🚨 CVE-2025-53644
OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
🎖@cveNotify
OpenCV is an Open Source Computer Vision Library. Versions prior to 4.12.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
🎖@cveNotify
GitHub
Cherry-pick OpenJPEG deconding status fix. · opencv/opencv@a39db41
Open Source Computer Vision Library. Contribute to opencv/opencv development by creating an account on GitHub.
🚨 CVE-2025-7788
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1 and classified as critical. Affected by this vulnerability is the function commandJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
OS Command Injection vulnerability on commandJobHandler · Issue #3750 · xuxueli/xxl-job
Summary The OS Command Injection vulnerability was discovered on commandJobHandler in latest version of xxl-job. The functionality for creating system job has user-controllable parameters without a...
🚨 CVE-2025-53888
RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds. If assertions are the only defense against untrusted inputs, the software may be exposed to attacks that utilize the lack of proper input checks. In the `l2filter_add()` function shown below, `addr_len` is checked using an assertion and is subsequently used as an argument in a `memcpy()` call. When assertions are disabled, there would be no size check for `addr_len`. As a consequence, if an attacker were to provide an `addr_len` value larger than `CONFIG_L2FILTER_ADDR_MAXLEN`, they can trigger a buffer overflow and write past the `list[i].addr` buffer. If the unchecked input is attacker-controlled, the impact of the buffer overflow can range from a denial of service to arbitrary code execution. Commit f6f7de4ccc107c018630e4c15500825caf02e1c2 contains a patch for the vulnerability.
🎖@cveNotify
RIOT-OS, an operating system that supports Internet of Things devices, has an ineffective size check implemented with `assert()` can lead to buffer overflow in versions up to and including 2025.04. Assertions are usually compiled out in production builds. If assertions are the only defense against untrusted inputs, the software may be exposed to attacks that utilize the lack of proper input checks. In the `l2filter_add()` function shown below, `addr_len` is checked using an assertion and is subsequently used as an argument in a `memcpy()` call. When assertions are disabled, there would be no size check for `addr_len`. As a consequence, if an attacker were to provide an `addr_len` value larger than `CONFIG_L2FILTER_ADDR_MAXLEN`, they can trigger a buffer overflow and write past the `list[i].addr` buffer. If the unchecked input is attacker-controlled, the impact of the buffer overflow can range from a denial of service to arbitrary code execution. Commit f6f7de4ccc107c018630e4c15500825caf02e1c2 contains a patch for the vulnerability.
🎖@cveNotify
GitHub
RIOT/sys/net/link_layer/l2filter/l2filter.c at 2025.04 · RIOT-OS/RIOT
RIOT - The friendly OS for IoT. Contribute to RIOT-OS/RIOT development by creating an account on GitHub.
🚨 CVE-2025-7789
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability was found in Xuxueli xxl-job up to 3.1.1 and classified as problematic. Affected by this issue is the function makeToken of the file src/main/java/com/xxl/job/admin/controller/IndexController.java of the component Token Generation. The manipulation leads to password hash with insufficient computational effort. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
Use of a Broken or Risky Cryptographic Algorithm vulnerability (CWE-327) · Issue #3751 · xuxueli/xxl-job
Summary Multiple versions of XXL-Job, including the latest version, contain a critical security vulnerability. The XXL_JOB_LOGIN_IDENTITY in the cookie is obtained by hexadecimal conversion of admi...
🚨 CVE-2025-7888
A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java. The manipulation of the argument formKey leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was found in TDuckCloud tduck-platform 5.1 and classified as critical. This issue affects the function UserFormDataMapper of the file src/main/java/com/tduck/cloud/form/mapper/UserFormDataMapper.java. The manipulation of the argument formKey leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
public_vulns/TDuck-sqli.md at main · kaixliu56/public_vulns
Contribute to kaixliu56/public_vulns development by creating an account on GitHub.
🚨 CVE-2025-49830
Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to better understand the folder structure of the Secrets Manager/Conjur server or to have the yaml parser include files on the server in the yaml that is processed as the policy loads. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.
🎖@cveNotify
Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who is able to load policy can use the policy yaml parser to reference files on the Secrets Manager, Self-Hosted server. These references may be used as reconnaissance to better understand the folder structure of the Secrets Manager/Conjur server or to have the yaml parser include files on the server in the yaml that is processed as the policy loads. This issue affects Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.
🎖@cveNotify
GitHub
Release v1.22.1 · cyberark/conjur
[1.22.1] - 2025-05-02
Security
Improve headers handling in AWS IAM authenticator. CONJSE-2023
Remove support for !include policy syntax in the policy parser. CONJSE-2019
Block ability to create ho...
Security
Improve headers handling in AWS IAM authenticator. CONJSE-2023
Remove support for !include policy syntax in the policy parser. CONJSE-2019
Block ability to create ho...
🚨 CVE-2025-49831
An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this issue can be actively exploited, though Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1 may be affected. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.
🎖@cveNotify
An attacker of Secrets Manager, Self-Hosted installations that route traffic from Secrets Manager to AWS through a misconfigured network device can reroute authentication requests to a malicious server under the attacker’s control. CyberArk believes there to be very few installations where this issue can be actively exploited, though Secrets Manager, Self-Hosted (formerly Conjur Enterprise) prior to versions 13.5.1 and 13.6.1 and Conjur OSS prior to version 1.22.1 may be affected. Conjur OSS version 1.22.1 and Secrets Manager, Self-Hosted versions 13.5.1 and 13.6.1 fix the issue.
🎖@cveNotify
GitHub
Release v1.22.1 · cyberark/conjur
[1.22.1] - 2025-05-02
Security
Improve headers handling in AWS IAM authenticator. CONJSE-2023
Remove support for !include policy syntax in the policy parser. CONJSE-2019
Block ability to create ho...
Security
Improve headers handling in AWS IAM authenticator. CONJSE-2023
Remove support for !include policy syntax in the policy parser. CONJSE-2019
Block ability to create ho...
🚨 CVE-2025-53909
mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows template expressions that may be abused to execute code in certain contexts. The issue requires admin-level access to mailcow UI to configure templates, which are automatically rendered during normal system operation. Version 2025-07 contains a patch for the issue.
🎖@cveNotify
mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection (SSTI) vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows template expressions that may be abused to execute code in certain contexts. The issue requires admin-level access to mailcow UI to configure templates, which are automatically rendered during normal system operation. Version 2025-07 contains a patch for the issue.
🎖@cveNotify
GitHub
[Dovecot] Use Jinja2 sandbox for rendering quota and quarantine notif… · mailcow/mailcow-dockerized@8c5f6c0
…ications
🚨 CVE-2025-57062
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🎖@cveNotify
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the delDhcpIndex parameter in the formDelDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.
🎖@cveNotify
🚨 CVE-2025-10127
Daikin Security Gateway is vulnerable to an authorization bypass through
a user-controlled key vulnerability that could allow an attacker to
bypass authentication. An unauthorized attacker could access the system
without prior credentials.
🎖@cveNotify
Daikin Security Gateway is vulnerable to an authorization bypass through
a user-controlled key vulnerability that could allow an attacker to
bypass authentication. An unauthorized attacker could access the system
without prior credentials.
🎖@cveNotify
🔥1
🚨 CVE-2025-0391
A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.
🎖@cveNotify
A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.
🎖@cveNotify
Gitee
JeeWMS/JeeWMS: JeeWMS 是基于Java全栈技术打造的智能仓储中枢系统,具备多形态仓储场景深度适配能力(兼容3PL第三方物流与厂内物流双模式)。系统通过PDA智能终端与WEB管理平台双端协同,构建了涵盖仓储管理(WMS)、订单协同(O…
🚨 CVE-2025-0392
A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.
🎖@cveNotify
A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component.
🎖@cveNotify
Gitee
JeeWMS/JeeWMS: JeeWMS 是基于Java全栈技术打造的智能仓储中枢系统,具备多形态仓储场景深度适配能力(兼容3PL第三方物流与厂内物流双模式)。系统通过PDA智能终端与WEB管理平台双端协同,构建了涵盖仓储管理(WMS)、订单协同(O…
🚨 CVE-2025-5384
A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
🎖@cveNotify
A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
🎖@cveNotify
Gitee
JeeWMS/JeeWMS: JeeWMS 是基于Java全栈技术打造的智能仓储中枢系统,具备多形态仓储场景深度适配能力(兼容3PL第三方物流与厂内物流双模式)。系统通过PDA智能终端与WEB管理平台双端协同,构建了涵盖仓储管理(WMS)、订单协同(O…
🚨 CVE-2025-5385
A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
🎖@cveNotify
A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
🎖@cveNotify
Gitee
JeeWMS/JeeWMS: JeeWMS 是基于Java全栈技术打造的智能仓储中枢系统,具备多形态仓储场景深度适配能力(兼容3PL第三方物流与厂内物流双模式)。系统通过PDA智能终端与WEB管理平台双端协同,构建了涵盖仓储管理(WMS)、订单协同(O…
🚨 CVE-2025-5386
A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
🎖@cveNotify
A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
🎖@cveNotify
Gitee
JeeWMS/JeeWMS: JeeWMS 是基于Java全栈技术打造的智能仓储中枢系统,具备多形态仓储场景深度适配能力(兼容3PL第三方物流与厂内物流双模式)。系统通过PDA智能终端与WEB管理平台双端协同,构建了涵盖仓储管理(WMS)、订单协同(O…
🚨 CVE-2025-5387
A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
🎖@cveNotify
A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
🎖@cveNotify
Gitee
JeeWMS/JeeWMS: JeeWMS 是基于Java全栈技术打造的智能仓储中枢系统,具备多形态仓储场景深度适配能力(兼容3PL第三方物流与厂内物流双模式)。系统通过PDA智能终端与WEB管理平台双端协同,构建了涵盖仓储管理(WMS)、订单协同(O…
🚨 CVE-2024-31220
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface outside of localhost may be affected, depending on firewall configuration. To exploit vulnerability, attacker could make an http/s request to the `node_modules` endpoint if user exposed Sunshine config web server to internet or attacker is on the LAN. Version 0.18.0 contains a patch for this issue. As a workaround, one may block access to Sunshine via firewall.
🎖@cveNotify
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface outside of localhost may be affected, depending on firewall configuration. To exploit vulnerability, attacker could make an http/s request to the `node_modules` endpoint if user exposed Sunshine config web server to internet or attacker is on the LAN. Version 0.18.0 contains a patch for this issue. As a workaround, one may block access to Sunshine via firewall.
🎖@cveNotify
GitHub
Release v0.18.0 · LizardByte/Sunshine
Attention, this release contains critical security fixes. Please update as soon as possible. Additionally, we are
encouraging users to change your Sunshine password, especially if you expose the we...
encouraging users to change your Sunshine password, especially if you expose the we...
🚨 CVE-2024-31221
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability.
🎖@cveNotify
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability.
🎖@cveNotify
GitHub
fix(security): ensure unpairing takes effect without restart (#2365) · LizardByte/Sunshine@b7aa811
Self-hosted game stream host for Moonlight. Contribute to LizardByte/Sunshine development by creating an account on GitHub.
🚨 CVE-2024-32466
Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, translation data was returned even when API key was missing `translation.view` scope. However, it was impossible to fetch the data when user was missing this scope. So this is only relevant for API keys generated by users permitted to `translation.view`. This vulnerability is fixed in v3.57.2
🎖@cveNotify
Tolgee is an open-source localization platform. For the `/v2/projects/translations` and `/v2/projects/{projectId}/translations` endpoints, translation data was returned even when API key was missing `translation.view` scope. However, it was impossible to fetch the data when user was missing this scope. So this is only relevant for API keys generated by users permitted to `translation.view`. This vulnerability is fixed in v3.57.2
🎖@cveNotify
GitHub
fix: Translation endpoints permission check (#2254) · tolgee/tolgee-platform@f712139
Developer & translator friendly web-based localization platform - fix: Translation endpoints permission check (#2254) · tolgee/tolgee-platform@f712139
🚨 CVE-2024-32470
Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4.
🎖@cveNotify
Tolgee is an open-source localization platform. When API key created by admin user is used it bypasses the permission check at all. This error was introduced in v3.57.2 and immediately fixed in v3.57.4.
🎖@cveNotify
GitHub
fix: Admin should not bypass auth when using API key (#2257) · tolgee/tolgee-platform@a0d8610
Developer & translator friendly web-based localization platform - fix: Admin should not bypass auth when using API key (#2257) · tolgee/tolgee-platform@a0d8610
🚨 CVE-2024-31226
Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\Program.bat`, or `C:\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories.
🎖@cveNotify
Sunshine is a self-hosted game stream host for Moonlight. Users who ran Sunshine versions 0.17.0 through 0.22.2 as a service on Windows may be impacted when terminating the service if an attacked placed a file named `C:\Program.exe`, `C:\Program.bat`, or `C:\Program.cmd` on the user's computer. This attack vector isn't exploitable unless the user has manually loosened ACLs on the system drive. If the user's system locale is not English, then the name of the executable will likely vary. Version 0.23.0 contains a patch for the issue. Some workarounds are available. One may identify and block potentially malicious software executed path interception by using application control tools, like Windows Defender Application Control, AppLocker, or Software Restriction Policies where appropriate. Alternatively, ensure that proper permissions and directory access control are set to deny users the ability to write files to the top-level directory `C:`. Require that all executables be placed in write-protected directories.
🎖@cveNotify
GitHub
Quote the path to sunshinesvc.exe when launching the termination help… · LizardByte/Sunshine@93e6223
…er (#2379)