๐จ CVE-2025-55579
SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8.
๐@cveNotify
SolidInvoice version 2.3.7 is vulnerable to a Stored Cross-Site Scripting (XSS) issue in the Tax Rates functionality. The vulnerability is fixed in version 2.3.8.
๐@cveNotify
GitHub
GitHub - ddobrev25/CVE-2025-55579: CVE-2025-55579
CVE-2025-55579. Contribute to ddobrev25/CVE-2025-55579 development by creating an account on GitHub.
๐จ CVE-2025-55580
SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8.
๐@cveNotify
SolidInvoice version 2.3.7 is vulnerable to a stored cross-site scripting (XSS) issue in the Clients module. An authenticated attacker can inject JavaScript that executes in other users' browsers when the Clients page is viewed. The vulnerability is fixed in version 2.3.8.
๐@cveNotify
GitHub
GitHub - ddobrev25/CVE-2025-55580: CVE-2025-55580
CVE-2025-55580. Contribute to ddobrev25/CVE-2025-55580 development by creating an account on GitHub.
๐จ CVE-2025-9677
A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
androidapps/com.duige.hzw.multilingual.md at main ยท KMov-g/androidapps
Contribute to KMov-g/androidapps development by creating an account on GitHub.
๐จ CVE-2025-9678
A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=delete_borrower. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
A weakness has been identified in Campcodes Online Loan Management System 1.0. The impacted element is an unknown function of the file /ajax.php?action=delete_borrower. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
GitHub
# Campcodes Online Loan Management System V1.0 /Loan_Management_System/ajax.php?action=delete_borrower SQL injection ยท Issue #3โฆ
Campcodes Online Loan Management System V1.0 /Loan_Management_System/ajax.php?action=delete_borrower SQL injection NAME OF AFFECTED PRODUCT(S) Online Loan Management System Vendor Homepage https://...
๐จ CVE-2025-9679
A security vulnerability has been detected in itsourcecode Student Information System 1.0. This affects an unknown function of the file /course_edit1.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
A security vulnerability has been detected in itsourcecode Student Information System 1.0. This affects an unknown function of the file /course_edit1.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
GitHub
itsourcecode Student Information System V1.0 SQL Injection Vulnerability ยท Issue #2 ยท chesser12312310/CVE
itsourcecode Student Information System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Student Information System Vendor Homepage https://itsourcecode.com/free-projects/php-project/st...
๐จ CVE-2025-9680
A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
GitHub
Stored XSS in /x_portal_assemble_designer/jaxrs/page in o2oa โค 10.0-410-g3d5e0d2 ยท Issue #176 ยท o2oa/o2oa
Stored XSS in /x_portal_assemble_designer/jaxrs/page in o2oa โค 10.0-410-g3d5e0d2 Summary In o2oa versions up to 10.0-410-g3d5e0d2, the endpoint /x_portal_assemble_designer/jaxrs/page is vulnerable ...
๐จ CVE-2025-9681
A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
A flaw has been found in O2OA up to 10.0-410. Affected is an unknown function of the file /x_program_center/jaxrs/agent of the component Personal Profile Page. Executing manipulation can lead to cross site scripting. The attack can be launched remotely. The exploit has been published and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
GitHub
Stored XSS in /x_program_center/jaxrs/agent in o2oa โค 10.0-410-g3d5e0d2 ยท Issue #177 ยท o2oa/o2oa
Stored XSS in /x_program_center/jaxrs/agent in o2oa โค 10.0-410-g3d5e0d2 Summary In o2oa versions up to 10.0-410-g3d5e0d2, the endpoint /x_program_center/jaxrs/agent is vulnerable to stored cross-si...
๐จ CVE-2025-9682
A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
A vulnerability has been found in O2OA up to 10.0-410. Affected by this vulnerability is an unknown functionality of the file /x_cms_assemble_control/jaxrs/design/appdict of the component Personal Profile Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
GitHub
Stored XSS in /x_cms_assemble_control/jaxrs/design/appdict in o2oa โค 10.0-410-g3d5e0d2 ยท Issue #179 ยท o2oa/o2oa
Stored XSS in /x_cms_assemble_control/jaxrs/design/appdict in o2oa โค 10.0-410-g3d5e0d2 Summary In o2oa versions up to 10.0-410-g3d5e0d2, the endpoint /x_cms_assemble_control/jaxrs/design/appdict is...
๐จ CVE-2025-9683
A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
A vulnerability was found in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /x_cms_assemble_control/jaxrs/form of the component Personal Profile Page. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
๐@cveNotify
GitHub
Stored XSS in /x_cms_assemble_control/jaxrs/form in o2oa โค 10.0-410-g3d5e0d2 ยท Issue #180 ยท o2oa/o2oa
Stored XSS in /x_cms_assemble_control/jaxrs/form in o2oa โค 10.0-410-g3d5e0d2 Summary In o2oa versions up to 10.0-410-g3d5e0d2, the endpoint /x_cms_assemble_control/jaxrs/form is vulnerable to store...
๐จ CVE-2024-28246
KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
๐@cveNotify
KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`. Upgrade to KaTeX v0.16.10 to remove this vulnerability.
๐@cveNotify
GitHub
fix: force protocol to be lowercase for better protocol filtering ยท KaTeX/KaTeX@fc5af64
* fix: force protocol to be lowercase for better protocol filtering
See https://datatracker.ietf.org/doc/html/rfc3986#section-3.1
"Although schemes are case-insensitive, the canonical for...
See https://datatracker.ietf.org/doc/html/rfc3986#section-3.1
"Although schemes are case-insensitive, the canonical for...
๐จ CVE-2024-29192
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The `/api/config` endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an attacker may be able to achieve that depending on how go2rtc is set up on the upstream application, and given that this endpoint is not protected against CSRF, it allows requests from any origin (e.g. a "drive-by" attack) . The `exec` handler allows for any stream to execute arbitrary commands. An attacker may add a custom stream through `api/config`, which may lead to arbitrary command execution. In the event of a victim visiting the server in question, their browser will execute the requests against the go2rtc instance. Commit 8793c3636493c5efdda08f3b5ed5c6e1ea594fd9 adds a warning about secure API access.
๐@cveNotify
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The `/api/config` endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without authentication, an attacker may be able to achieve that depending on how go2rtc is set up on the upstream application, and given that this endpoint is not protected against CSRF, it allows requests from any origin (e.g. a "drive-by" attack) . The `exec` handler allows for any stream to execute arbitrary commands. An attacker may add a custom stream through `api/config`, which may lead to arbitrary command execution. In the event of a victim visiting the server in question, their browser will execute the requests against the go2rtc instance. Commit 8793c3636493c5efdda08f3b5ed5c6e1ea594fd9 adds a warning about secure API access.
๐@cveNotify
GitHub
Add warning about secure access for API to docs ยท AlexxIT/go2rtc@8793c36
Ultimate camera streaming application with support RTSP, RTMP, HTTP-FLV, WebRTC, MSE, HLS, MP4, MJPEG, HomeKit, FFmpeg, etc. - Add warning about secure access for API to docs ยท AlexxIT/go2rtc@8793c36
๐จ CVE-2024-29193
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API in the client side. Then, it uses `Object.entries` to iterate over the result whose first item (`name`) gets appended using `innerHTML`. In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtcโs origin. As of time of publication, no patch is available.
๐@cveNotify
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API in the client side. Then, it uses `Object.entries` to iterate over the result whose first item (`name`) gets appended using `innerHTML`. In the event of a victim visiting the server in question, their browser will execute the request against the go2rtc instance. After the request, the browser will be redirected to go2rtc, in which the XSS would be executed in the context of go2rtcโs origin. As of time of publication, no patch is available.
๐@cveNotify
GitHub Security Lab
GHSL-2023-205_GHSL-2023-206: Cross-site scripting (XSS) and arbitrary command execution vulnerability in go2rtc - CVE-2024-29191โฆ
Go2rtc is susceptible to a cross-site scripting (XSS) vulnerability and an arbitrary command execution vulnerability due to the lack of user-input sanitization.
๐จ CVE-2024-27630
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
๐@cveNotify
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker to delete arbitrary files via crafted input to the trackers_data_delete_file function.
๐@cveNotify
GitHub
GitHub - ally-petitt/CVE-2024-27630: CVE-2024โ27630 Reference
CVE-2024โ27630 Reference. Contribute to ally-petitt/CVE-2024-27630 development by creating an account on GitHub.
๐จ CVE-2024-27631
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php
๐@cveNotify
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php
๐@cveNotify
๐จ CVE-2024-27632
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
๐@cveNotify
An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
๐@cveNotify
GitHub
GitHub - ally-petitt/CVE-2024-27632: CVE-2024โ27632 Reference
CVE-2024โ27632 Reference. Contribute to ally-petitt/CVE-2024-27632 development by creating an account on GitHub.
๐จ CVE-2025-54462
A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
๐@cveNotify
A heap-based buffer overflow vulnerability exists in the Nex parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted .nex file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
๐@cveNotify
๐จ CVE-2025-54480
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8719 of biosig.c on the current master branch (35a819fa), when the Tag is 0:
if (tag==0) {
if (len!=1) fprintf(stderr,"Warning MFER tag0 incorrect length %i!=1\n",len);
curPos += ifread(buf,1,len,hdr);
}
๐@cveNotify
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8719 of biosig.c on the current master branch (35a819fa), when the Tag is 0:
if (tag==0) {
if (len!=1) fprintf(stderr,"Warning MFER tag0 incorrect length %i!=1\n",len);
curPos += ifread(buf,1,len,hdr);
}
๐@cveNotify
๐จ CVE-2025-54481
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3:
else if (tag==3) {
// character code
char v[17]; // [1]
if (len>16) fprintf(stderr,"Warning MFER tag2 incorrect length %i>16\n",len);
curPos += ifread(&v,1,len,hdr);
v[len] = 0;
In this case, the overflowed buffer is the newly-declared `v` \[1\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path.
๐@cveNotify
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8744 of biosig.c on the current master branch (35a819fa), when the Tag is 3:
else if (tag==3) {
// character code
char v[17]; // [1]
if (len>16) fprintf(stderr,"Warning MFER tag2 incorrect length %i>16\n",len);
curPos += ifread(&v,1,len,hdr);
v[len] = 0;
In this case, the overflowed buffer is the newly-declared `v` \[1\] instead of `buf`. Since `v` is only 17 bytes large, much smaller values of `len` (even those encoded using a single octet) can trigger an overflow in this code path.
๐@cveNotify
๐จ CVE-2025-54482
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4:
else if (tag==4) {
// SPR
if (len>4) fprintf(stderr,"Warning MFER tag4 incorrect length %i>4\n",len);
curPos += ifread(buf,1,len,hdr);
๐@cveNotify
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8751 of biosig.c on the current master branch (35a819fa), when the Tag is 4:
else if (tag==4) {
// SPR
if (len>4) fprintf(stderr,"Warning MFER tag4 incorrect length %i>4\n",len);
curPos += ifread(buf,1,len,hdr);
๐@cveNotify
๐จ CVE-2025-54483
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8759 of biosig.c on the current master branch (35a819fa), when the Tag is 5:
else if (tag==5) //0x05: number of channels
{
uint16_t oldNS=hdr->NS;
if (len>4) fprintf(stderr,"Warning MFER tag5 incorrect length %i>4\n",len);
curPos += ifread(buf,1,len,hdr);
๐@cveNotify
A stack-based buffer overflow vulnerability exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.0 and Master Branch (35a819fa). A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability manifests on line 8759 of biosig.c on the current master branch (35a819fa), when the Tag is 5:
else if (tag==5) //0x05: number of channels
{
uint16_t oldNS=hdr->NS;
if (len>4) fprintf(stderr,"Warning MFER tag5 incorrect length %i>4\n",len);
curPos += ifread(buf,1,len,hdr);
๐@cveNotify
๐จ CVE-2025-53002
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the `vhead_file` is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system simply by passing a malicious `Checkpoint path` parameter through the `WebUI` interface. The attack is stealthy, as the victim remains unaware of the exploitation. The root cause is that the `vhead_file` argument is loaded without the secure parameter `weights_only=True`. Version 0.9.4 contains a fix for the issue.
๐@cveNotify
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the `vhead_file` is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system simply by passing a malicious `Checkpoint path` parameter through the `WebUI` interface. The attack is stealthy, as the victim remains unaware of the exploitation. The root cause is that the `vhead_file` argument is loaded without the secure parameter `weights_only=True`. Version 0.9.4 contains a fix for the issue.
๐@cveNotify