π¨ CVE-2024-52509
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2.
π@cveNotify
Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2.
π@cveNotify
GitHub
Merge pull request #9592 from nextcloud/enh/backend-check-for-downloa⦠· nextcloud/mail@8d44f1c
β¦d-permission
enh: add backend check for download permission for cloud attachements
enh: add backend check for download permission for cloud attachements
π¨ CVE-2024-10934
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021,
avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
π@cveNotify
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021,
avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
π@cveNotify
π¨ CVE-2024-51503
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.
π@cveNotify
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain.
Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines.
π@cveNotify
π¨ CVE-2024-52802
RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processing `dhcpv6_msg_t`. This omission could lead to an out-of-bound read, causing system inconsistency. Additionally, the same lack of a header length check is present in the function `_preparse_advertise`, which is called by `_parse_advertise` before handling the request. As of time of publication, no known patched version exists.
π@cveNotify
RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processing `dhcpv6_msg_t`. This omission could lead to an out-of-bound read, causing system inconsistency. Additionally, the same lack of a header length check is present in the function `_preparse_advertise`, which is called by `_parse_advertise` before handling the request. As of time of publication, no known patched version exists.
π@cveNotify
GitHub
Missing dhcpv6_opt_t minimum header length check
### Summary
In the function `_parse_advertise` in `/sys/net/application_layer/dhcpv6/client.c`, the absence of minimum header length check for `dhcpv6_opt_t` could result in an out-of-bound read...
In the function `_parse_advertise` in `/sys/net/application_layer/dhcpv6/client.c`, the absence of minimum header length check for `dhcpv6_opt_t` could result in an out-of-bound read...
π¨ CVE-2024-41206
A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.
π@cveNotify
A stack-based buffer over-read in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Information Disclosure via a crafted TS video file.
π@cveNotify
GitHub
stack buffer over-read is found in TS_program_map_section::extractPMTDescriptors Β· Issue #859 Β· justdan96/tsMuxer
Our fuzzer found stack buffer over-read in tsDemuxer. in the current master(75c9cb3). PoC is here. #include "bufferedReaderManager.h" #include "vod_common.h" #include "abst...
π¨ CVE-2024-41209
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
π@cveNotify
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
π@cveNotify
GitHub
heap buffer overflow is found in movDemuxer::mov_read_trun Β· Issue #841 Β· justdan96/tsMuxer
Our fuzzer found heap buffer overflow in movDemuxer. in the current master(75c9cb3). PoC is here. #include "bufferedReaderManager.h" #include "vod_common.h" #include "abstr...
π¨ CVE-2024-41217
A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.
π@cveNotify
A heap-based buffer overflow in tsMuxer version nightly-2024-05-10-02-00-45 allows attackers to cause Denial of Service (DoS) via a crafted MKV video file.
π@cveNotify
GitHub
heap buffer overflow is found in MatroskaDemuxer::matroska_parse_block() Β· Issue #846 Β· justdan96/tsMuxer
Our fuzzer found heap bof in MatroskaDemuxer::matroska_parse_block() in the current main(5f43ab2). PoC is here. #include "bufferedReaderManager.h" #include "vod_common.h" #inclu...
π¨ CVE-2024-49776
A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.
π@cveNotify
A negative-size-param in tsMuxer version nightly-2024-04-05-01-53-02 allows attackers to cause Denial of Service (DoS) via a crafted TS video file.
π@cveNotify
GitHub
negative-size-param is found in TSDemuxer::getTrackList() Β· Issue #862 Β· justdan96/tsMuxer
Our fuzzer found negative-size-param in tsDemuxer. in the current master(94cafe7). PoC is here. #include "bufferedReaderManager.h" #include "vod_common.h" #include "abstrac...
π¨ CVE-2024-49777
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.
π@cveNotify
A heap-based buffer overflow in tsMuxer version nightly-2024-03-14-01-51-12 allows attackers to cause Denial of Service (DoS), Information Disclosure and Code Execution via a crafted MKV video file.
π@cveNotify
GitHub
heap buffer over read is found in MatroskaDemuxer::matroska_parse_block() Β· Issue #842 Β· justdan96/tsMuxer
Our fuzzer found heap bof in MatroskaDemuxer::matroska_parse_block() in the current main(5f43ab2). PoC is here. #include "bufferedReaderManager.h" #include "vod_common.h" #inclu...
π¨ CVE-2024-49778
A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
π@cveNotify
A heap-based buffer overflow in tsMuxer version nightly-2024-05-12-02-01-18 allows attackers to cause Denial of Service (DoS) and Code Execution via a crafted MOV video file.
π@cveNotify
GitHub
heap buffer overflow is found in movDemuxer.cpp Β· Issue #879 Β· justdan96/tsMuxer
We found heap buffer overflow in movDemuxer.cpp in the current master(cb04552). This vulnerability was discovered during the analysis of a fuzzing crash caused by a different root cause. PoC is her...
π¨ CVE-2024-53376
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.
π@cveNotify
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI.
π@cveNotify
GitHub
GitHub - ThottySploity/CVE-2024-53376: CyberPanel authenticated RCE < 2.3.8
CyberPanel authenticated RCE < 2.3.8. Contribute to ThottySploity/CVE-2024-53376 development by creating an account on GitHub.
π¨ CVE-2024-56112
CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php.
π@cveNotify
CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php.
π@cveNotify
CyberPanel
CyberPanel - Free Web Hosting Control Panel
The world's fastest free control panel powered by OpenLiteSpeed. 10x faster, built-in caching, free SSL, Docker apps.
π¨ CVE-2024-51111
Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.
π@cveNotify
Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.
π@cveNotify
π¨ CVE-2024-51112
Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script
π@cveNotify
Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script
π@cveNotify
π¨ CVE-2024-55529
Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.
π@cveNotify
Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.
π@cveNotify
GitHub
GitHub - fengyijiu520/Z-Blog-: Z-Blog εε°ζδ»ΆδΈδΌ ζΌζ΄
Z-Blog εε°ζδ»ΆδΈδΌ ζΌζ΄. Contribute to fengyijiu520/Z-Blog- development by creating an account on GitHub.
π¨ CVE-2025-38352
In the Linux kernel, the following vulnerability has been resolved:
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
If an exiting non-autoreaping task has already passed exit_notify() and
calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent
or debugger right after unlock_task_sighand().
If a concurrent posix_cpu_timer_del() runs at that moment, it won't be
able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or
lock_task_sighand() will fail.
Add the tsk->exit_state check into run_posix_cpu_timers() to fix this.
This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because
exit_task_work() is called before exit_notify(). But the check still
makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail
anyway in this case.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
If an exiting non-autoreaping task has already passed exit_notify() and
calls handle_posix_cpu_timers() from IRQ, it can be reaped by its parent
or debugger right after unlock_task_sighand().
If a concurrent posix_cpu_timer_del() runs at that moment, it won't be
able to detect timer->it.cpu.firing != 0: cpu_timer_task_rcu() and/or
lock_task_sighand() will fail.
Add the tsk->exit_state check into run_posix_cpu_timers() to fix this.
This fix is not needed if CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y, because
exit_task_work() is called before exit_notify(). But the check still
makes sense, task_work_add(&tsk->posix_cputimers_work.work) will fail
anyway in this case.
π@cveNotify
π¨ CVE-2025-53690
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.
π@cveNotify
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Code Injection.This issue affects Experience Manager (XM): through 9.0; Experience Platform (XP): through 9.0.
π@cveNotify
Google Cloud Blog
ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) | Google Cloud Blog
An active ViewState deserialization attack affecting Sitecore products, where attackers achieved remote code execution.
π¨ CVE-2025-48543
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In multiple locations, there is a possible way to escape chrome sandbox to attack android system_server due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2025-9375
XML Injection vulnerability in xmltodict allows Input Data Manipulation.This issue affects xmltodict: 0.14.2.
π@cveNotify
XML Injection vulnerability in xmltodict allows Input Data Manipulation.This issue affects xmltodict: 0.14.2.
π@cveNotify
Fluidattacks
xmltodict 0.14.2 - XML Injection | Fluid Attacks
CVE-2025-9375: XML injection vulnerability in xmltodict 0.14.2 allows attackers to inject malicious XML markup via crafted dictionary keys.
π¨ CVE-2025-7445
Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs.
π@cveNotify
Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs.
π@cveNotify
GitHub
CVE-2025-7445: secrets-store-sync-controller discloses service account tokens in logs Β· Issue #133897 Β· kubernetes/kubernetes
A security issue was discovered in secrets-store-sync-controller where an actor with access to the controller logs could observe service account tokens. These tokens could then potentially be excha...
π¨ CVE-2025-9990
The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.8.10 via the portal_type parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
π@cveNotify
The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.8.10 via the portal_type parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
π@cveNotify