π¨ CVE-2024-39690
Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace. Version 0.7.1 contains a patch.
π@cveNotify
Capsule is a multi-tenancy and policy-based framework for Kubernetes. In Capsule v0.7.0 and earlier, the tenant-owner can patch any arbitrary namespace that has not been taken over by a tenant (i.e., namespaces without the ownerReference field), thereby gaining control of that namespace. Version 0.7.1 contains a patch.
π@cveNotify
GitHub
Merge commit from fork Β· projectcapsule/capsule@d620b04
Signed-off-by: Oliver BΓ€hler <oliverbaehler@hotmail.com>
π¨ CVE-2025-47479
Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue affects WP Compress: from n/a through 6.30.30.
π@cveNotify
Weak Authentication vulnerability in AresIT WP Compress allows Authentication Abuse. This issue affects WP Compress: from n/a through 6.30.30.
π@cveNotify
Patchstack
WordPress WP Compress plugin <= 6.30.30 - Broken Authentication Vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-7066
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for image/svg+xml, see CVE-2022-30110 and CVE-2024-12326), video and audio. However, it was possible to bypass this check by sending a manipulated MIME type containing a comma and an other MIME type like text/html (for example image/png,text/html). Browsers see multiple MIME types and text/html would takes precedence, allowing a possible attacker to do a cross-site scripting attack. The check for MIME types was enhanced to prevent a browser preview when the stored MIME type contains a comma.
π@cveNotify
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for image/svg+xml, see CVE-2022-30110 and CVE-2024-12326), video and audio. However, it was possible to bypass this check by sending a manipulated MIME type containing a comma and an other MIME type like text/html (for example image/png,text/html). Browsers see multiple MIME types and text/html would takes precedence, allowing a possible attacker to do a cross-site scripting attack. The check for MIME types was enhanced to prevent a browser preview when the stored MIME type contains a comma.
π@cveNotify
GitLab
Check for commas in MIME type before generating preview (79464ec6) Β· Commits Β· jirafeau / Jirafeau Β· GitLab
It was possible to bypass the preview check by sending a manipulated HTTP request with a MIME type like "image/png,text/html". When parsing the Content-Type of a HTTP response, browsers see...
π¨ CVE-2025-50635
A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.
π@cveNotify
A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.
π@cveNotify
GitHub
Netis-WF2780-cgitest.cgi-Vulnerability/1 at main Β· Chinesexilinyu/Netis-WF2780-cgitest.cgi-Vulnerability
Contribute to Chinesexilinyu/Netis-WF2780-cgitest.cgi-Vulnerability development by creating an account on GitHub.
π¨ CVE-2025-50608
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
π@cveNotify
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
π@cveNotify
GitHub
Netis-WF2880-cgitest.cgi-Vulnerability/1 at main Β· Chinesexilinyu/Netis-WF2880-cgitest.cgi-Vulnerability
Netis-WF2880-cgitest.cgi-Vulnerability. Contribute to Chinesexilinyu/Netis-WF2880-cgitest.cgi-Vulnerability development by creating an account on GitHub.
π¨ CVE-2025-50610
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set_5g in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
π@cveNotify
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set_5g in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
π@cveNotify
GitHub
Netis-WF2880-cgitest.cgi-Vulnerability/3 at main Β· Chinesexilinyu/Netis-WF2880-cgitest.cgi-Vulnerability
Netis-WF2880-cgitest.cgi-Vulnerability. Contribute to Chinesexilinyu/Netis-WF2880-cgitest.cgi-Vulnerability development by creating an account on GitHub.
π¨ CVE-2025-50611
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set_5g and wl_sec_rp_set_5g in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
π@cveNotify
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set_5g and wl_sec_rp_set_5g in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
π@cveNotify
GitHub
Netis-WF2880-cgitest.cgi-Vulnerability/4 at main Β· Chinesexilinyu/Netis-WF2880-cgitest.cgi-Vulnerability
Netis-WF2880-cgitest.cgi-Vulnerability. Contribute to Chinesexilinyu/Netis-WF2880-cgitest.cgi-Vulnerability development by creating an account on GitHub.
π¨ CVE-2025-50612
A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set in the payload, which may cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
π@cveNotify
A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set in the payload, which may cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
π@cveNotify
GitHub
Netis-WF2880-cgitest.cgi-Vulnerability/5 at main Β· Chinesexilinyu/Netis-WF2880-cgitest.cgi-Vulnerability
Netis-WF2880-cgitest.cgi-Vulnerability. Contribute to Chinesexilinyu/Netis-WF2880-cgitest.cgi-Vulnerability development by creating an account on GitHub.
π¨ CVE-2025-50613
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
π@cveNotify
A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
π@cveNotify
GitHub
Netis-WF2880-cgitest.cgi-Vulnerability/6 at main Β· Chinesexilinyu/Netis-WF2880-cgitest.cgi-Vulnerability
Netis-WF2880-cgitest.cgi-Vulnerability. Contribute to Chinesexilinyu/Netis-WF2880-cgitest.cgi-Vulnerability development by creating an account on GitHub.
π¨ CVE-2025-50614
A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
π@cveNotify
A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.
π@cveNotify
GitHub
Netis-WF2880-cgitest.cgi-Vulnerability/7 at main Β· Chinesexilinyu/Netis-WF2880-cgitest.cgi-Vulnerability
Netis-WF2880-cgitest.cgi-Vulnerability. Contribute to Chinesexilinyu/Netis-WF2880-cgitest.cgi-Vulnerability development by creating an account on GitHub.
π¨ CVE-2025-51452
In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
π@cveNotify
In TOTOLINK A7000R firmware 9.1.0u.6115_B20201022, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
π@cveNotify
π¨ CVE-2025-50594
An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password.
π@cveNotify
An issue was discovered in /Code/Websites/DanpheEMR/Controllers/Settings/SecuritySettingsController.cs in Danphe Health Hospital Management System EMR 3.2 allowing attackers to reset any account password.
π@cveNotify
Steve Campbellβs (@lpha3ch0) homepage
Account Takeover in Danphe Health Hospital Management System EMR version 3.2
Any authenticated user can takeover other accounts, including the admin account, due to Broken Function Level Authorization on the /api/SecuritySettings/ResetPassword endpoint.
π¨ CVE-2025-52385
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module
π@cveNotify
An issue in Studio 3T v.2025.1.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the child_process module
π@cveNotify
cwe.mitre.org
CWE -
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (4.19.1)
CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') (4.19.1)
Common Weakness Enumeration (CWE) is a list of software weaknesses.
π¨ CVE-2025-43982
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI.
π@cveNotify
Shenzhen Tuoshi NR500-EA RG500UEAABxCOMSLICv3.4.2731.16.43 devices enable the SSH service by default. There is a hidden hard-coded root account that cannot be disabled in the GUI.
π@cveNotify
GitHub
cve/Tuoshi/CVE-2025-43982.txt at main Β· actuator/cve
Public Cybersecurity Research & Advisories . Contribute to actuator/cve development by creating an account on GitHub.
π¨ CVE-2025-43986
An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication.
π@cveNotify
An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication.
π@cveNotify
GitHub
cve/Kuwfi/CVE-2025-43986.txt at main Β· actuator/cve
Public Cybersecurity Research & Advisories . Contribute to actuator/cve development by creating an account on GitHub.
π¨ CVE-2025-8926
A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
CVE-2025-8926οΌγSourceCodester COVID 19 Testing Management System Project V1.0 /login.php SQL injectionγ Β· Issue #2 Β· lrjbsyh/CVE_Hunter
SourceCodester COVID 19 Testing Management System Project V1.0 /login.php SQL injection NAME OF AFFECTED PRODUCT(S) COVID 19 Testing Management System Vendor Homepage https://www.sourcecodester.com...
π¨ CVE-2011-10018
myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application.
π@cveNotify
myBB version 1.6.4 was distributed with an unauthorized backdoor embedded in the source code. The backdoor allowed remote attackers to execute arbitrary PHP code by injecting payloads into a specially crafted collapsed cookie. This vulnerability was introduced during packaging and was not part of the intended application logic. Exploitation requires no authentication and results in full compromise of the web server under the context of the web application.
π@cveNotify
MyBB Blog
1.6.4 Security Vulnerability
When 1.6.4 was announced almost 3 months ago it was one of the biggest updates MyBB has ever released. It fixed over 100 issues and brought performance improvements for MyBB forums β large orβ¦
π¨ CVE-2012-10055
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.
π@cveNotify
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.
π@cveNotify
π¨ CVE-2025-7808
The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
WPScan
WP Shopify < 1.5.4 - Reflected XSS
See details on WP Shopify < 1.5.4 - Reflected XSS CVE 2025-7808. View the latest Plugin Vulnerabilities on WPScan.
π₯1
π¨ CVE-2024-53945
The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds. Exploitation can lead to full system compromise, including enabling remote access (e.g., enabling telnet).
π@cveNotify
The KuWFi 4G AC900 LTE router 1.0.13 is vulnerable to command injection on the HTTP API endpoints /goform/formMultiApnSetting and /goform/atCmd. An authenticated attacker can execute arbitrary OS commands with root privileges via shell metacharacters in parameters such as pincode and cmds. Exploitation can lead to full system compromise, including enabling remote access (e.g., enabling telnet).
π@cveNotify
GitHub
cve/Kuwfi/CVE-2024-53945.txt at main Β· actuator/cve
Public Cybersecurity Research & Advisories . Contribute to actuator/cve development by creating an account on GitHub.
π₯1
π¨ CVE-2023-3181
The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamerβs Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.
π@cveNotify
The C:\Program Files (x86)\Splashtop\Splashtop Software Updater\uninst.exe process creates a folder at C:\Windows\Temp~nsu.tmp and copies itself to it as Au_.exe. The C:\Windows\Temp~nsu.tmp\Au_.exe file is automatically launched as SYSTEM when the system reboots or when a standard user runs an MSI repair using Splashtop Streamerβs Windows Installer. Since the C:\Windows\Temp~nsu.tmp folder inherits permissions from C:\Windows\Temp and Au_.exe is susceptible to DLL hijacking, standard users can write a malicious DLL to it and elevate their privileges.
π@cveNotify
GitHub
Vulnerability-Disclosures/2023/MNDT-2023-0015.md at master Β· mandiant/Vulnerability-Disclosures
Contribute to mandiant/Vulnerability-Disclosures development by creating an account on GitHub.