π¨ CVE-2025-9173
A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A weakness has been identified in Emlog Pro up to 2.5.18. This issue affects some unknown processing of the file /admin/media.php?action=upload&sid=0. Executing manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
# Projectworlds emlog Project V2.5.18 /admin/media.php?action=upload&sid=0 File unrestricted upload Β· Issue #2 Β· lan041221/cvec
Projectworlds emlog Project V2.5.18 /admin/media.php?action=upload&sid=0 File unrestricted upload NAME OF AFFECTED PRODUCT(S) emlog Vendor Homepage emlog.net AFFECTED AND/OR FIXED VERSION(S) su...
β€1
π¨ CVE-2025-50989
OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitrary shell operators and payloads. Successful exploitation results in remote code execution with the privileges of the web service (typically root), potentially leading to full system compromise or lateral movement. This vulnerability arises from inadequate input validation and improper handling of user-supplied data in backend command invocations.
π@cveNotify
OPNsense before 25.1.8 contains an authenticated command injection vulnerability in its Bridge Interface Edit endpoint (interfaces_bridge_edit.php). The span POST parameter is concatenated into a system-level command without proper sanitization or escaping, allowing an administrator to inject arbitrary shell operators and payloads. Successful exploitation results in remote code execution with the privileges of the web service (typically root), potentially leading to full system compromise or lateral movement. This vulnerability arises from inadequate input validation and improper handling of user-supplied data in backend command invocations.
π@cveNotify
GitHub
proofs/info/OPNsense-25.1-Command-Injection-via-span-parameter.md at main Β· 4rdr/proofs
Contribute to 4rdr/proofs development by creating an account on GitHub.
π¨ CVE-2025-57819
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
π@cveNotify
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.
π@cveNotify
FreePBX Community Forums
Security Advisory: Please Lock Down Your Administrator Access
The Sangoma FreePBX Security Team is aware of a potential exploit affecting some systems with the administrator control panel exposed to the public internet. AUG. 28 GOOD NEWS: FIX IS NOW DEPLOYED IN STABLE REPOS FOR AFFECTED SUPPORTED VERSIONS, INCLUDINGβ¦
π¨ CVE-2025-54246
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access.
π@cveNotify
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Experience Manager | APSB25-90
π¨ CVE-2025-54247
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access.
π@cveNotify
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Experience Manager | APSB25-90
π¨ CVE-2025-54248
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Scope is changed
π@cveNotify
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Scope is changed
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Experience Manager | APSB25-90
π¨ CVE-2025-54249
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate server-side requests and bypass security controls allowing unauthorized read access.
π@cveNotify
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate server-side requests and bypass security controls allowing unauthorized read access.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Experience Manager | APSB25-90
π¨ CVE-2025-54250
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access.
π@cveNotify
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Experience Manager | APSB25-90
π¨ CVE-2025-54251
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access.
π@cveNotify
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by an XML Injection vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate XML queries and gain limited unauthorized write access.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Experience Manager | APSB25-90
π¨ CVE-2025-54252
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could result in bypassing security features within the application. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.
π@cveNotify
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. This could result in bypassing security features within the application. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe Experience Manager | APSB25-90
π¨ CVE-2025-53913
Excessive Privileges vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G.
π@cveNotify
Excessive Privileges vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G.
π@cveNotify
Fluidattacks
Calix GigaCenter ONT (Quantenna SoC) - Excessive Privileges | Fluid Attacks
CVE-2025-53913: Excessive Privileges in Gigacenters ONT routers allows unauthenticated root access via UART interface (Quantenna SoC).
π¨ CVE-2025-53914
Excessive Privileges vulnerability in Calix GigaCenter ONT (Broadcom SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G.
π@cveNotify
Excessive Privileges vulnerability in Calix GigaCenter ONT (Broadcom SoC modules) allows Privilege Abuse.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE, 812G, 813G, 818G.
π@cveNotify
Fluidattacks
Calix GigaCenter ONT (Broadcom SoC) - Excessive Privileges | Fluid Attacks
CVE-2025-53914: Excessive Privileges in Gigacenters ONT routers allows unauthenticated root access via UART interface (Broadcom SoC)
π¨ CVE-2025-7635
Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.
π@cveNotify
Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.
π@cveNotify
Fluidattacks
Calix GigaCenter ONT - Unauthenticated Telnet | Fluid Attacks
CVE-2025-7635: Unauthenticated Telnet Access in Calix Gigacenter ONT routers grants administrative access.
β€1
π¨ CVE-2025-8672
MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions
granted by the user to the main application bundle. An attacker with local user access can
invoke this interpreter with arbitrary commands or scripts, leveraging the
application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker's malicious intent.
This issue has been fixed in 3.1.4.2 version of GIMP.
π@cveNotify
MacOS version of GIMP bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions
granted by the user to the main application bundle. An attacker with local user access can
invoke this interpreter with arbitrary commands or scripts, leveraging the
application's previously granted TCC permissions to access user's files in privacy-protected folders without triggering user prompts. Accessing other resources beyond previously granted TCC permissions will prompt the user for approval in the name of GIMP, potentially disguising attacker's malicious intent.
This issue has been fixed in 3.1.4.2 version of GIMP.
π@cveNotify
cert.pl
TCC Bypass vulnerabilities in six applications for MacOS
TCC Bypass vulnerabilities has been found in GIMP (CVE-2025-8672), Mosh-Pro (CVE-2025-53811), Cursor (CVE-2025-9190), MacVim (CVE-2025-8597), Nozbe (CVE-2025-53813) and Invoice Ninja (CVE-2025-8700) applications for MacOS.
π¨ CVE-2025-9136
A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component.
π@cveNotify
A flaw has been found in libretro RetroArch 1.18.0/1.19.0/1.20.0. This affects the function filestream_vscanf of the file libretro-common/streams/file_stream.c. This manipulation causes out-of-bounds read. The attack needs to be launched locally. Upgrading to version 1.21.0 mitigates this issue. It is recommended to upgrade the affected component.
π@cveNotify
π¨ CVE-2025-9146
A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high level of complexity. The exploitability is described as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
IOT_Firmware_Update/Linksys/E5600.md at main Β· IOTRes/IOT_Firmware_Update
Contribute to IOTRes/IOT_Firmware_Update development by creating an account on GitHub.
π¨ CVE-2025-55223
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
π@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-55224
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
π@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to execute code locally.
π@cveNotify
π¨ CVE-2025-55225
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
π@cveNotify
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
π@cveNotify
π¨ CVE-2025-55226
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.
π@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Graphics Kernel allows an authorized attacker to execute code locally.
π@cveNotify
π¨ CVE-2025-55234
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks.
The SMB Server already supports mechanisms for hardening against relay attacks:
SMB Server signing
SMB Server Extended Protection for Authentication (EPA)
Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks.
If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningβSMB Server Signing & SMB Server EPA.
Adopt appropriate SMB Server hardening measures.
π@cveNotify
SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks.
The SMB Server already supports mechanisms for hardening against relay attacks:
SMB Server signing
SMB Server Extended Protection for Authentication (EPA)
Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks.
If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningβSMB Server Signing & SMB Server EPA.
Adopt appropriate SMB Server hardening measures.
π@cveNotify