🚨 CVE-2024-13987
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server before 3.0.27-0139 allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors.
🎖@cveNotify
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server before 3.0.27-0139 allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors.
🎖@cveNotify
Synology
Synology_SA_25_10 | Synology Inc.
Synology Product Security Advisory
🚨 CVE-2025-8150
The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter and Countdown widgets in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
🎖@cveNotify
The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter and Countdown widgets in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
🎖@cveNotify
🚨 CVE-2025-4643
Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed).
This issue has been fixed in version 3.44.0 of Payload.
🎖@cveNotify
Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed).
This issue has been fixed in version 3.44.0 of Payload.
🎖@cveNotify
cert.pl
Vulnerabilities in Payload CMS software
CERT Polska has received a report about 2 vulnerabilities (CVE-2025-4643 and CVE-2025-4644).
🚨 CVE-2025-4644
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user.
This issue has been fixed in version 3.44.0 of Payload.
🎖@cveNotify
A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user.
This issue has been fixed in version 3.44.0 of Payload.
🎖@cveNotify
cert.pl
Vulnerabilities in Payload CMS software
CERT Polska has received a report about 2 vulnerabilities (CVE-2025-4643 and CVE-2025-4644).
🚨 CVE-2025-7071
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
🎖@cveNotify
Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
🎖@cveNotify
Oberon microsystems
CVE-2025-7071
Title: Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in ocrypto CVE ID: CVE-2025-7071 Severity: medium Short description Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0…
🚨 CVE-2025-7383
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
🎖@cveNotify
Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
🎖@cveNotify
Oberon microsystems
CVE-2025-7383
Title: Timing side-channel vulnerability in AES-CBC decryption with PKCS#7 padding in Oberon PSA Crypto CVE ID: CVE-2025-7383 Severity: medium Short description Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all…
🚨 CVE-2025-9071
Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated messages, and loss of security proofs.
🎖@cveNotify
Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AG’s Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated messages, and loss of security proofs.
🎖@cveNotify
Oberon microsystems
CVE-2025-9071
Title: Insecure RSA-OAEP implementation with all-zero seed for padding in Oberon PSA Crypto CVE ID: CVE-2025-9071 Severity: low Short description Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems…
🚨 CVE-2025-9236
A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_usuario_lst.php of the component Tipos de usuàrio Page. Such manipulation of the argument nm_tipo/descrição leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability has been found in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_tipo_usuario_lst.php of the component Tipos de usuàrio Page. Such manipulation of the argument nm_tipo/descrição leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
CVE/i-educar/CVE-2025-9236.md at main · marcelomulder/CVE
CVE's POC. Contribute to marcelomulder/CVE development by creating an account on GitHub.
🚨 CVE-2024-13342
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
🎖@cveNotify
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_files_to_order' function in all versions up to, and including, 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files with double extensions on the affected site's server which may make remote code execution possible. This is only exploitable on select instances where the configuration will execute the first extension present.
🎖@cveNotify
🚨 CVE-2025-9217
The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'used_svg' and 'used_images' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
🎖@cveNotify
The Slider Revolution plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 6.7.36 via the 'used_svg' and 'used_images' parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
🎖@cveNotify
Slider Revolution
Slider Revolution Changelog
One click of a button will update the Slider Revolution WordPress Builder to the latest available version, directly from our update servers. Find the details to every update here.
🚨 CVE-2025-40702
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/file" petition, "creator" and "license_holder" parameters.
🎖@cveNotify
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/file" petition, "creator" and "license_holder" parameters.
🎖@cveNotify
GitHub
GitHub - craws/OpenAtlas: OpenAtlas is an open source, web based database system for complex archaeological, historical and prosopographical…
OpenAtlas is an open source, web based database system for complex archaeological, historical and prosopographical data. - craws/OpenAtlas
🚨 CVE-2025-40703
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/group" petition, "name" and "alias-0” parameters.
🎖@cveNotify
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/group" petition, "name" and "alias-0” parameters.
🎖@cveNotify
GitHub
GitHub - craws/OpenAtlas: OpenAtlas is an open source, web based database system for complex archaeological, historical and prosopographical…
OpenAtlas is an open source, web based database system for complex archaeological, historical and prosopographical data. - craws/OpenAtlas
🚨 CVE-2025-40704
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/edition" petition, "name" parameter.
🎖@cveNotify
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/edition" petition, "name" parameter.
🎖@cveNotify
GitHub
GitHub - craws/OpenAtlas: OpenAtlas is an open source, web based database system for complex archaeological, historical and prosopographical…
OpenAtlas is an open source, web based database system for complex archaeological, historical and prosopographical data. - craws/OpenAtlas
🚨 CVE-2025-40705
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/acquisition" petition, "name" parameter.
🎖@cveNotify
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/acquisition" petition, "name" parameter.
🎖@cveNotify
GitHub
GitHub - craws/OpenAtlas: OpenAtlas is an open source, web based database system for complex archaeological, historical and prosopographical…
OpenAtlas is an open source, web based database system for complex archaeological, historical and prosopographical data. - craws/OpenAtlas
🚨 CVE-2025-40706
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/source" petition, "name" parameter.
🎖@cveNotify
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/source" petition, "name" parameter.
🎖@cveNotify
GitHub
GitHub - craws/OpenAtlas: OpenAtlas is an open source, web based database system for complex archaeological, historical and prosopographical…
OpenAtlas is an open source, web based database system for complex archaeological, historical and prosopographical data. - craws/OpenAtlas
🚨 CVE-2025-40707
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/place" petition, "name" and "alias-0” parameters.
🎖@cveNotify
Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/place" petition, "name" and "alias-0” parameters.
🎖@cveNotify
GitHub
GitHub - craws/OpenAtlas: OpenAtlas is an open source, web based database system for complex archaeological, historical and prosopographical…
OpenAtlas is an open source, web based database system for complex archaeological, historical and prosopographical data. - craws/OpenAtlas
🔥1
🚨 CVE-2025-9606
A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/agenda_preferencias.php. Performing manipulation of the argument cod_agenda results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
🎖@cveNotify
A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/agenda_preferencias.php. Performing manipulation of the argument cod_agenda results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
🎖@cveNotify
GitHub
CVE/i-educar/CVE-2025-9606.md at main · marcelomulder/CVE
CVE's POC. Contribute to marcelomulder/CVE development by creating an account on GitHub.
🚨 CVE-2025-9644
A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/bill_setup.php. Executing manipulation of the argument txtBillType can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
A vulnerability was determined in itsourcecode Apartment Management System 1.0. Affected by this issue is some unknown functionality of the file /setting/bill_setup.php. Executing manipulation of the argument txtBillType can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
GitHub
itsourcecode Apartment Management System Project V1.0 /setting/bill_setup.php SQL injection · Issue #48 · zzb1388/cve
itsourcecode Apartment Management System Project V1.0 /setting/bill_setup.php SQL injection NAME OF AFFECTED PRODUCT(S) Apartment Management System Vendor Homepage https://itsourcecode.com/free-pro...
🚨 CVE-2025-9645
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /t_dashboard/r_all_info.php. The manipulation of the argument mid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
🎖@cveNotify
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /t_dashboard/r_all_info.php. The manipulation of the argument mid leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
🎖@cveNotify
GitHub
itsourcecode Apartment Management System Project V1.0 /t_dashboard/r_all_info.php SQL injection · Issue #1 · loveqiaoshen/QiaoShenCVE
itsourcecode Apartment Management System Project V1.0 /t_dashboard/r_all_info.php SQL injection NAME OF AFFECTED PRODUCT(S) Apartment Management System Vendor Homepage https://itsourcecode.com/free...
🚨 CVE-2025-9646
A security flaw has been discovered in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_organization_assemble_personal/jaxrs/definition/calendarConfig. The manipulation of the argument toMonthViewName results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
🎖@cveNotify
A security flaw has been discovered in O2OA up to 10.0-410. This vulnerability affects unknown code of the file /x_organization_assemble_personal/jaxrs/definition/calendarConfig. The manipulation of the argument toMonthViewName results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
🎖@cveNotify
GitHub
Stored XSS in /x_organization_assemble_personal/jaxrs/definition/calendarConfig in o2oa ≤ 10.0-410-g3d5e0d2 · Issue #170 · o2oa/o2oa
Stored XSS in /x_organization_assemble_personal/jaxrs/definition/calendarConfig in o2oa ≤ 10.0-410-g3d5e0d2 Summary In o2oa versions up to 10.0-410-g3d5e0d2, the /x_organization_assemble_personal/j...