๐จ CVE-2025-26429
In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In collectOps of AppOpsService.java, there is a possible way to cause permanent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2025-26438
In smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In smp_process_secure_connection_oob_data of smp_act.cc, there is a possible way to bypass SMP authentication due to Incorrect implementation of a protocol. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2025-48529
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
In setRingtoneUri of VoicemailNotificationSettingsUtil.java , there is a possible cross user data leak due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
๐@cveNotify
๐จ CVE-2025-48532
In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
๐@cveNotify
In markMediaAsFavorite of MediaProvider.java, there is a possible way to bypass the WRITE_EXTERNAL_STORAGE permission due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
๐@cveNotify
๐ฅ1
๐จ CVE-2025-55190
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability does not only affect project-level permissions. Any token with project get permissions is also vulnerable, including global permissions such as: `p, role/user, projects, get, *, allow`. This issue is fixed in versions 2.13.9, 2.14.16, 3.0.14 and 3.1.2.
๐@cveNotify
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials (usernames, passwords) through the project details API endpoint, even when the token only has standard application management permissions and no explicit access to secrets. This vulnerability does not only affect project-level permissions. Any token with project get permissions is also vulnerable, including global permissions such as: `p, role/user, projects, get, *, allow`. This issue is fixed in versions 2.13.9, 2.14.16, 3.0.14 and 3.1.2.
๐@cveNotify
GitHub
fix(security): repository.GetDetailedProject exposes repo secrets (#2โฆ ยท argoproj/argo-cd@e8f8610
โฆ4387)
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: ...
Signed-off-by: Alexander Matyushentsev <AMatyushentsev@gmail.com>
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
Co-authored-by: ...
๐จ CVE-2025-55209
contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asteriskยฉ (PBX). In versions 15.0.14 and below, 16.0.0 through 16.0.26.4 and 17.0.0 through 17.0.5, a stored cross-site scripting (XSS) vulnerability in FreePBX allows a low-privileged User Control Panel (UCP) user to inject malicious JavaScript into the system. The malicious code executes in the context of an administrator when they interact with the affected component, leading to session hijacking and potential privilege escalation. This issue is fixed in versions 15.0.14, 16.0.27 and 17.0.6.
๐@cveNotify
contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asteriskยฉ (PBX). In versions 15.0.14 and below, 16.0.0 through 16.0.26.4 and 17.0.0 through 17.0.5, a stored cross-site scripting (XSS) vulnerability in FreePBX allows a low-privileged User Control Panel (UCP) user to inject malicious JavaScript into the system. The malicious code executes in the context of an administrator when they interact with the affected component, leading to session hijacking and potential privilege escalation. This issue is fixed in versions 15.0.14, 16.0.27 and 17.0.6.
๐@cveNotify
GitHub
finalize work on contact manager ยท FreePBX/contactmanager@55abba0
Module of FreePBX (Contact Manager) :: Contact Manager - finalize work on contact manager ยท FreePBX/contactmanager@55abba0
๐จ CVE-2025-55238
Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
๐@cveNotify
Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability
๐@cveNotify
๐จ CVE-2025-55242
Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.
๐@cveNotify
Exposure of sensitive information to an unauthorized actor in Xbox allows an unauthorized attacker to disclose information over a network.
๐@cveNotify
๐จ CVE-2024-52509
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2.
๐@cveNotify
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2.
๐@cveNotify
GitHub
Merge pull request #9592 from nextcloud/enh/backend-check-for-downloaโฆ ยท nextcloud/mail@8d44f1c
โฆd-permission
enh: add backend check for download permission for cloud attachements
enh: add backend check for download permission for cloud attachements
๐จ CVE-2024-10934
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021,
avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
๐@cveNotify
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021,
avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
๐@cveNotify
๐จ CVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.
๐@cveNotify
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.
๐@cveNotify
๐จ CVE-2024-52802
RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processing `dhcpv6_msg_t`. This omission could lead to an out-of-bound read, causing system inconsistency. Additionally, the same lack of a header length check is present in the function `_preparse_advertise`, which is called by `_parse_advertise` before handling the request. As of time of publication, no known patched version exists.
๐@cveNotify
RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processing `dhcpv6_msg_t`. This omission could lead to an out-of-bound read, causing system inconsistency. Additionally, the same lack of a header length check is present in the function `_preparse_advertise`, which is called by `_parse_advertise` before handling the request. As of time of publication, no known patched version exists.
๐@cveNotify
GitHub
Missing dhcpv6_opt_t minimum header length check
### Summary
In the function `_parse_advertise` in `/sys/net/application_layer/dhcpv6/client.c`, the absence of minimum header length check for `dhcpv6_opt_t` could result in an out-of-bound read...
In the function `_parse_advertise` in `/sys/net/application_layer/dhcpv6/client.c`, the absence of minimum header length check for `dhcpv6_opt_t` could result in an out-of-bound read...
๐จ CVE-2024-41206
A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.
๐@cveNotify
A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.
๐@cveNotify
GitHub
stack buffer over-read is found in TS_program_map_section::extractPMTDescriptors ยท Issue #859 ยท justdan96/tsMuxer
Our fuzzer found stack buffer over-read in tsDemuxer. in the current master(75c9cb3). PoC is here. #include "bufferedReaderManager.h" #include "vod_common.h" #include "abst...
๐จ CVE-2024-41209
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
๐@cveNotify
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
๐@cveNotify
GitHub
heap buffer overflow is found in movDemuxer::mov_read_trun ยท Issue #841 ยท justdan96/tsMuxer
Our fuzzer found heap buffer overflow in movDemuxer. in the current master(75c9cb3). PoC is here. #include "bufferedReaderManager.h" #include "vod_common.h" #include "abstr...
๐จ CVE-2024-41217
A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.
๐@cveNotify
A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.
๐@cveNotify
GitHub
heap buffer overflow is found in MatroskaDemuxer::matroska_parse_block() ยท Issue #846 ยท justdan96/tsMuxer
Our fuzzer found heap bof in MatroskaDemuxer::matroska_parse_block() in the current main(5f43ab2). PoC is here. #include "bufferedReaderManager.h" #include "vod_common.h" #inclu...
๐จ CVE-2024-49776
A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.
๐@cveNotify
A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.
๐@cveNotify
GitHub
negative-size-param is found in TSDemuxer::getTrackList() ยท Issue #862 ยท justdan96/tsMuxer
Our fuzzer found negative-size-param in tsDemuxer. in the current master(94cafe7). PoC is here. #include "bufferedReaderManager.h" #include "vod_common.h" #include "abstrac...
๐จ CVE-2024-49777
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.
๐@cveNotify
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.
๐@cveNotify
GitHub
heap buffer over read is found in MatroskaDemuxer::matroska_parse_block() ยท Issue #842 ยท justdan96/tsMuxer
Our fuzzer found heap bof in MatroskaDemuxer::matroska_parse_block() in the current main(5f43ab2). PoC is here. #include "bufferedReaderManager.h" #include "vod_common.h" #inclu...
๐จ CVE-2024-49778
A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
๐@cveNotify
A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
๐@cveNotify
GitHub
heap buffer overflow is found in movDemuxer.cpp ยท Issue #879 ยท justdan96/tsMuxer
We found heap buffer overflow in movDemuxer.cpp in the current master(cb04552). This vulnerability was discovered during the analysis of a fuzzing crash caused by a different root cause. PoC is her...
๐จ CVE-2024-53376
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.
๐@cveNotify
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.
๐@cveNotify
GitHub
GitHub - ThottySploity/CVE-2024-53376: CyberPanel authenticated RCE < 2.3.8
CyberPanel authenticated RCE < 2.3.8. Contribute to ThottySploity/CVE-2024-53376 development by creating an account on GitHub.