🚨 CVE-2025-9396
A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.
🎖@cveNotify
A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.
🎖@cveNotify
🚨 CVE-2025-9422
A vulnerability was found in oitcode samarium up to 0.9.6. This impacts an unknown function of the file /dashboard/team of the component Team Image Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used.
🎖@cveNotify
A vulnerability was found in oitcode samarium up to 0.9.6. This impacts an unknown function of the file /dashboard/team of the component Team Image Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used.
🎖@cveNotify
GitHub
VulnDB/readme10.md at main · MaiqueSilva/VulnDB
Contribute to MaiqueSilva/VulnDB development by creating an account on GitHub.
🚨 CVE-2025-9424
A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itbox_pi/branch_import.php?a=branch_list. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was identified in Ruijie WS7204-A 2017.06.15. Affected by this vulnerability is an unknown functionality of the file /itbox_pi/branch_import.php?a=branch_list. Such manipulation of the argument province leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Ruijie WS7204-A AC wireless controller has a command execution vulnerability · Issue #1 · Hwwg/cve
Ruijie WS7204-A AC wireless controller has a command execution vulnerability Contributors:Huang Weigang 1. Vulnerability Impact Ruijie WS7204-A AC Wireless Controller 2. Vulnerability Location /itb...
🚨 CVE-2025-10097
A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.
🎖@cveNotify
A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.
🎖@cveNotify
GitHub
[BUG] RCE (unauthenticated) · Issue #961 · simstudioai/sim
RCE (unauthenticated) Summary The RCE vulnerability was discovered on /api/function/execute in latest version of SIM. The functionality has user-controllable parameter without any blacklist/whiteli...
🚨 CVE-2025-10098
A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
🎖@cveNotify
A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
🎖@cveNotify
GitHub
Phpgurukul UMS Project PHP V1.0 /admin/edit-user-profile.php SQL injection · Issue #2 · CSentinel/CVE
NAME OF AFFECTED PRODUCT(S) UMS Project PHP Vendor Homepage https://phpgurukul.com/user-management-system-in-php-using-stored-procedure/ AFFECTED AND/OR FIXED VERSION(S) submitter CSentinel Vulnera...
🚨 CVE-2025-51586
An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.
🎖@cveNotify
An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.
🎖@cveNotify
GitHub
Release Prestashop 8.2.1 · PrestaShop/PrestaShop
Full Changelog
This patch release fixes some bugs and adds some improvements
Click here to read the changes since 8.2.0
Back Office:
Improvement:
#37828: Add URL Validation when installing the...
This patch release fixes some bugs and adds some improvements
Click here to read the changes since 8.2.0
Back Office:
Improvement:
#37828: Add URL Validation when installing the...
🚨 CVE-2025-10100
A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /admin_class.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
🎖@cveNotify
A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /admin_class.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
🎖@cveNotify
GitHub
# sourcecodester Simple Forum/Discussion System Code Project V1.0 admin_class.php SQL injection · Issue #1 · bdrfly/cve
sourcecodester Simple Forum/Discussion System Code Project V1.0 admin_class.php SQL injection NAME OF AFFECTED PRODUCT(S) Simple Forum/Discussion System Vendor Homepage https://www.sourcecodester.c...
🚨 CVE-2025-56265
An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.
🎖@cveNotify
An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.
🎖@cveNotify
GitHub
CVEs/N8N/N8N_v1.100.1/ChatTrigger_StoredXSSviaUnrestrictedFileUpload/StoredXSSviaUnristrictedFileUpload.txt at main · nikolas-ch/CVEs
Contribute to nikolas-ch/CVEs development by creating an account on GitHub.
🚨 CVE-2025-56266
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.
🎖@cveNotify
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.
🎖@cveNotify
GitHub
CVEs/AvigilonACM_v7.10.0.20/HostHeaderInjection/HostHeaderInjection.txt at main · nikolas-ch/CVEs
Contribute to nikolas-ch/CVEs development by creating an account on GitHub.
🚨 CVE-2025-56267
A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.
🎖@cveNotify
A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.
🎖@cveNotify
GitHub
CVEs/AvigilonACM_v7.10.0.20/CSV_Injection/CSV_Injection.txt at main · nikolas-ch/CVEs
Contribute to nikolas-ch/CVEs development by creating an account on GitHub.
🚨 CVE-2025-57285
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.
🎖@cveNotify
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.
🎖@cveNotify
Gist
CVE-2025-57285
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2025-52161
Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting (XSS) vulnerability.
🎖@cveNotify
Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting (XSS) vulnerability.
🎖@cveNotify
🚨 CVE-2025-55998
A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify App 1.0 allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the color filter parameter.
🎖@cveNotify
A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify App 1.0 allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the color filter parameter.
🎖@cveNotify
GitHub
GitHub - Ocmenog/CVE-2025-55998
Contribute to Ocmenog/CVE-2025-55998 development by creating an account on GitHub.
🚨 CVE-2025-10326
A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
CVE/RPi-Jukebox-RFID/rce3.md at main · YZS17/CVE
CVE of XU17. Contribute to YZS17/CVE development by creating an account on GitHub.
🚨 CVE-2025-10327
A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
CVE/RPi-Jukebox-RFID/rce4.md at main · YZS17/CVE
CVE of XU17. Contribute to YZS17/CVE development by creating an account on GitHub.
🚨 CVE-2025-45583
Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password.
🎖@cveNotify
Incorrect access control in the FTP protocol of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to authenticate into the service using any combination of username and password.
🎖@cveNotify
2barbie on Notion
2024 - Audi UTR 2.0 Report | Notion
Audi UTR 2.0 response disclosure report
🔥1
🚨 CVE-2025-10176
The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the prepare_items function in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
🎖@cveNotify
The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the prepare_items function in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
🎖@cveNotify
🚨 CVE-2025-10328
A security vulnerability has been detected in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/api/playlist/playsinglefile.php. The manipulation of the argument File leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A security vulnerability has been detected in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/api/playlist/playsinglefile.php. The manipulation of the argument File leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
CVE/RPi-Jukebox-RFID/rce5.md at main · YZS17/CVE
CVE of XU17. Contribute to YZS17/CVE development by creating an account on GitHub.
🚨 CVE-2025-10329
A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
CVE/unmark/ssrf1.md at main · YZS17/CVE
CVE of XU17. Contribute to YZS17/CVE development by creating an account on GitHub.
🚨 CVE-2025-10330
A flaw has been found in cdevroe unmark up to 1.9.3. This vulnerability affects unknown code of the file application/views/layouts/topbar/searchform.php. This manipulation of the argument q causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A flaw has been found in cdevroe unmark up to 1.9.3. This vulnerability affects unknown code of the file application/views/layouts/topbar/searchform.php. This manipulation of the argument q causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
CVE/unmark/xss1.md at main · YZS17/CVE
CVE of XU17. Contribute to YZS17/CVE development by creating an account on GitHub.