π¨ CVE-2014-8100
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.
π@cveNotify
The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) ProcRenderQueryVersion, (2) SProcRenderQueryVersion, (3) SProcRenderQueryPictFormats, (4) SProcRenderQueryPictIndexValues, (5) SProcRenderCreatePicture, (6) SProcRenderChangePicture, (7) SProcRenderSetPictureClipRectangles, (8) SProcRenderFreePicture, (9) SProcRenderComposite, (10) SProcRenderScale, (11) SProcRenderCreateGlyphSet, (12) SProcRenderReferenceGlyphSet, (13) SProcRenderFreeGlyphSet, (14) SProcRenderFreeGlyphs, or (15) SProcRenderCompositeGlyphs function.
π@cveNotify
π¨ CVE-2014-8101
The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.
π@cveNotify
The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 or X) X11R6.7, and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) SProcRRQueryVersion, (2) SProcRRGetScreenInfo, (3) SProcRRSelectInput, or (4) SProcRRConfigureOutputProperty function.
π@cveNotify
π¨ CVE-2014-8102
The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.
π@cveNotify
The SProcXFixesSelectSelectionInput function in the XFixes extension in X.Org X Window System (aka X11 or X) X11R6.8.0 and X.Org Server (aka xserver and xorg-server) before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length value.
π@cveNotify
π¨ CVE-2014-8103
X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension.
π@cveNotify
X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (out-of-bounds read or write) or possibly execute arbitrary code via a crafted length or index value to the (1) sproc_dri3_query_version, (2) sproc_dri3_open, (3) sproc_dri3_pixmap_from_buffer, (4) sproc_dri3_buffer_from_pixmap, (5) sproc_dri3_fence_from_fd, (6) sproc_dri3_fd_from_fence, (7) proc_present_query_capabilities, (8) sproc_present_query_version, (9) sproc_present_pixmap, (10) sproc_present_notify_msc, (11) sproc_present_select_input, or (12) sproc_present_query_capabilities function in the (a) DRI3 or (b) Present extension.
π@cveNotify
Flexera
Secunia Research
Flexera provides software licensing management, software compliance, installation and application packaging solutions to developers and their customers.
π¨ CVE-2015-0255
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
π@cveNotify
X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via a crafted string length value in a XkbSetGeometry request.
π@cveNotify
π¨ CVE-2015-3164
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
π@cveNotify
The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 starts the server in non-authenticating mode, which allows local users to read from or send information to arbitrary X11 clients via vectors involving a UNIX socket.
π@cveNotify
π¨ CVE-2015-3418
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
π@cveNotify
The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request.
π@cveNotify
π¨ CVE-2025-55582
D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.
π@cveNotify
D-Link DCS-825L firmware v1.08.01 contains a vulnerability in the watchdog script `mydlink-watch-dog.sh`, which blindly respawns binaries such as `dcp` and `signalc` without verifying integrity, authenticity, or permissions. An attacker with local filesystem access (via physical access, firmware modification, or debug interfaces) can replace these binaries with malicious payloads. The script executes these binaries as root in an infinite loop, leading to persistent privilege escalation and arbitrary code execution. This issue is mitigated in v1.09.02, but the product is officially End-of-Life and unsupported.
π@cveNotify
Cyber Maya
Post 43 Security Advisory: Insecure Permissions in D-Link DCS-825L Firmware (CVE-2025-55582)
Author: Shaunak Ganorkar, Traboda Cyberlabs Pvt. Ltd. Published: August 2025 CVE ID: CVE-2025-55582 Vendor: D-Link Systems, Inc. Product: D-Link DCS-825L Wi-Fi Baby Camera Firmware Affected: v1.08.01 (EU Release) Firmware SHA-256: c11f4adddbea80fb173f7fbβ¦
π¨ CVE-2025-48979
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.
π@cveNotify
An Improper Input Validation in UISP Application could allow a Command Injection by a malicious actor with High Privileges and local access.
π@cveNotify
π¨ CVE-2024-44271
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator.
π@cveNotify
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2. An app may be able to record the screen without an indicator.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.2 - Apple Support
This document describes the security content of macOS Sequoia 15.2.
π¨ CVE-2024-54554
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.
π@cveNotify
This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.1 - Apple Support
This document describes the security content of macOS Sequoia 15.1.
π¨ CVE-2024-54568
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Parsing a maliciously crafted file may lead to an unexpected app termination.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. Parsing a maliciously crafted file may lead to an unexpected app termination.
π@cveNotify
Apple Support
About the security content of macOS Sequoia 15.2 - Apple Support
This document describes the security content of macOS Sequoia 15.2.
π¨ CVE-2025-40927
CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw
This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions.
Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters.
As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks.
The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete.
Impact
By injecting %0A (newline) into a query string parameter, an attacker can:
* Break the current HTTP header
* Inject a new header or entire body
* Deliver a script payload that is reflected in the serverβs response
That can lead to the following attacks:
* reflected XSS
* open redirect
* cache poisoning
* header manipulation
π@cveNotify
CGI::Simple versions before 1.282 for Perl has a HTTP response splitting flaw
This vulnerability is a confirmed HTTP response splitting flaw in CGI::Simple that allows HTTP response header injection, which can be used for reflected XSS or open redirect under certain conditions.
Although some validation exists, it can be bypassed using URL-encoded values, allowing an attacker to inject untrusted content into the response via query parameters.
As a result, an attacker can inject a line break (e.g. %0A) into the parameter value, causing the server to split the HTTP response and inject arbitrary headers or even an HTML/JavaScript body, leading to reflected cross-site scripting (XSS), open redirect or other attacks.
The issue documented in CVE-2010-4410 https://www.cve.org/CVERecord?id=CVE-2010-4410 is related but the fix was incomplete.
Impact
By injecting %0A (newline) into a query string parameter, an attacker can:
* Break the current HTTP header
* Inject a new header or entire body
* Deliver a script payload that is reflected in the serverβs response
That can lead to the following attacks:
* reflected XSS
* open redirect
* cache poisoning
* header manipulation
π@cveNotify
π¨ CVE-2018-18307
A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected as unauthorized."
π@cveNotify
A Stored XSS vulnerability has been discovered in version 4.1.0 of AlchemyCMS via the /admin/pictures image field. NOTE: the vendor's position is that this is not a valid report: "The researcher used an authorized cookie to perform the request to a password-protected route. Without that session cookie, the request would have been rejected as unauthorized."
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2023-34488
NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.
π@cveNotify
NanoMQ 0.17.5 has a one-byte heap-based buffer over-read in the conn_handler function of mqtt_parser.c when it processes malformed messages.
π@cveNotify
GitHub
[Security]: Vulnerability identified Β· Issue #1181 Β· nanomq/nanomq
Describe the bug We found a heap-buffer-overflow in conn_handler function of mqtt_parser.c when it processes malformed messages. Expected behavior A clear and concise description of what you expect...
π¨ CVE-2023-30258
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
π@cveNotify
Command Injection vulnerability in MagnusSolution magnusbilling 6.x and 7.x allows remote attackers to run arbitrary commands via unauthenticated HTTP request.
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2024-1286
The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.
π@cveNotify
The pmpro-membership-maps WordPress plugin before 0.7 does not prevent users with at least the contributor role from leaking sensitive information about users with a membership on the site.
π@cveNotify
WPScan
Paid Memberships Pro - Membership Maps Add On < 0.7 - Contributor+ Sensitive Information Disclosure
See details on Paid Memberships Pro - Membership Maps Add On < 0.7 - Contributor+ Sensitive Information Disclosure CVE 2024-1286. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2024-7762
The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes
π@cveNotify
The Simple Job Board WordPress plugin before 2.12.6 does not prevent uploaded files from being listed, allowing unauthenticated users to access and download uploaded resumes
π@cveNotify
WPScan
Simple Job Board < 2.12.6 - Unauthenticated Resumes Download
See details on Simple Job Board < 2.12.6 - Unauthenticated Resumes Download CVE 2024-7762. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2025-9597
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This impacts an unknown function of the file /o_dashboard/rented_all_info.php. Such manipulation of the argument uid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in itsourcecode Apartment Management System 1.0. This impacts an unknown function of the file /o_dashboard/rented_all_info.php. Such manipulation of the argument uid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
π@cveNotify
GitHub
itsourcecode Apartment Management System Project V1.0 /o_dashboard/rented_all_info.php SQL injection Β· Issue #54 Β· zzb1388/cve
itsourcecode Apartment Management System Project V1.0 /o_dashboard/rented_all_info.php SQL injection NAME OF AFFECTED PRODUCT(S) Apartment Management System Vendor Homepage https://itsourcecode.com...
π¨ CVE-2024-45753
In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute.
π@cveNotify
In Mahara 23.04.8 and 24.04.4, the external RSS feed block can cause XSS if the external feed XML has a malicious value for the link attribute.
π@cveNotify
mahara.org
Home - Mahara ePortfolio System
Mahara is an open source ePortfolio and social networking web application.
It provides people with tools to create and maintain a digital portfolio of their learning and social networking features to allow them to interact with each other.
It provides people with tools to create and maintain a digital portfolio of their learning and social networking features to allow them to interact with each other.
π¨ CVE-2024-47853
An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI).
π@cveNotify
An issue was discovered in Mahara 23.04.8 and 24.04.4. Attackers may utilize escalation of privileges in certain cases when logging into Mahara with Learning Tools Interoperability (LTI).
π@cveNotify
mahara.org
Security announcements - Escalation of privileges, info disclosure, XSS exploits before Mahara 24.04.5 and Mahara 23.04.9 - Maharaβ¦
Mahara is an open source ePortfolio and social networking web application.
It provides people with tools to create and maintain a digital portfolio of their learning and social networking features to allow them to interact with each other.
It provides people with tools to create and maintain a digital portfolio of their learning and social networking features to allow them to interact with each other.