
π@cveNotify
WPScan
WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF
See details on WP Ajax Contact Form <= 2.2.2 - Arbitrary Email Deletion via CSRF CVE 2024-5808. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-5809
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users
π@cveNotify
The WP Ajax Contact Form WordPress plugin through 2.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin users
π@cveNotify
WPScan
WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting
See details on WP Ajax Contact Form <= 2.2.2 - Reflected Cross-Site Scripting CVE 2024-5809. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2025-4816
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Sourcecodester Doctor's Appointment System V1.0 admin/appointment.php SQL injection Β· Issue #8 Β· Xiaoyi-ing/CVE
Sourcecodester Doctor's Appointment System V1.0 admin/appointment.php SQL injection NAME OF AFFECTED PRODUCT(S) Doctor's Appointment System V1.0 Vendor Homepage https://www.sourcecodester.c...
π¨ CVE-2025-4817
A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Sourcecodester Doctor's Appointment System V1.0 admin/delete-appointment.php SQL injection Β· Issue #9 Β· Xiaoyi-ing/CVE
Sourcecodester Doctor's Appointment System V1.0 admin/delete-appointment.php SQL injection NAME OF AFFECTED PRODUCT(S) Doctor's Appointment System V1.0 Vendor Homepage https://www.sourcecod...
π¨ CVE-2025-4818
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
Sourcecodester Doctor's Appointment System V1.0 admin/delete-doctor.php SQL injection Β· Issue #10 Β· Xiaoyi-ing/CVE
Sourcecodester Doctor's Appointment System V1.0 admin/delete-doctor.php SQL injection NAME OF AFFECTED PRODUCT(S) Doctor's Appointment System V1.0 Vendor Homepage https://www.sourcecodester...
π¨ CVE-2024-51106
A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter.
π@cveNotify
A cross-site scripting (XSS) vulnerability in the component mcgs/admin/aboutus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the pagetitle parameter.
π@cveNotify
GitHub
Writeups/CVE/phpGurukul/Medical Card Generation System/Stored XSS-About Us.pdf at main Β· 0xBhushan/Writeups
Contribute to 0xBhushan/Writeups development by creating an account on GitHub.