๐จ CVE-2025-36904
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.
๐@cveNotify
WLAN in Android before 2025-09-05 on Google Pixel devices allows elevation of privilege, aka A-396458384.
๐@cveNotify
๐จ CVE-2024-32467
MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue.
๐@cveNotify
MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue.
๐@cveNotify
GitHub
Unauthorized viewing by workspace members(CVE-2024-32467)
### author
L1NG
383417532@qq.com
### Summary
ๆฒกๆ็ฉบ้ดๆ้็ๆๅ๏ผๅฏไปฅ่ถๆๆฅ็ๅ ถไปๅทฅไฝ็ฉบ้ด็ๆๅไฟกๆฏ
Members without space permissions can view member information from other workspaces beyond their authority
### Det...
L1NG
383417532@qq.com
### Summary
ๆฒกๆ็ฉบ้ดๆ้็ๆๅ๏ผๅฏไปฅ่ถๆๆฅ็ๅ ถไปๅทฅไฝ็ฉบ้ด็ๆๅไฟกๆฏ
Members without space permissions can view member information from other workspaces beyond their authority
### Det...
๐จ CVE-2024-2469
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
๐@cveNotify
An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program.
๐@cveNotify
GitHub Docs
Release notes - GitHub Enterprise Server 3.10 Docs
Get started, troubleshoot, and make the most of GitHub. Documentation for new users, developers, administrators, and all of GitHub's products.
๐จ CVE-2024-32477
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between `libc::tcflush(0, libc::TCIFLUSH)` and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the user input. Some ANSI escape sequences act as a info request to the master terminal emulator and the terminal emulator sends back the reply in the PTY channel. standard streams also use this channel to send and get data. For example the `\033[6n` sequence requests the current cursor position. These sequences allow us to append data to the standard input of Deno. This vulnerability allows an attacker to bypass Deno permission policy. This vulnerability is fixed in 1.42.2.
๐@cveNotify
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. By using ANSI escape sequences and a race between `libc::tcflush(0, libc::TCIFLUSH)` and reading standard input, it's possible to manipulate the permission prompt and force it to allow an unsafe action regardless of the user input. Some ANSI escape sequences act as a info request to the master terminal emulator and the terminal emulator sends back the reply in the PTY channel. standard streams also use this channel to send and get data. For example the `\033[6n` sequence requests the current cursor position. These sequences allow us to append data to the standard input of Deno. This vulnerability allows an attacker to bypass Deno permission policy. This vulnerability is fixed in 1.42.2.
๐@cveNotify
GitHub
Race condition when flushing input stream leads to permission prompt bypass
### Summary
By using [ANSI escape sequences](https://en.wikipedia.org/wiki/ANSI_escape_code) and a race between [`libc::tcflush(0, libc::TCIFLUSH)`](https://github.com/denoland/deno/blob/d6452b...
By using [ANSI escape sequences](https://en.wikipedia.org/wiki/ANSI_escape_code) and a race between [`libc::tcflush(0, libc::TCIFLUSH)`](https://github.com/denoland/deno/blob/d6452b...
๐จ CVE-2024-32473
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, (1) Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses, (2) if router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses, and (3) the interface will be a member of IPv6 multicast groups. This means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface. The issue is patched in 26.0.2. To completely disable IPv6 in a container, use `--sysctl=net.ipv6.conf.all.disable_ipv6=1` in the `docker create` or `docker run` command. Or, in the service configuration of a `compose` file.
๐@cveNotify
Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. In 26.0.0, IPv6 is not disabled on network interfaces, including those belonging to networks where `--ipv6=false`. An container with an `ipvlan` or `macvlan` interface will normally be configured to share an external network link with the host machine. Because of this direct access, (1) Containers may be able to communicate with other hosts on the local network over link-local IPv6 addresses, (2) if router advertisements are being broadcast over the local network, containers may get SLAAC-assigned addresses, and (3) the interface will be a member of IPv6 multicast groups. This means interfaces in IPv4-only networks present an unexpectedly and unnecessarily increased attack surface. The issue is patched in 26.0.2. To completely disable IPv6 in a container, use `--sysctl=net.ipv6.conf.all.disable_ipv6=1` in the `docker create` or `docker run` command. Or, in the service configuration of a `compose` file.
๐@cveNotify
GitHub
Merge pull request from GHSA-x84c-p2g9-rqv9 ยท moby/moby@7cef0d9
[26.0 backport] Disable IPv6 for endpoints in '--ipv6=false' networks.
๐จ CVE-2024-32981
Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this type of attack in version 5.2.16. All users are advised to upgrade. There are no known workarounds for this vulnerability.
๐@cveNotify
Silverstripe framework is the PHP framework forming the base for the Silverstripe CMS. In affected versions a bad actor with access to edit content in the CMS could add send a specifically crafted encoded payload to the server, which could be used to inject a JavaScript payload on the front end of the site. The payload would be sanitised on the client-side, but server-side sanitisation doesn't catch it. The server-side sanitisation logic has been updated to sanitise against this type of attack in version 5.2.16. All users are advised to upgrade. There are no known workarounds for this vulnerability.
๐@cveNotify
GitHub
[CVE-2024-32981] Disallow `data:text/html` in data attributes ยท silverstripe/silverstripe-framework@b8d20dc
Silverstripe Framework, the MVC framework that powers Silverstripe CMS - [CVE-2024-32981] Disallow `data:text/html` in data attributes ยท silverstripe/silverstripe-framework@b8d20dc
๐จ CVE-2024-43689
Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.
๐@cveNotify
Stack-based buffer overflow vulnerability exists in ELECOM wireless access points. By processing a specially crafted HTTP request, arbitrary code may be executed.
๐@cveNotify
jvn.jp
JVN#24885537: Multiple vulnerabilities in ELECOM wireless LAN routers and access points
Japan Vulnerability Notes
๐จ CVE-2025-8419
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
๐@cveNotify
A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks.
๐@cveNotify
๐จ CVE-2025-9162
A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process
allows for injection attacks when crafted realm documents are processed. An attacker can leverage this to inject malicious content during the realm import procedure. This can lead to unintended consequences within the Keycloak environment.
๐@cveNotify
A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process
allows for injection attacks when crafted realm documents are processed. An attacker can leverage this to inject malicious content during the realm import procedure. This can lead to unintended consequences within the Keycloak environment.
๐@cveNotify
๐จ CVE-2025-55621
An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another.
๐@cveNotify
An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another.
๐@cveNotify
relieved-knuckle-264 on Notion
Reolink - Download a profile due to IDOR | Notion
๐ 1. Reporting information
๐จ CVE-2025-50971
Directory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to gain access to sensitive system files via the template parameter to index.php.
๐@cveNotify
Directory traversal vulnerability in AbanteCart version 1.4.2 allows unauthenticated attackers to gain access to sensitive system files via the template parameter to index.php.
๐@cveNotify
GitHub
proofs/info/abantecart_file_traversal_1.4.2_via_template_parameter.md at main ยท 4rdr/proofs
Contribute to 4rdr/proofs development by creating an account on GitHub.
๐จ CVE-2025-57146
phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter.
๐@cveNotify
phpgurukul Complaint Management System in PHP 2.0 is vulnerable to SQL Injection in user/reset-password.php via the mobileno parameter.
๐@cveNotify
Clickup
๐จ CVE-2025-58458
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
๐@cveNotify
In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying `amazon-s3` protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
๐@cveNotify
Jenkins Security Advisory 2025-09-03
Jenkins โ an open source automation server which enables developers around the world to reliably build, test, and deploy their software
๐จ CVE-2025-56760
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.
๐@cveNotify
When Memos 0.22 is configured to store objects locally, an attacker can create a file via the CreateResource endpoint containing a path traversal sequence in the name, allowing arbitrary file write on the server.
๐@cveNotify
GitHub
memos/server/router/api/v1/resource_service.go at v0.24.4 ยท usememos/memos
An open-source, self-hosted note-taking service. Your thoughts, your data, your control โ no tracking, no ads, no subscription fees. - usememos/memos
๐จ CVE-2025-56761
Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XSS is viewed by an admin.
๐@cveNotify
Memos 0.22 is vulnerable to Stored Cross site scripting (XSS) vulnerabilities by the upload attachment and user avatar features. Memos does not verify the content type of the uploaded data and serve it back as is. An authenticated attacker can use this to elevate their privileges when the stored XSS is viewed by an admin.
๐@cveNotify
GitHub
memos/server/router/api/v1/user_service.go at v0.24.0 ยท usememos/memos
A modern, open-source, self-hosted knowledge management and note-taking platform designed for privacy-conscious users and organizations. - usememos/memos
๐จ CVE-2025-55162
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. When configured with __Secure- or __Host- prefixed cookie names, the filter fails to append the required Secure attribute to the Set-Cookie header during deletion. Modern browsers ignore this invalid request, causing the session cookie to persist. This allows a user to remain logged in after they believe they have logged out, creating a session hijacking risk on shared computers. The current implementation iterates through the configured cookie names to generate deletion headers but does not check for these prefixes. This failure to properly construct the deletion header means the user's session cookies are never removed by the browser, leaving the session active and allowing the next user of the same browser to gain unauthorized access to the original user's account and data. This is fixed in versions 1.32.10, 1.33.7, 1.34.5 and 1.35.1.
๐@cveNotify
Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. When configured with __Secure- or __Host- prefixed cookie names, the filter fails to append the required Secure attribute to the Set-Cookie header during deletion. Modern browsers ignore this invalid request, causing the session cookie to persist. This allows a user to remain logged in after they believe they have logged out, creating a session hijacking risk on shared computers. The current implementation iterates through the configured cookie names to generate deletion headers but does not check for these prefixes. This failure to properly construct the deletion header means the user's session cookies are never removed by the browser, leaving the session active and allowing the next user of the same browser to gain unauthorized access to the original user's account and data. This is fixed in versions 1.32.10, 1.33.7, 1.34.5 and 1.35.1.
๐@cveNotify
GitHub
Release v1.35.1 ยท envoyproxy/envoy
Summary of changes:
Release images:
Update Ubuntu and distroless base images.
Bug fixes
Assorted bug fixes for ext_proc, TLS inspector, and HTTP listeners.
Docker images:
https://hub.dock...
Release images:
Update Ubuntu and distroless base images.
Bug fixes
Assorted bug fixes for ext_proc, TLS inspector, and HTTP listeners.
Docker images:
https://hub.dock...
๐จ CVE-2025-6085
The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
๐@cveNotify
The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
๐@cveNotify
GitHub
GitHub - d0n601/CVE-2025-6085: Make Connector <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload
Make Connector <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload - d0n601/CVE-2025-6085
๐จ CVE-2025-57263
An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel.
๐@cveNotify
An authenticated SQL injection vulnerability in VX Guestbook 1.07 allows attackers with admin access to inject malicious SQL payloads via the "word" POST parameter in the words.php admin panel.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2024-43184
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
๐@cveNotify
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
๐@cveNotify
Ibm
Security Bulletin: The IBMยฎ Engineering Lifecycle Management - Jazz Foundation is impacted by Path Relative Stylesheet Import vulnerability.
A vulnerability has been identified in IBM Engineering Lifecycle Management - Jazz Foundation, due to a Path-Relative Stylesheet Import (PRSSI). This bulletin contains information regarding vulnerabilities and remediation actions.
๐จ CVE-2025-25048
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory.
๐@cveNotify
IBM Jazz Foundation 7.0.2 through 7.0.2 iFix033, 7.0.3 through 7.0.3 iFix012, and 7.1.0 through 7.1.0 iFix002 could allow an authenticated user to upload files to the system due to improper neutralization of sequences that can resolve to a restricted directory.
๐@cveNotify
Ibm
Security Bulletin: The IBMยฎ Engineering Lifecycle Management - Jazz Foundation is impacted by Relative Path Traversal vulnerability.
A vulnerability has been identified in IBM Engineering Lifecycle Management -Jazz Foundation, due to relative path traversal. This bulletin contains information regarding vulnerabilities and remediation actions.
๐จ CVE-2025-2667
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system.
๐@cveNotify
IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7_1 and 6.2.0.0 through 6.2.0.4 could disclose sensitive system information about the server to a privileged user that could aid in further attacks against the system.
๐@cveNotify
Ibm
Security Bulletin: IBM Stering B2B Integrator and IBM Sterling File Gateway are Vulnerable to Information Disclosure (CVE-2025โฆ
IBM Stering B2B Integrator and IBM Sterling File Gateway have addressed the information disclosure vulnerability