π¨ CVE-2024-27291
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch.
π@cveNotify
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch.
π@cveNotify
GitHub
fixed security issues; added pdftk option; added development site is β¦ Β· jhpyle/docassemble@4801ac7
β¦protected Configuration directive; altered error message display so that end users will not see certain types of error messages, but they will be displayed in the log
π¨ CVE-2024-27292
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
π@cveNotify
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
π@cveNotify
GitHub
updated filename_invalid function Β· jhpyle/docassemble@97f77dc
A free, open-source expert system for guided interviews and document assembly, based on Python, YAML, and Markdown. - updated filename_invalid function Β· jhpyle/docassemble@97f77dc
π¨ CVE-2024-28244
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for "Unicode (sub|super)script characters" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10.
π@cveNotify
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for "Unicode (sub|super)script characters" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10.
π@cveNotify
GitHub
fix: maxExpand limit with Unicode sub/superscripts Β· KaTeX/KaTeX@085e21b
* Prevent recursive parser calls from over-expansion
* Use this.subparse instead of a recursive parser.
* Add maxExpand tests
* Lint fix
---------
Co-authored-by: Ron Kok <ronkok55@outl...
* Use this.subparse instead of a recursive parser.
* Add maxExpand tests
* Lint fix
---------
Co-authored-by: Ron Kok <ronkok55@outl...
π¨ CVE-2024-28245
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
π@cveNotify
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
π@cveNotify
GitHub
fix: escape \includegraphics src and alt Β· KaTeX/KaTeX@c5897fc
Fast math typesetting for the web. Contribute to KaTeX/KaTeX development by creating an account on GitHub.
β€1
π¨ CVE-2024-30266
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.
π@cveNotify
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.
π@cveNotify
GitHub
Fix a panic using tables with the wrong type (#8283) Β· bytecodealliance/wasmtime@7f57d0b
This commit fixes an accidental issue introduced in #8018 where using an
element segment which had been dropped with an `externref` table would
cause a panic. The panic happened due to an assertion...
element segment which had been dropped with an `externref` table would
cause a panic. The panic happened due to an assertion...
π¨ CVE-2025-57819
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
π@cveNotify
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
π@cveNotify
FreePBX Community Forums
Security Advisory: Please Lock Down Your Administrator Access
The Sangoma FreePBX Security Team is aware of a potential exploit affecting some systems with the administrator control panel exposed to the public internet. AUG. 28 GOOD NEWS: FIX IS NOW DEPLOYED IN STABLE REPOS FOR AFFECTED SUPPORTED VERSIONS, INCLUDINGβ¦
π¨ CVE-2024-29203
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCEβs content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.
π@cveNotify
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCEβs content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1.
π@cveNotify
GitHub
TINY-10348 & TINY-10349: Add sandbox_iframes and convert_unsafe_embed⦠· tinymce/tinymce@bcdea2a
β¦s options (#9172)
* TINY-10348: Add sandbox_iframes option
* TINY-10349: Add convert_unsafe_embeds option
* TINY-10348 & TINY-10349: Add paste tests
* TINY-10348 & TINY-1...
* TINY-10348: Add sandbox_iframes option
* TINY-10349: Add convert_unsafe_embeds option
* TINY-10348 & TINY-10349: Add paste tests
* TINY-10348 & TINY-1...
π¨ CVE-2024-29881
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCEβs content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.
π@cveNotify
TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCEβs content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0.
π@cveNotify
GitHub
TINY-10348 & TINY-10349: Add sandbox_iframes and convert_unsafe_embed⦠· tinymce/tinymce@bcdea2a
β¦s options (#9172)
* TINY-10348: Add sandbox_iframes option
* TINY-10349: Add convert_unsafe_embeds option
* TINY-10348 & TINY-10349: Add paste tests
* TINY-10348 & TINY-1...
* TINY-10348: Add sandbox_iframes option
* TINY-10349: Add convert_unsafe_embeds option
* TINY-10348 & TINY-10349: Add paste tests
* TINY-10348 & TINY-1...
π¨ CVE-2024-28233
JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user's single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0.
π@cveNotify
JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user's single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0.
π@cveNotify
GitHub
Merge pull request from GHSA-7r3h-4ph8-w38g Β· jupyterhub/jupyterhub@e2798a0
4.1.0
π¨ CVE-2024-28860
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3.
π@cveNotify
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3.
π@cveNotify
docs.cilium.io
IPsec Transparent Encryption β Cilium 1.18.2 documentation
π¨ CVE-2023-38420
Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access.
π@cveNotify
Improper conditions check in Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable information disclosure via local access.
π@cveNotify
Intel
INTEL-SA-01037
π¨ CVE-2023-38581
Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Intel
INTEL-SA-01037
π¨ CVE-2023-40070
Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Improper access control in some Intel(R) Power Gadget software for macOS all versions may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Intel
INTEL-SA-01037
π¨ CVE-2024-39165
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product.
π@cveNotify
QR/demoapp/qr_image.php in Asial JpGraph Professional through 4.2.6-pro allows remote attackers to execute arbitrary code via a PHP payload in the data parameter in conjunction with a .php file name in the filename parameter. This occurs because an unnecessary QR/demoapp folder.is shipped with the product.
π@cveNotify
Synacktiv
JpGraph Professional Version - Pre-Authenticated Remote Code Execution
π¨ CVE-2024-39284
Uncontrolled search path for some Intel(R) Advisor software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Uncontrolled search path for some Intel(R) Advisor software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Intel
INTEL-SA-01208
π¨ CVE-2025-25635
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.
π@cveNotify
TOTOlink A3002R V1.1.1-B20200824.0128 contains a buffer overflow vulnerability. The vulnerability arises from the improper input validation of the pppoe_dns1 parameter in the formIpv6Setup interface of /bin/boa.
π@cveNotify
GitHub
cuicuishark-sheep-fishIOT/ToTolink/TOTOLINK-A3002R-formIpv6Setup-pppoe_dns1.md at main Β· SunnyYANGyaya/cuicuishark-sheep-fishIOT
ccf-y our vulnerability repository. Contribute to SunnyYANGyaya/cuicuishark-sheep-fishIOT development by creating an account on GitHub.
π¨ CVE-2025-20079
Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Uncontrolled search path for some Intel(R) Advisor software may allow an authenticated user to potentially enable escalation of privilege via local access.
π@cveNotify
Intel
INTEL-SA-01263
π¨ CVE-2025-55579
SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8.
π@cveNotify
SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8.
π@cveNotify
GitHub
GitHub - ddobrev25/CVE-2025-55579: CVE-2025-55579
CVE-2025-55579. Contribute to ddobrev25/CVE-2025-55579 development by creating an account on GitHub.
π¨ CVE-2025-55580
SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8.
π@cveNotify
SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8.
π@cveNotify
GitHub
GitHub - ddobrev25/CVE-2025-55580: CVE-2025-55580
CVE-2025-55580. Contribute to ddobrev25/CVE-2025-55580 development by creating an account on GitHub.
π¨ CVE-2025-9677
A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
androidapps/com.duige.hzw.multilingual.md at main Β· KMov-g/androidapps
Contribute to KMov-g/androidapps development by creating an account on GitHub.
π¨ CVE-2025-9678
A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=delete_borrower. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=delete_borrower. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
# Campcodes Online Loan Management System V1.0 /Loan_Management_System/ajax.php?action=delete_borrower SQL injection Β· Issue #3β¦
Campcodes Online Loan Management System V1.0 /Loan_Management_System/ajax.php?action=delete_borrower SQL injection NAME OF AFFECTED PRODUCT(S) Online Loan Management System Vendor Homepage https://...