🚨 CVE-2023-51074
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
🎖@cveNotify
json-path v2.8.0 was discovered to contain a stack overflow via the Criteria.parse() method.
🎖@cveNotify
GitHub
Stack Overflow (Criteria.parse) · Issue #973 · json-path/JsonPath
Stack Overflow (Criteria.parse) Description A stack overflow vulnerability exists in the Criteria.parse method in json-path 2.8.0. Specially crafted input can cause uncontrolled recursion, resultin...
🚨 CVE-2025-9387
A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was found in DCN DCME-720 9.1.5.11. This affects an unknown function of the file /usr/local/www/function/audit/newstatistics/ip_block.php of the component Web Management Backend. Performing manipulation of the argument ip results in os command injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. Other products might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
lin-cve/DCME-720/DCME-720.md at main · lin-3-start/lin-cve
Contribute to lin-3-start/lin-cve development by creating an account on GitHub.
🚨 CVE-2025-9389
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".
🎖@cveNotify
A vulnerability was identified in vim 9.1.0000. Affected is the function __memmove_avx_unaligned_erms of the file memmove-vec-unaligned-erms.S. The manipulation leads to memory corruption. The attack needs to be performed locally. The exploit is publicly available and might be used. Some users are not able to reproduce this. One of the users mentions that this appears not to be working, "when coloring is turned on".
🎖@cveNotify
🚨 CVE-2025-9390
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.
🎖@cveNotify
A security flaw has been discovered in vim up to 9.1.1615. Affected by this vulnerability is the function main of the file src/xxd/xxd.c of the component xxd. The manipulation results in buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be exploited. Upgrading to version 9.1.1616 addresses this issue. The patch is identified as eeef7c77436a78cd27047b0f5fa6925d56de3cb0. It is recommended to upgrade the affected component.
🎖@cveNotify
🚨 CVE-2025-54261
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. Scope is changed.
🎖@cveNotify
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. Scope is changed.
🎖@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe ColdFusion | APSB25-93
🚨 CVE-2017-1000190
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
🎖@cveNotify
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
🎖@cveNotify
GitHub
XXE vulnerability in SimpleXML · Issue #18 · ngallagher/simplexml
Hi, there. Recently, I learned about SimpleXML and tried my luck to find some bugs. Here is what I found. As you know, SimpleXML can serialize and deserialize XML document. So I tested for these fu...
🚨 CVE-2025-25291
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.
🎖@cveNotify
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently; the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 fix the issue.
🎖@cveNotify
Gitlab
GitLab Critical Patch Release: 17.9.2, 17.8.5, 17.7.7 | GitLab Docs
Learn more about GitLab Critical Patch Release: 17.9.2, 17.8.5, 17.7.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
🚨 CVE-2025-25292
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.
🎖@cveNotify
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication bypass vulnerability was found in ruby-saml prior to versions 1.12.4 and 1.18.0 due to a parser differential. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker to be able to execute a Signature Wrapping attack. This issue may lead to authentication bypass. Versions 1.12.4 and 1.18.0 contain a patch for the issue.
🎖@cveNotify
Gitlab
GitLab Critical Patch Release: 17.9.2, 17.8.5, 17.7.7 | GitLab Docs
Learn more about GitLab Critical Patch Release: 17.9.2, 17.8.5, 17.7.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
🚨 CVE-2025-25293
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.
🎖@cveNotify
ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. Prior to versions 1.12.4 and 1.18.0, ruby-saml is susceptible to remote Denial of Service (DoS) with compressed SAML responses. ruby-saml uses zlib to decompress SAML responses in case they're compressed. It is possible to bypass the message size check with a compressed assertion since the message size is checked before inflation and not after. This issue may lead to remote Denial of Service (DoS). Versions 1.12.4 and 1.18.0 fix the issue.
🎖@cveNotify
Gitlab
GitLab Critical Patch Release: 17.9.2, 17.8.5, 17.7.7 | GitLab Docs
Learn more about GitLab Critical Patch Release: 17.9.2, 17.8.5, 17.7.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).
🚨 CVE-2025-55192
HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impacts the GitHub Actions environment for this repository. The vulnerable workflow directly inserted user-controlled content from the issue body (github.event.issue.body) into a Bash conditional without proper sanitization. A malicious GitHub user could craft an issue body that executes arbitrary commands on the GitHub Actions runner in a privileged context whenever an issue is opened. The potential impact is limited to the repository’s CI/CD environment, which could allow access to repository contents or GitHub Actions secrets. This issue has been patched via commit 2a3b80f. Workarounds involve disabling the affected workflow (issues.yml), replacing the unsafe Bash comparison with a safe quoted grep (or a pure GitHub Actions expression check), or ensuring minimal permissions in workflows (permissions: block) to reduce possible impact.
🎖@cveNotify
HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerability in the GitHub Actions workflow .github/workflows/issues.yml. It does not affect users of the Home Assistant integration itself — it only impacts the GitHub Actions environment for this repository. The vulnerable workflow directly inserted user-controlled content from the issue body (github.event.issue.body) into a Bash conditional without proper sanitization. A malicious GitHub user could craft an issue body that executes arbitrary commands on the GitHub Actions runner in a privileged context whenever an issue is opened. The potential impact is limited to the repository’s CI/CD environment, which could allow access to repository contents or GitHub Actions secrets. This issue has been patched via commit 2a3b80f. Workarounds involve disabling the affected workflow (issues.yml), replacing the unsafe Bash comparison with a safe quoted grep (or a pure GitHub Actions expression check), or ensuring minimal permissions in workflows (permissions: block) to reduce possible impact.
🎖@cveNotify
GitHub
Update issues.yml · JurajNyiri/HomeAssistant-Tapo-Control@2a3b80f
Control for Tapo cameras as a Home Assistant component - Update issues.yml · JurajNyiri/HomeAssistant-Tapo-Control@2a3b80f
🚨 CVE-2025-52287
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability.
🎖@cveNotify
OperaMasks SDK ELite Script Engine v0.5.0 was discovered to contain a deserialization vulnerability.
🎖@cveNotify
Gist
CVE-2025-52287
CVE-2025-52287. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2018-1274
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
🎖@cveNotify
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).
🎖@cveNotify
🚨 CVE-2019-5312
An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318.
🎖@cveNotify
An issue was discovered in weixin-java-tools v3.3.0. There is an XXE vulnerability in the getXmlDoc method of the BaseWxPayResult.java file. NOTE: this issue exists because of an incomplete fix for CVE-2018-20318.
🎖@cveNotify
GitHub
XXE Vulnerability · Issue #903 · binarywang/WxJava
Hello, i have tested the fix for the XXE vulnerability of the issue 889. Unfortunately, the vulnerability is still present in version 3.3.0, see the image below. Additional information on how to pr...
🚨 CVE-2019-11272
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
🎖@cveNotify
Spring Security, versions 4.2.x up to 4.2.12, and older unsupported versions support plain text passwords using PlaintextPasswordEncoder. If an application using an affected version of Spring Security is leveraging PlaintextPasswordEncoder and a user has a null encoded password, a malicious user (or attacker) can authenticate using a password of "null".
🎖@cveNotify
🚨 CVE-2022-24614
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
🎖@cveNotify
When reading a specially crafted JPEG file, metadata-extractor up to 2.16.0 can be made to allocate large amounts of memory that finally leads to an out-of-memory error even for very small inputs. This could be used to mount a denial of service attack against services that use metadata-extractor library.
🎖@cveNotify
GitHub
A list of bugs found (33 bugs in total) · Issue #561 · drewnoakes/metadata-extractor
1. Unique Bugs Found Recently we (Zhang Cen, Huang Wenjie and Zhang Xiaohan) discovered a series of bugs in latest metadta-extractor (2.16.0). Every bug we reported in the following is unique and r...
🚨 CVE-2023-42276
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
🎖@cveNotify
hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.
🎖@cveNotify
GitHub
`JSONArray`的`add()`方法抛出OutOfMemory异常 · Issue #3286 · chinabugotech/hutool
版本情况 JDK版本: 1.8.0_362 hutool版本: 5.8.21 问题描述(包括截图) 复现代码 import cn.hutool.json.JSONObject; public class JSONObjectTest { public static void main(String[] args) { JSONArray jSONArray = new JSONArray()...
🚨 CVE-2023-51080
The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
🎖@cveNotify
The NumberUtil.toBigDecimal method in hutool-core v5.8.23 was discovered to contain a stack overflow.
🎖@cveNotify
GitHub
NumberUtil.toBigDecimal方法报StackOverflowError · Issue #3423 · chinabugotech/hutool
版本情况 JDK版本: openjdk_8_201 hutool-core: 5.8.23(请确保最新尝试是否还有问题) 问题描述(包括截图) 在hutool-core的5.8.23版本中,调用NumberUtil.toBigDecimal方法时,如果入参为“NaN”,程序会崩溃,报StackOverflowError 复现代码 import org.junit.Test; import c...
🚨 CVE-2017-1000190
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
🎖@cveNotify
SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability resulting SSRF, information disclosure, DoS and so on.
🎖@cveNotify
GitHub
XXE vulnerability in SimpleXML · Issue #18 · ngallagher/simplexml
Hi, there. Recently, I learned about SimpleXML and tried my luck to find some bugs. Here is what I found. As you know, SimpleXML can serialize and deserialize XML document. So I tested for these fu...
🚨 CVE-2023-3710
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
🎖@cveNotify
Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
🎖@cveNotify
🚨 CVE-2023-3711
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
🎖@cveNotify
Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
🎖@cveNotify
🚨 CVE-2023-3712
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.
Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
🎖@cveNotify
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004.
Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).
🎖@cveNotify