🚨 CVE-2025-52353
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload, enabling an attacker to run arbitrary system commands and achieve full compromise of the underlying host. This has been demonstrated by embedding a backdoor within a PDF and renaming it with a .php extension.
🎖@cveNotify
An arbitrary code execution vulnerability in Badaso CMS 2.9.11. The Media Manager allows authenticated users to upload files containing embedded PHP code via the file-upload endpoint, bypassing content-type validation. When such a file is accessed via its URL, the server executes the PHP payload, enabling an attacker to run arbitrary system commands and achieve full compromise of the underlying host. This has been demonstrated by embedding a backdoor within a PDF and renaming it with a .php extension.
🎖@cveNotify
GitHub
GitHub - uasoft-indonesia/badaso: Laravel Vue headless CMS / admin panel / dashboard / builder / API CRUD generator, anything !
Laravel Vue headless CMS / admin panel / dashboard / builder / API CRUD generator, anything ! - uasoft-indonesia/badaso
🚨 CVE-2025-30438
This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.
🎖@cveNotify
This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording was started.
🎖@cveNotify
Apple Support
About the security content of iOS 18.4 and iPadOS 18.4 - Apple Support
This document describes the security content of iOS 18.4 and iPadOS 18.4.
🚨 CVE-2025-9140
A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_moduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 8.6.5.4 can resolve this issue. The affected component should be upgraded. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+."
🎖@cveNotify
A vulnerability was identified in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.4.7. Affected by this issue is some unknown functionality of the file /crm/crmapi/erp/tabdetail_moduleSave.php. The manipulation of the argument getvaluestring leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Upgrading to version 8.6.5.4 can resolve this issue. The affected component should be upgraded. The vendor explains: "All SQL injection vectors were patched via parameterized queries and input sanitization in v8.6.5+."
🎖@cveNotify
🚨 CVE-2025-31971
AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information.
🎖@cveNotify
AIML Solutions for HCL SX is vulnerable to a URL validation vulnerability. The issue may allow attackers to launch a server-side request forgery (SSRF) attack enabling unauthorized network calls from the system, potentially exposing internal services or sensitive information.
🎖@cveNotify
Hcl-Software
Security Bulletin: HCL AIML Solutions for SX is susceptible to a URL validation vulnerability (CVE-2025-31971) - Customer Support
HCL AIML Solutions for SX is susceptible to a URL validation vulnerability.
🚨 CVE-2025-57217
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.
🎖@cveNotify
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.
🎖@cveNotify
plaid-knot-11b on Notion
Stack Buffer Overflow in /login/Auth via Password parameter. Remote attacker can execute arbitrary code with root privileges via…
Vulnerability Description
🚨 CVE-2025-57218
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.
🎖@cveNotify
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.
🎖@cveNotify
plaid-knot-11b on Notion
Stack Buffer Overflow in /goform/WifiBasicSet via security_5g parameter. Remote attacker can execute arbitrary code with root privileges…
Vulnerability Description
🚨 CVE-2025-58047
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.
🎖@cveNotify
Volto is a React based frontend for the Plone Content Management System. In versions from 19.0.0-alpha.1 to before 19.0.0-alpha.4, 18.0.0 to before 18.24.0, 17.0.0 to before 17.22.1, and prior to 16.34.0, an anonymous user could cause the NodeJS server part of Volto to quit with an error when visiting a specific URL. The problem has been patched in versions 16.34.0, 17.22.1, 18.24.0, and 19.0.0-alpha.4. To mitigate downtime, have setup automatically restart processes that quit with an error.
🎖@cveNotify
GitHub
Fix corner case in devproxy when pathname is null (#7276) · plone/volto@2789a28
React-based frontend for the Plone Content Management System - Fix corner case in devproxy when pathname is null (#7276) · plone/volto@2789a28
🚨 CVE-2025-55582
D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.
🎖@cveNotify
D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.
🎖@cveNotify
Cyber Maya
Post 43 Security Advisory: Insecure Permissions in D-Link DCS-825L Firmware (CVE-2025-55582)
Author: Shaunak Ganorkar, Traboda Cyberlabs Pvt. Ltd. Published: August 2025 CVE ID: CVE-2025-55582 Vendor: D-Link Systems, Inc. Product: D-Link DCS-825L Wi-Fi Baby Camera Firmware Affected: v1.08.01 (EU Release) Firmware SHA-256: c11f4adddbea80fb173f7fb…
🚨 CVE-2024-23306
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
🎖@cveNotify
A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
🎖@cveNotify
F5
BIG-IP Next CNF vulnerability CVE-2024-23306
Security Advisory Description A vulnerability exists in BIG-IP Next CNF systems that may allow access to undisclosed sensitive files. (CVE-2024-23306) Impact An authenticated attacker may be able to modify or remove undisclosed configuration files causing…
🚨 CVE-2024-33612
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
F5
BIG-IP Next Central Manager vulnerability CVE-2024-33612
Security Advisory Description An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. (CVE-2024-33612) Impact An unauthenticated attacker with a man-in-the…
🚨 CVE-2025-5068
Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
🎖@cveNotify
Use after free in Blink in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)
🎖@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 137.0.7151.68/.69 for Windows, Mac and 137.0.7151.68 for Linux which will roll out over the coming...
🚨 CVE-2018-25115
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC.
🎖@cveNotify
Multiple D-Link DIR-series routers, including DIR-110, DIR-412, DIR-600, DIR-610, DIR-615, DIR-645, and DIR-815 firmware version 1.03, contain a vulnerability in the service.cgi endpoint that allows remote attackers to execute arbitrary system commands without authentication. The flaw stems from improper input handling in the EVENT=CHECKFW parameter, which is passed directly to the system shell without sanitization. A crafted HTTP POST request can inject commands that are executed with root privileges, resulting in full device compromise. These router models are no longer supported at the time of assignment and affected version ranges may vary. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-08-21 UTC.
🎖@cveNotify
GitHub
dlink_shell_poc/dlink_auth_rce at master · Cr0n1c/dlink_shell_poc
Dlink 615/815 shell PoC. Contribute to Cr0n1c/dlink_shell_poc development by creating an account on GitHub.
🚨 CVE-2023-7307
Sangfor Behavior Management System (also referred to as DC Management System in Chinese-language documentation) contains an XML external entity (XXE) injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity definitions, leading to potential disclosure of internal files, server-side request forgery (SSRF), or other impacts depending on parser behavior. The vulnerability is due to improper configuration of the XML parser, which allows resolution of external entities without restriction. This product is now integrated into their IAM (Internet Access Management) platform and an affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2023-09-06 UTC.
🎖@cveNotify
Sangfor Behavior Management System (also referred to as DC Management System in Chinese-language documentation) contains an XML external entity (XXE) injection vulnerability in the /src/sangforindex endpoint. A remote unauthenticated attacker can submit crafted XML data containing external entity definitions, leading to potential disclosure of internal files, server-side request forgery (SSRF), or other impacts depending on parser behavior. The vulnerability is due to improper configuration of the XML parser, which allows resolution of external entities without restriction. This product is now integrated into their IAM (Internet Access Management) platform and an affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2023-09-06 UTC.
🎖@cveNotify
support.sangfor.com.cn
DC用户手册-行为管理AC-深信服技术支持
SANGFOR_DC_v11.0_数据中心用户手册_20151010.pdf ( 24.57M ,下载次数:167)
SANG...
SANG...
🚨 CVE-2023-7308
SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.
🎖@cveNotify
SecGate3600, a network firewall product developed by NSFOCUS, contains a sensitive information disclosure vulnerability in the /cgi-bin/authUser/authManageSet.cgi endpoint. The affected component fails to enforce authentication checks on POST requests to retrieve user data. An unauthenticated remote attacker can exploit this flaw to obtain sensitive information, including user identifiers and configuration details, by sending crafted requests to the vulnerable endpoint. An affected version range is undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-06-18 UTC.
🎖@cveNotify
GitHub
selfpoc/wangshen-SecGate3600-information-leakage.py at main · jjjj1029056414/selfpoc
自己写的一些poc脚本. Contribute to jjjj1029056414/selfpoc development by creating an account on GitHub.
🚨 CVE-2025-51967
A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim's browser.
🎖@cveNotify
A Reflected Cross-site Scripting (XSS) vulnerability exists in the themeSet.php file of ProjectsAndPrograms School Management System 1.0. The application fails to sanitize user-supplied input in the theme POST parameter, allowing an attacker to inject and execute arbitrary JavaScript in a victim's browser.
🎖@cveNotify
GitHub
CVE-s/CVE-2025-51967 – Reflected XSS in School Management System at main · jairajparyani/CVE-s
Contribute to jairajparyani/CVE-s development by creating an account on GitHub.
🚨 CVE-2025-57217
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.
🎖@cveNotify
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the Password parameter in the function R7WebsSecurityHandler.
🎖@cveNotify
plaid-knot-11b on Notion
Stack Buffer Overflow in /login/Auth via Password parameter. Remote attacker can execute arbitrary code with root privileges via…
Vulnerability Description
🚨 CVE-2025-57218
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.
🎖@cveNotify
Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 was discovered to contain a stack overflow via the security_5g parameter in the function sub_46284C.
🎖@cveNotify
plaid-knot-11b on Notion
Stack Buffer Overflow in /goform/WifiBasicSet via security_5g parameter. Remote attacker can execute arbitrary code with root privileges…
Vulnerability Description
🚨 CVE-2025-57215
Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.
🎖@cveNotify
Tenda AC10 v4.0 firmware v16.03.10.20 was discovered to contain a stack overflow via the function get_parentControl_list_Info.
🎖@cveNotify
plaid-knot-11b on Notion
Heap-based Buffer Overflow in function get_parentControl_list_Info via deviceId parameter. Remote attacker can execute arbitrary…
Vulnerability Description
🚨 CVE-2025-57220
An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.
🎖@cveNotify
An input validation flaw in the 'ate' service of Tenda AC10 v4.0 firmware v16.03.10.09_multi_TDE01 to escalate privileges to root via a crafted UDP packet.
🎖@cveNotify
plaid-knot-11b on Notion
Unauthenticated Remote Root Shell via Input Validation Flaw in ‘ate’ Service on Tenda AC10V4.0 V16.03.10.09 | Notion
Vulnerability Description
🚨 CVE-2025-9585
A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
A vulnerability was determined in Comfast CF-N1 2.6.0. This affects the function wifilith_delete_pic_file of the file /usr/bin/webmgnt. This manipulation of the argument portal_delete_picname causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
GitHub
.github.io/COMFAST/N1V2/wifilith_delete_pic_file/readme.md at main · ZZ2266/.github.io
Contribute to ZZ2266/.github.io development by creating an account on GitHub.
🚨 CVE-2025-6203
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
🎖@cveNotify
A malicious user may submit a specially-crafted complex payload that otherwise meets the default request size limit which results in excessive memory and CPU consumption of Vault. This may lead to a timeout in Vault’s auditing subroutine, potentially resulting in the Vault server to become unresponsive. This vulnerability, CVE-2025-6203, is fixed in Vault Community Edition 1.20.3 and Vault Enterprise 1.20.3, 1.19.9, 1.18.14, and 1.16.25.
🎖@cveNotify
HashiCorp Discuss
HCSEC-2025-24 - Vault Denial of Service Though Complex JSON Payloads
Bulletin ID: HCSEC-2025-24 Affected Products / Versions: Vault Community Edition from 1.15.0 up to 1.20.4, fixed in 1.21.0. Vault Enterprise from 1.15.0 up to 1.20.4, 1.19.10, 1.18.15, and 1.16.26, fixed in 1.21.0, 1.20.5, 1.19.11, and 1.16.27 Publication…