🚨 CVE-2025-55037
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construct messages from external sources.
🎖@cveNotify
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote unauthenticated attacker if the settings are configured to construct messages from external sources.
🎖@cveNotify
GitHub
Release v1.0.22 · kujirahand/tkeasygui-python
The pip command can be used to install the latest version.
pip install -U TkEasyGUI
Change Logs:
popup_xxxでsizeプロパティを追加 #116
popup_xxxでiconが使えるように修正 #116
popup_memoをリサイズ可能に修正 #117
popup_listboxをリサ...
pip install -U TkEasyGUI
Change Logs:
popup_xxxでsizeプロパティを追加 #116
popup_xxxでiconが使えるように修正 #116
popup_memoをリサイズ可能に修正 #117
popup_listboxをリサ...
🚨 CVE-2025-55671
Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program.
🎖@cveNotify
Uncontrolled search path element issue exists in TkEasyGUI versions prior to v1.0.22. If this vulnerability is exploited, arbitrary code may be executed with the privilege of running the program.
🎖@cveNotify
GitHub
Release v1.0.22 · kujirahand/tkeasygui-python
The pip command can be used to install the latest version.
pip install -U TkEasyGUI
Change Logs:
popup_xxxでsizeプロパティを追加 #116
popup_xxxでiconが使えるように修正 #116
popup_memoをリサイズ可能に修正 #117
popup_listboxをリサ...
pip install -U TkEasyGUI
Change Logs:
popup_xxxでsizeプロパティを追加 #116
popup_xxxでiconが使えるように修正 #116
popup_memoをリサイズ可能に修正 #117
popup_listboxをリサ...
🚨 CVE-2025-58400
RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
🎖@cveNotify
RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
🎖@cveNotify
jvn.jp
JVN#98737186: RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path
Japan Vulnerability Notes
🚨 CVE-2025-8944
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod` setting.
🎖@cveNotify
The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod` setting.
🎖@cveNotify
WPScan
OceanWP < 4.1.2 - Subscriber+ Limited Option Update
See details on OceanWP < 4.1.2 - Subscriber+ Limited Option Update CVE 2025-8944. View the latest Theme Vulnerabilities on WPScan.
🚨 CVE-2024-7697
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.
🎖@cveNotify
Logical vulnerability in the mobile application (com.transsion.carlcare) may lead to user information leakage risks.
🎖@cveNotify
Tecno
TECNO Security Response Center | TECNO Phone
TECNO Security Response Center, a platform for cooperation and exchanges between TECNO and security industry experts, researchers and organizations.
🚨 CVE-2024-11206
Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.
🎖@cveNotify
Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.
🎖@cveNotify
Tecno
TECNO Security Response Center | TECNO Phone
TECNO Security Response Center, a platform for cooperation and exchanges between TECNO and security industry experts, researchers and organizations.
🚨 CVE-2024-12603
A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.
🎖@cveNotify
A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password.
🎖@cveNotify
Tecno
TECNO Security Response Center | TECNO Phone
TECNO Security Response Center, a platform for cooperation and exchanges between TECNO and security industry experts, researchers and organizations.
🚨 CVE-2025-1298
Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.
🎖@cveNotify
Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.
🎖@cveNotify
Tecno
TECNO Security Response Center | TECNO Phone
TECNO Security Response Center, a platform for cooperation and exchanges between TECNO and security industry experts, researchers and organizations.
🚨 CVE-2025-2190
The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.
🎖@cveNotify
The mobile application (com.transsnet.store) has a man-in-the-middle attack vulnerability, which may lead to code injection risks.
🎖@cveNotify
Tecno
TECNO Security Response Center | TECNO Phone
TECNO Security Response Center, a platform for cooperation and exchanges between TECNO and security industry experts, researchers and organizations.
🚨 CVE-2025-3698
Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk.
🎖@cveNotify
Interface exposure vulnerability in the mobile application (com.transsion.carlcare) may lead to information leakage risk.
🎖@cveNotify
Tecno
TECNO Security Response Center | TECNO Phone
TECNO Security Response Center, a platform for cooperation and exchanges between TECNO and security industry experts, researchers and organizations.
👌1
🚨 CVE-2025-48395
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version of NMC G2 which is available on the Eaton download center.
🎖@cveNotify
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the latest version of NMC G2 which is available on the Eaton download center.
🎖@cveNotify
🚨 CVE-2024-6504
Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261.
🎖@cveNotify
Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261.
🎖@cveNotify
Rapid7
New | Vulnerability Management Documentation
This release includes a new Scan Assistant version, added Arista Networks fingerprinting, new date data for reintroduced vulnerabilities, various improvements and fixes, and a security update.
🚨 CVE-2024-23454
Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content.
This is because, on unix-like systems, the system temporary directory is
shared between all local users. As such, files written in this directory,
without setting the correct posix permissions explicitly, may be viewable
by all other local users.
🎖@cveNotify
Apache Hadoop’s RunJar.run() does not set permissions for temporary directory by default. If sensitive data will be present in this file, all the other local users may be able to view the content.
This is because, on unix-like systems, the system temporary directory is
shared between all local users. As such, files written in this directory,
without setting the correct posix permissions explicitly, may be viewable
by all other local users.
🎖@cveNotify
🚨 CVE-2024-52544
An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
🎖@cveNotify
An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
🎖@cveNotify
GitHub
GitHub - sfewer-r7/LorexExploit: Lorex 2K Indoor Wi-Fi Security Camera: RCE Exploit Chain
Lorex 2K Indoor Wi-Fi Security Camera: RCE Exploit Chain - sfewer-r7/LorexExploit
🚨 CVE-2024-52547
An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
🎖@cveNotify
An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
🎖@cveNotify
GitHub
GitHub - sfewer-r7/LorexExploit: Lorex 2K Indoor Wi-Fi Security Camera: RCE Exploit Chain
Lorex 2K Indoor Wi-Fi Security Camera: RCE Exploit Chain - sfewer-r7/LorexExploit
🚨 CVE-2024-10972
Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations.
🎖@cveNotify
Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory’s access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations.
🎖@cveNotify
GitHub
Release Release 4.1 · Velocidex/WinPmem
This is a pre-release for testing of the latest WinPmem 4.1.
In this release the driver is test signed so to test you will need to enable test signing on:
As admin run bcdedit /set testsigning on...
In this release the driver is test signed so to test you will need to enable test signing on:
As admin run bcdedit /set testsigning on...
🚨 CVE-2025-48046
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.
🎖@cveNotify
An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint.
🎖@cveNotify
Rapid7
MICI NetFax Server Product Vulnerabilities (NOT FIXED) | Rapid7 Blog
🔥1
🚨 CVE-2023-6944
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
🎖@cveNotify
A flaw was found in the Red Hat Developer Hub (RHDH). The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gaining access to this token and depending on permissions, an attacker could push malicious code to repositories, delete resources in Git, revoke or generate new keys, and sign code illegitimately.
🎖@cveNotify
🚨 CVE-2024-32018
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted input, the software may be exposed to attacks that leverage the lack of proper input checks. In detail, in the `nimble_scanlist_update()` function below, `len` is checked in an assertion and subsequently used in a call to `memcpy()`. If an attacker is able to provide a larger `len` value while assertions are compiled-out, they can write past the end of the fixed-length `e->ad` buffer. If the unchecked input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerability could range from denial of service to arbitrary code execution. This issue has not yet been patched. Users are advised to add manual `len` checking.
🎖@cveNotify
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted input, the software may be exposed to attacks that leverage the lack of proper input checks. In detail, in the `nimble_scanlist_update()` function below, `len` is checked in an assertion and subsequently used in a call to `memcpy()`. If an attacker is able to provide a larger `len` value while assertions are compiled-out, they can write past the end of the fixed-length `e->ad` buffer. If the unchecked input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerability could range from denial of service to arbitrary code execution. This issue has not yet been patched. Users are advised to add manual `len` checking.
🎖@cveNotify
seclists.org
Full Disclosure: HNS-2024-07 - HN Security Advisory - Multiple vulnerabilities
in RIOT OS
in RIOT OS
🚨 CVE-2025-8497
A weakness has been identified in code-projects Online Medicine Guide 1.0. This affects an unknown part of the file /cusfindphar2.php. This manipulation of the argument Search causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
A weakness has been identified in code-projects Online Medicine Guide 1.0. This affects an unknown part of the file /cusfindphar2.php. This manipulation of the argument Search causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
🚨 CVE-2025-8498
A security vulnerability has been detected in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /cart/index.php. Such manipulation of the argument uname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
A security vulnerability has been detected in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /cart/index.php. Such manipulation of the argument uname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
🎖@cveNotify