🚨 CVE-2024-57965
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability.
🎖@cveNotify
In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute('href',href) call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability.
🎖@cveNotify
GitHub
fix: use URL API instead of DOM to fix a potential vulnerability warn… · axios/axios@0a8d6e1
…ing; (#6714)
🚨 CVE-2024-9643
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.
🎖@cveNotify
The Four-Faith F3x36 router using firmware v2.0.0 is vulnerable to authentication bypass due to hard-coded credentials in the administrative web server. An attacker with knowledge of the credentials can gain administrative access via crafted HTTP requests. This issue appears similar to CVE-2023-32645.
🎖@cveNotify
🚨 CVE-2025-46720
Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a `where` clause with multiple unique filters (e.g. `id` and `email`), Keystone will attempt to match records even if filtering by the latter fields would normally be rejected by `field.isFilterable` or `list.defaultIsFilterable`. This can allow malicious actors to infer the presence of a particular field value when a filter is successful in returning a result. This affects any project relying on the default or dynamic `isFilterable` behavior (at the list or field level) to prevent external users from using the filtering of fields as a discovery mechanism. While this access control is respected during `findMany` operations, it was not completely enforced during `update` and `delete` mutations when accepting more than one unique `where` values in filters. This has no impact on projects using `isFilterable: false` or `defaultIsFilterable: false` for sensitive fields, or for those who have otherwise omitted filtering by these fields from their GraphQL schema. This issue has been patched in `@keystone-6/core` version 6.5.0. To mitigate this issue in older versions where patching is not a viable pathway, set `isFilterable: false` statically for relevant fields to prevent filtering by them earlier in the access control pipeline (that is, don't use functions); set `{field}.graphql.omit.read: true` for relevant fields, which implicitly removes filtering by these fields from the GraphQL schema; and/or deny `update` and `delete` operations for the relevant lists completely.
🎖@cveNotify
Keystone is a content management system for Node.js. Prior to version 6.5.0, `{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existence or value of otherwise unreadable fields. Specifically, when a mutation includes a `where` clause with multiple unique filters (e.g. `id` and `email`), Keystone will attempt to match records even if filtering by the latter fields would normally be rejected by `field.isFilterable` or `list.defaultIsFilterable`. This can allow malicious actors to infer the presence of a particular field value when a filter is successful in returning a result. This affects any project relying on the default or dynamic `isFilterable` behavior (at the list or field level) to prevent external users from using the filtering of fields as a discovery mechanism. While this access control is respected during `findMany` operations, it was not completely enforced during `update` and `delete` mutations when accepting more than one unique `where` values in filters. This has no impact on projects using `isFilterable: false` or `defaultIsFilterable: false` for sensitive fields, or for those who have otherwise omitted filtering by these fields from their GraphQL schema. This issue has been patched in `@keystone-6/core` version 6.5.0. To mitigate this issue in older versions where patching is not a viable pathway, set `isFilterable: false` statically for relevant fields to prevent filtering by them earlier in the access control pipeline (that is, don't use functions); set `{field}.graphql.omit.read: true` for relevant fields, which implicitly removes filtering by these fields from the GraphQL schema; and/or deny `update` and `delete` operations for the relevant lists completely.
🎖@cveNotify
GitHub
Field-level `isFilterable` bypass for update and delete mutations
# Summary
`{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existe...
`{field}.isFilterable` access control can be bypassed in `update` and `delete` mutations by adding additional unique filters. These filters can be used as an oracle to probe the existe...
🚨 CVE-2024-47619
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.
🎖@cveNotify
syslog-ng is an enhanced log daemo. Prior to version 4.8.2, `tls_wildcard_match()` matches on certificates such as `foo.*.bar` although that is not allowed. It is also possible to pass partial wildcards such as `foo.a*c.bar` which glib matches but should be avoided / invalidated. This issue could have an impact on TLS connections, such as in man-in-the-middle situations. Version 4.8.2 contains a fix for the issue.
🎖@cveNotify
GitHub
syslog-ng/lib/transport/tls-verifier.c at b0ccc8952d333fbc2d97e51fddc0b569a15e7a7d · syslog-ng/syslog-ng
syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, queueing, SQL & NoSQL. - syslog-ng/syslog-ng
🚨 CVE-2025-58060
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.
🎖@cveNotify
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, when the `AuthType` is set to anything but `Basic`, if the request contains an `Authorization: Basic ...` header, the password is not checked. This results in authentication bypass. Any configuration that allows an `AuthType` that is not `Basic` is affected. Version 2.4.13 fixes the issue.
🎖@cveNotify
GitHub
cupsd: Block authentication using alternate method · OpenPrinting/cups@595d691
Fixes: CVE-2025-58060
🚨 CVE-2025-58364
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector "Network" is possible. The current versions of CUPS and cups-browsed projects have the attack vector "Adjacent" in their default configurations. Version 2.4.13 contains a patch for CVE-2025-58364.
🎖@cveNotify
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.12 and earlier, an unsafe deserialization and validation of printer attributes causes null dereference in the libcups library. This is a remote DoS vulnerability available in local subnet in default configurations. It can cause the cups & cups-browsed to crash, on all the machines in local network who are listening for printers (so by default for all regular linux machines). On systems where the vulnerability CVE-2024-47176 (cups-filters 1.x/cups-browsed 2.x vulnerability) was not fixed, and the firewall on the machine does not reject incoming communication to IPP port, and the machine is set to be available to public internet, attack vector "Network" is possible. The current versions of CUPS and cups-browsed projects have the attack vector "Adjacent" in their default configurations. Version 2.4.13 contains a patch for CVE-2025-58364.
🎖@cveNotify
GitHub
libcups: Fix handling of extension tag in `ipp_read_io()` · OpenPrinting/cups@e58cba9
Fixes: CVE-2025-58364
❤1
🚨 CVE-2014-0765
To exploit this vulnerability, the attacker sends data from the GotoCmd
argument to control. If the value of the argument is overly long, the
static stack buffer can be overflowed. This will allow the attacker to
execute arbitrary code remotely.
🎖@cveNotify
To exploit this vulnerability, the attacker sends data from the GotoCmd
argument to control. If the value of the argument is overly long, the
static stack buffer can be overflowed. This will allow the attacker to
execute arbitrary code remotely.
🎖@cveNotify
Advantech
WebAccess - Advantech
Advantech is a leading brand in IoT intelligent systems, Industry 4.0, machine automation, embedding computing, embedded systems, transportation, environment monitoring, power automation, retail, logistics, fleet management, healthcare IT, medical solutions…
🚨 CVE-2014-0766
An attacker can exploit this vulnerability by copying an overly long
NodeName2 argument into a statically sized buffer on the stack to
overflow the static stack buffer. An attacker may use this vulnerability
to remotely execute arbitrary code.
🎖@cveNotify
An attacker can exploit this vulnerability by copying an overly long
NodeName2 argument into a statically sized buffer on the stack to
overflow the static stack buffer. An attacker may use this vulnerability
to remotely execute arbitrary code.
🎖@cveNotify
Advantech
WebAccess - Advantech
Advantech is a leading brand in IoT intelligent systems, Industry 4.0, machine automation, embedding computing, embedded systems, transportation, environment monitoring, power automation, retail, logistics, fleet management, healthcare IT, medical solutions…
🚨 CVE-2014-0767
An attacker may exploit this vulnerability by passing an overly long
value from the AccessCode argument to the control. This will overflow
the static stack buffer. The attacker may then execute code on the
target device remotely.
🎖@cveNotify
An attacker may exploit this vulnerability by passing an overly long
value from the AccessCode argument to the control. This will overflow
the static stack buffer. The attacker may then execute code on the
target device remotely.
🎖@cveNotify
Advantech
WebAccess - Advantech
Advantech is a leading brand in IoT intelligent systems, Industry 4.0, machine automation, embedding computing, embedded systems, transportation, environment monitoring, power automation, retail, logistics, fleet management, healthcare IT, medical solutions…
🚨 CVE-2014-0768
An attacker may pass an overly long value from the AccessCode2 argument
to the control to overflow the static stack buffer. The attacker may
then remotely execute arbitrary code.
🎖@cveNotify
An attacker may pass an overly long value from the AccessCode2 argument
to the control to overflow the static stack buffer. The attacker may
then remotely execute arbitrary code.
🎖@cveNotify
Advantech
WebAccess - Advantech
Advantech is a leading brand in IoT intelligent systems, Industry 4.0, machine automation, embedding computing, embedded systems, transportation, environment monitoring, power automation, retail, logistics, fleet management, healthcare IT, medical solutions…
🚨 CVE-2014-0770
By providing an overly long string to the UserName parameter, an
attacker may be able to overflow the static stack buffer. The attacker
may then execute code on the target device remotely.
🎖@cveNotify
By providing an overly long string to the UserName parameter, an
attacker may be able to overflow the static stack buffer. The attacker
may then execute code on the target device remotely.
🎖@cveNotify
Advantech
WebAccess - Advantech
Advantech is a leading brand in IoT intelligent systems, Industry 4.0, machine automation, embedding computing, embedded systems, transportation, environment monitoring, power automation, retail, logistics, fleet management, healthcare IT, medical solutions…
🚨 CVE-2014-0771
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“OpenUrlToBuffer.” This method takes a URL as a parameter and returns
its contents to the caller in JavaScript. The URLs are accessed in the
security context of the current browser session. The control does not
perform any URL validation and allows “file://” URLs that access the
local disk.
The method can be used to open a URL (including file URLs) and read
file URLs through JavaScript. This method could also be used to reach
any arbitrary URL to which the browser has access.
🎖@cveNotify
The BWOCXRUN.BwocxrunCtrl.1 control contains a method named
“OpenUrlToBuffer.” This method takes a URL as a parameter and returns
its contents to the caller in JavaScript. The URLs are accessed in the
security context of the current browser session. The control does not
perform any URL validation and allows “file://” URLs that access the
local disk.
The method can be used to open a URL (including file URLs) and read
file URLs through JavaScript. This method could also be used to reach
any arbitrary URL to which the browser has access.
🎖@cveNotify
Advantech
WebAccess - Advantech
Advantech is a leading brand in IoT intelligent systems, Industry 4.0, machine automation, embedding computing, embedded systems, transportation, environment monitoring, power automation, retail, logistics, fleet management, healthcare IT, medical solutions…
🚨 CVE-2023-21468
Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.
🎖@cveNotify
Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.
🎖@cveNotify
🚨 CVE-2023-21469
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.
🎖@cveNotify
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.
🎖@cveNotify
🚨 CVE-2023-21470
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.
🎖@cveNotify
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.
🎖@cveNotify
🚨 CVE-2023-21474
Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege.
🎖@cveNotify
Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege.
🎖@cveNotify
🚨 CVE-2023-21478
Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.
🎖@cveNotify
Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.
🎖@cveNotify
🚨 CVE-2023-21480
Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities.
🎖@cveNotify
Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities.
🎖@cveNotify
🚨 CVE-2025-56706
Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig function.
🎖@cveNotify
Edimax BR-6473AX v1.0.28 was discovered to contain a remote code execution (RCE) vulnerability via the Object parameter in the openwrt_getConfig function.
🎖@cveNotify
GitHub
CVE/BR-6473AX/1.md at main · woaiqjj/CVE
Contribute to woaiqjj/CVE development by creating an account on GitHub.
🚨 CVE-2025-54761
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.
🎖@cveNotify
An issue was discovered in PPress 0.0.9 allowing attackers to gain escilated privlidges via crafted session cookie.
🎖@cveNotify
GitHub
PPress-CMS_vulnerability_chain_details/CVE-2025-54761 Details.md at main · quarter77/PPress-CMS_vulnerability_chain_details
PPress-CMS vulnerability chain details. Contribute to quarter77/PPress-CMS_vulnerability_chain_details development by creating an account on GitHub.
❤1