🚨 CVE-2025-39553
Missing Authorization vulnerability in andy_moyle Church Admin. This issue affects Church Admin: from n/a through 5.0.9.
🎖@cveNotify
Missing Authorization vulnerability in andy_moyle Church Admin. This issue affects Church Admin: from n/a through 5.0.9.
🎖@cveNotify
Patchstack
WordPress Church Admin plugin <= 5.0.9 - Sensitive Data Exposure vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-47437
Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache. This issue affects LiteSpeed Cache: from n/a through 7.0.1.
🎖@cveNotify
Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache. This issue affects LiteSpeed Cache: from n/a through 7.0.1.
🎖@cveNotify
Patchstack
WordPress LiteSpeed Cache plugin <= 7.0.1 - Server Side Request Forgery (SSRF) vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-47569
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates. This issue affects WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates: from n/a through 2.8.10.
🎖@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPSwings WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates. This issue affects WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates: from n/a through 2.8.10.
🎖@cveNotify
Patchstack
WordPress WooCommerce Ultimate Gift Card plugin <= 2.8.10 - SQL Injection vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-47570
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in villatheme WooCommerce Photo Reviews. This issue affects WooCommerce Photo Reviews: from n/a through 1.3.13.
🎖@cveNotify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in villatheme WooCommerce Photo Reviews. This issue affects WooCommerce Photo Reviews: from n/a through 1.3.13.
🎖@cveNotify
Patchstack
WordPress WooCommerce Photo Reviews plugin <= 1.3.13 - Cross Site Scripting (XSS) vulnerability - Patchstack
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-9019
A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2."
🎖@cveNotify
A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The researcher is able to reproduce this with the latest official release 4.5.1 and the current master branch. The code maintainer cannot reproduce this for 4.5.2-beta1. In his reply the maintainer explains that "[i]n that case, this is a duplicate that was fixed in 4.5.2."
🎖@cveNotify
🚨 CVE-2025-9093
A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A security vulnerability has been detected in BuzzFeed App 2024.9 on Android. This affects an unknown part of the file AndroidManifest.xml of the component com.buzzfeed.android. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
androidapps/com.buzzfeed.android.md at main · KMov-g/androidapps
Contribute to KMov-g/androidapps development by creating an account on GitHub.
🚨 CVE-2025-9102
A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A security vulnerability has been detected in 1&1 Mail & Media mail.com App 8.8.0 on Android. Affected is an unknown function of the file AndroidManifest.xml of the component com.mail.mobile.android.mail. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
androidapps/com.mail.mobile.android.mail.md at main · KMov-g/androidapps
Contribute to KMov-g/androidapps development by creating an account on GitHub.
🚨 CVE-2025-6021
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
🎖@cveNotify
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
🎖@cveNotify
🚨 CVE-2025-7425
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
🎖@cveNotify
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
🎖@cveNotify
🚨 CVE-2025-50518
A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing arbitrary code. NOTE: this is disputed by the Supplier because it only occurs when an application uses libcoap incorrectly.
🎖@cveNotify
A use-after-free vulnerability exists in the coap_delete_pdu_lkd function within coap_pdu.c of the libcoap library. This issue occurs due to improper handling of memory after the freeing of a PDU object, leading to potential memory corruption or the possibility of executing arbitrary code. NOTE: this is disputed by the Supplier because it only occurs when an application uses libcoap incorrectly.
🎖@cveNotify
GitHub
blog/libcoap-vulnerability.md at main · IreneTheITCrowd/blog
Contribute to IreneTheITCrowd/blog development by creating an account on GitHub.
🚨 CVE-2025-9000
A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. Affected by this vulnerability is an unknown functionality of the component reg File Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability was found in Mechrevo Control Center GX V2 5.56.51.48. Affected by this vulnerability is an unknown functionality of the component reg File Handler. The manipulation leads to uncontrolled search path. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
drive.proton.me
Proton Drive
Securely store, share, and access your important files and photos. Anytime, anywhere.
🚨 CVE-2025-9001
A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability was determined in LemonOS up to nightly-2024-07-12 on LemonOS. Affected by this issue is the function HTTPGet of the file /Applications/Steal/main.cpp of the component HTTP Client. The manipulation of the argument chunkSize leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
Remote stack overflow bug in steal HTTP client · Issue #60 · LemonOSProject/LemonOS
Remote Stack Overflow bug in steal HTTP Client Issue found by: @0xHamy & @0xvpr Overview This report details a stack overflow vulnerability in the steal HTTP client (curl equivalent for LemonOS...
🚨 CVE-2025-9002
A vulnerability was identified in Surbowl dormitory-management-php 1.0. This affects an unknown part of the file login.php. The manipulation of the argument Account leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
A vulnerability was identified in Surbowl dormitory-management-php 1.0. This affects an unknown part of the file login.php. The manipulation of the argument Account leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
GitHub
# Projectworlds dormitory-management-php Project V1.0 login.php SQL injection · Issue #1 · fatdog957/CVE-
NAME OF AFFECTED PRODUCT(S) dormitory-management-php Vendor Homepage github.com AFFECTED AND/OR FIXED VERSION(S) submitter 《CQL123》 Vulnerable File login.php VERSION(S) V1.0 Software Link https://g...
🚨 CVE-2025-9263
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
IDOR Unauthorized Job Log Access in /xxl-job-admin/joblog/getJobsByGroup (xxl-job ≤ 3.1.1) · Issue #3772 · xuxueli/xxl-job
IDOR Unauthorized Job Log Access in /xxl-job-admin/joblog/getJobsByGroup (xxl-job ≤ 3.1.1) Summary In xxl-job versions up to 3.1.1, an Insecure Direct Object Reference (IDOR) vulnerability allows a...
🚨 CVE-2025-9264
A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
🎖@cveNotify
A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource identifiers. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
🎖@cveNotify
GitHub
IDOR Unauthorized Job Deletion in /xxl-job-admin/jobinfo/remove (xxl-job ≤ 3.1.1) · Issue #3773 · xuxueli/xxl-job
IDOR Unauthorized Job Deletion in /xxl-job-admin/jobinfo/remove (xxl-job ≤ 3.1.1) Summary In xxl-job versions up to 3.1.1, an Insecure Direct Object Reference (IDOR) vulnerability allows authentica...
🚨 CVE-2025-5086
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
🎖@cveNotify
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
🎖@cveNotify
Dassault Systèmes
Security Advisories - Dassault Systèmes
Providing information on important security vulnerabilities that have been confirmed in our products.
🚨 CVE-2025-9175
A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used.
🎖@cveNotify
A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit is publicly available and might be used.
🎖@cveNotify
🚨 CVE-2025-50901
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.
🎖@cveNotify
JeeWMS 771e4f5d0c01ffdeae1671be4cf102b73a3fe644 (2025-05-19) contains incorrect authentication bypass vulnerability, which can lead to arbitrary file reading.
🎖@cveNotify
Gitee
JeeWMS/JeeWMS: JeeWMS 是基于Java全栈技术打造的智能仓储中枢系统,具备多形态仓储场景深度适配能力(兼容3PL第三方物流与厂内物流双模式)。系统通过PDA智能终端与WEB管理平台双端协同,构建了涵盖仓储管理(WMS)、订单协同(O…
🚨 CVE-2025-50904
There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any token.
🎖@cveNotify
There is an authentication bypass vulnerability in WinterChenS my-site thru commit 6c79286 (2025-06-11). An attacker can exploit this vulnerability to access /admin/ API without any token.
🎖@cveNotify
GitHub
There is still an Incorrect Access Control vulnerability in my-site · Issue #95 · WinterChenS/my-site
Version: latest (commit 6c79286) Branch: master Problem: There is an authentication bypass vulnerability in my-site. An attacker can exploit this vulnerability to access /admin/ API without any tok...
🚨 CVE-2025-55444
A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution.
🎖@cveNotify
A SQL injection vulnerability exists in the id2 parameter of the cancel_booking.php page in Online Artwork and Fine Arts MCA Project 1.0. A remote attacker can inject arbitrary SQL queries, leading to database enumeration and potential remote code execution.
🎖@cveNotify
Gist
My First CVE
My First CVE. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-53495
Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
🎖@cveNotify
Incorrect access control in the preHandle function of my-site v1.0.2.RELEASE allows attackers to access sensitive components without authentication.
🎖@cveNotify
GitHub
There is an Incorrect Access Control vulnerability in my-site · Issue #88 · WinterChenS/my-site
Version: <= 72a7152 Branch: master Problem: There is an authentication bypass vulnerability in my-site. An attacker can exploit this vulnerability to access /admin/ API without any token. Source...