π¨ CVE-2024-53273
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victimβs account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch.
π@cveNotify
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victimβs account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch.
π@cveNotify
GitHub
Merge commit from fork Β· HabitRPG/habitica@946ade5
Co-authored-by: Sabe Jones <sabe@habitica.com>
π¨ CVE-2024-53274
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability. Arbitrary javascript can be executed by the attacker in the context of the victimβs session. Version 5.28.5 contains a patch.
π@cveNotify
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability. Arbitrary javascript can be executed by the attacker in the context of the victimβs session. Version 5.28.5 contains a patch.
π@cveNotify
GitHub
Merge commit from fork Β· HabitRPG/habitica@946ade5
Co-authored-by: Sabe Jones <sabe@habitica.com>
π¨ CVE-2014-9199
The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic.
π@cveNotify
The Clorius Controls Java web client before 01.00.0009g allows remote attackers to discover credentials by sniffing the network for cleartext-equivalent traffic.
π@cveNotify
π¨ CVE-2014-9197
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.
π@cveNotify
The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware before 1.60 IR 04 stores rde.jar under the web root with insufficient access control, which allows remote attackers to obtain sensitive setup and configuration information via a direct request.
π@cveNotify
π¨ CVE-2014-9198
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.
π@cveNotify
The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an FTP session.
π@cveNotify
π¨ CVE-2014-9200
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.
π@cveNotify
Stack-based buffer overflow in an unspecified DLL file in a DTM development kit in Schneider Electric Unity Pro, SoMachine, SoMove, SoMove Lite, Modbus Communication Library 2.2.6 and earlier, CANopen Communication Library 1.0.2 and earlier, EtherNet/IP Communication Library 1.0.0 and earlier, EM X80 Gateway DTM (MB TCP/SL), Advantys DTM for OTB, Advantys DTM for STB, KINOS DTM, SOLO DTM, and Xantrex DTMs allows remote attackers to execute arbitrary code via unspecified vectors.
π@cveNotify
π¨ CVE-2025-10027
A vulnerability was determined in itsourcecode POS Point of Sale System 1.0. Affected by this issue is some unknown functionality of the file /inventory/main/vendors/datatables/unit_testing/templates/2512.php. This manipulation of the argument scripts causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
A vulnerability was determined in itsourcecode POS Point of Sale System 1.0. Affected by this issue is some unknown functionality of the file /inventory/main/vendors/datatables/unit_testing/templates/2512.php. This manipulation of the argument scripts causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
π@cveNotify
GitHub
CVE-Report/CVE-004.md at main Β· AlphabugX/CVE-Report
Contribute to AlphabugX/CVE-Report development by creating an account on GitHub.
π¨ CVE-2025-57807
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset β« extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2βΆβ΄ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
π@cveNotify
ImageMagick is free and open-source software used for editing and manipulating digital images. ImageMagick versions lower than 14.8.2 include insecure functions: SeekBlob(), which permits advancing the stream offset beyond the current end without increasing capacity, and WriteBlob(), which then expands by quantum + length (amortized) instead of offset + length, and copies to data + offset. When offset β« extent, the copy targets memory beyond the allocation, producing a deterministic heap write on 64-bit builds. No 2βΆβ΄ arithmetic wrap, external delegates, or policy settings are required. This is fixed in version 14.8.2.
π@cveNotify
GitHub
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-2β¦ Β· ImageMagick/ImageMagick@077a417
β¦3hg-53q6-hqfg
π₯1
π¨ CVE-2025-58370
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of certain commands, an attacker able to influence prompts could abuse this weakness to execute additional arbitrary commands alongside the intended one. This is fixed in version 3.26.0.
π@cveNotify
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of certain commands, an attacker able to influence prompts could abuse this weakness to execute additional arbitrary commands alongside the intended one. This is fixed in version 3.26.0.
π@cveNotify
GitHub
Potential Remote Code Execution via Bash Parameter Expansion and Indirect Reference
### Summary
A vulnerability was identified in the command parsing logic where Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-appr...
A vulnerability was identified in the command parsing logic where Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-appr...
π¨ CVE-2025-58371
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution (RCE) on the Actions runner. The workflow runs with broad permissions and access to repository secrets. It is possible for an attacker to execute arbitrary commands on the runner, push or modify code in the repository, access secrets, and create malicious releases or packages, resulting in a complete compromise of the repository and its associated services. This is fixed in version 3.26.7.
π@cveNotify
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.26.6 and below, a Github workflow used unsanitized pull request metadata in a privileged context, allowing an attacker to craft malicious input and achieve Remote Code Execution (RCE) on the Actions runner. The workflow runs with broad permissions and access to repository secrets. It is possible for an attacker to execute arbitrary commands on the runner, push or modify code in the repository, access secrets, and create malicious releases or packages, resulting in a complete compromise of the repository and its associated services. This is fixed in version 3.26.7.
π@cveNotify
GitHub
Delete .github/workflows/discord-pr-notify.yml Β· RooCodeInc/Roo-Code@a0384f3
Roo Code gives you a whole dev team of AI agents in your code editor. - Delete .github/workflows/discord-pr-notify.yml Β· RooCodeInc/Roo-Code@a0384f3
π¨ CVE-2025-58372
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace) are not protected in the same way as the .vscode folder. If the agent was configured to auto-approve file writes, an attacker able to influence prompts (for example via prompt injection) could cause malicious workspace settings or tasks to be written. These tasks could then be executed automatically when the workspace is reopened, resulting in arbitrary code execution. This issue is fixed in version 3.26.0.
π@cveNotify
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace) are not protected in the same way as the .vscode folder. If the agent was configured to auto-approve file writes, an attacker able to influence prompts (for example via prompt injection) could cause malicious workspace settings or tasks to be written. These tasks could then be executed automatically when the workspace is reopened, resulting in arbitrary code execution. This issue is fixed in version 3.26.0.
π@cveNotify
GitHub
Mark code-workspace files as protected (#7403) Β· RooCodeInc/Roo-Code@296edfc
Roo Code gives you a whole dev team of AI agents in your code editor. - Mark code-workspace files as protected (#7403) Β· RooCodeInc/Roo-Code@296edfc
π¨ CVE-2025-58373
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This allows an attacker with write access to the workspace to trick the extension into reading files that were intended to be excluded. As a result, sensitive files such as .env or configuration files could be exposed. An attacker able to modify files within the workspace could gain unauthorized access to sensitive information by bypassing .rooignore rules. This could include secrets, configuration details, or other excluded project data. This is fixed in version 3.26.0.
π@cveNotify
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where .rooignore protections could be bypassed using symlinks. This allows an attacker with write access to the workspace to trick the extension into reading files that were intended to be excluded. As a result, sensitive files such as .env or configuration files could be exposed. An attacker able to modify files within the workspace could gain unauthorized access to sensitive information by bypassing .rooignore rules. This could include secrets, configuration details, or other excluded project data. This is fixed in version 3.26.0.
π@cveNotify
GitHub
Follow symlinks in rooignore checks by mrubens Β· Pull Request #7405 Β· RooCodeInc/Roo-Code
Thanks to @thelicato for flagging this
ImportantEnhance RooIgnoreController to resolve symlinks in validateAccess to prevent TOCTOU attacks, with corresponding tests added.
Behavior:
validateAc...
ImportantEnhance RooIgnoreController to resolve symlinks in validateAccess to prevent TOCTOU attacks, with corresponding tests added.
Behavior:
validateAc...
π¨ CVE-2025-58439
ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left certain endpoints vulnerable to error-based SQL Injection. Some information like version could be retrieved. This issue is fixed in versions 14.89.2 and 15.76.0.
π@cveNotify
ERP is a free and open source Enterprise Resource Planning tool. In versions below 14.89.2 and 15.0.0 through 15.75.1, lack of validation of parameters left certain endpoints vulnerable to error-based SQL Injection. Some information like version could be retrieved. This issue is fixed in versions 14.89.2 and 15.76.0.
π@cveNotify
GitHub
fix: improve queries with query builder and input sanitization (backport #49192) by mergify[bot] Β· Pull Request #49219 Β· frappe/erpnext
Replaced raw SQL with query builder in multiple functions. Some changes include sanitizing user inputs.
Summary by CodeRabbit
Refactor
Migrated many internal queries to a safer, more maintainabl...
Summary by CodeRabbit
Refactor
Migrated many internal queries to a safer, more maintainabl...
π¨ CVE-2025-53149
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
π@cveNotify
Heap-based buffer overflow in Kernel Streaming WOW Thunk Service Driver allows an authorized attacker to elevate privileges locally.
π@cveNotify
π1
π¨ CVE-2025-6067
The Easy Social Feed β Social Photos Gallery β Post Feed β Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption` and `data-linktext` parameters in all versions up to, and including, 6.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The Easy Social Feed β Social Photos Gallery β Post Feed β Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-caption` and `data-linktext` parameters in all versions up to, and including, 6.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
π¨ CVE-2025-7366
The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
π@cveNotify
The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
π@cveNotify
ThemeForest
REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme
REHub β Wordpress template with all in one combination of online money making strategies
REHub is a modern multipurpose hybrid theme. Theme covers many modern Business models for online website...
REHub is a modern multipurpose hybrid theme. Theme covers many modern Business models for online website...
π¨ CVE-2025-7368
The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajax_action_re_getfullcontent' function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected posts that they should not have access to.
π@cveNotify
The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajax_action_re_getfullcontent' function due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected posts that they should not have access to.
π@cveNotify
ThemeForest
REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme
REHub β Wordpress template with all in one combination of online money making strategies
REHub is a modern multipurpose hybrid theme. Theme covers many modern Business models for online website...
REHub is a modern multipurpose hybrid theme. Theme covers many modern Business models for online website...
π¨ CVE-2025-9849
The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zm_sh_btn' shortcode in all versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zm_sh_btn' shortcode in all versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
GitHub
html-social-share-buttons/html-social-share.php at a614c9ce5731417edcf01747eacd814c754cc2d4 Β· alimuzzaman/html-social-share-buttons
Html Social share buttons. Contribute to alimuzzaman/html-social-share-buttons development by creating an account on GitHub.
π¨ CVE-2025-7040
The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. The handler reads client-supplied POST parameters for organization settings and passes them directly to update_option() without any check of the userβs capabilities or a CSRF nonce. This makes it possible for unauthenticated attackers to change critical configuration (including toggling signing and encryption), potentially breaking the SSO flow and causing a denial-of-service.
π@cveNotify
The Cloud SAML SSO plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'set_organization_settings' action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. The handler reads client-supplied POST parameters for organization settings and passes them directly to update_option() without any check of the userβs capabilities or a CSRF nonce. This makes it possible for unauthenticated attackers to change critical configuration (including toggling signing and encryption), potentially breaking the SSO flow and causing a denial-of-service.
π@cveNotify
π¨ CVE-2025-7045
The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any configured IdP, breaking the SSO authentication flow and causing a denial-of-service.
π@cveNotify
The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. This makes it possible for unauthenticated attackers to delete any configured IdP, breaking the SSO authentication flow and causing a denial-of-service.
π@cveNotify
π¨ CVE-2025-8149
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify