๐จ CVE-2025-10819
A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
๐@cveNotify
A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
๐@cveNotify
๐จ CVE-2025-10820
A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used.
๐@cveNotify
A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used.
๐@cveNotify
๐จ CVE-2025-10821
A flaw has been found in fuyang_lipengjun platform 1.0. The affected element is the function TopicCategoryController of the file /topiccategory/queryAll. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be used.
๐@cveNotify
A flaw has been found in fuyang_lipengjun platform 1.0. The affected element is the function TopicCategoryController of the file /topiccategory/queryAll. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be used.
๐@cveNotify
๐จ CVE-2025-43810
Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a note to an order in a different virtual instance via the _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId parameter.
๐@cveNotify
Insecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a note to an order in a different virtual instance via the _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId parameter.
๐@cveNotify
๐จ CVE-2025-43814
In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a userโs password reminder answer, which allows remote authenticated users to obtain a userโs password reminder answer via the audit events.
๐@cveNotify
In Liferay Portal 7.4.0 through 7.4.3.112, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions the audit events records a userโs password reminder answer, which allows remote authenticated users to obtain a userโs password reminder answer via the audit events.
๐@cveNotify
๐จ CVE-2025-10822
A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
๐@cveNotify
๐จ CVE-2025-10823
A vulnerability was found in axboe fio up to 3.41. This affects the function str_buffer_pattern_cb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used.
๐@cveNotify
A vulnerability was found in axboe fio up to 3.41. This affects the function str_buffer_pattern_cb of the file options.c. Performing manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been made public and could be used.
๐@cveNotify
GitHub
Null pointer deference in str_buffer_pattern_cb ยท Issue #1982 ยท axboe/fio
Hi, I also found a NULL pointer dereference vulnerability using my fuzzer. Environment OS: Ubuntu 22.04 Compiler: clang 13.0.1 Sanitizers: AddressSanitizer (ASan) + UndefinedBehaviorSanitizer (UBSa...
๐จ CVE-2024-28713
An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.
๐@cveNotify
An issue in Mblog Blog system v.3.5.0 allows an attacker to execute arbitrary code via a crafted file to the theme management feature.
๐@cveNotify
manablog
manablog๏ผใใใใญใฐ๏ผ
ใใญใฐใง5ๅๅ็จผใใง็ใๅฐฝใใ็ทใฎใๅฅๅบทใป็ๆณใปAIๅฎ้จใฎ่จ้ฒใHealth Logใๆธ่ฉใOpenClawใฌใคใใชใฉใ
๐จ CVE-2024-29182
Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected.
๐@cveNotify
Collabora Online is a collaborative online office suite based on LibreOffice. A stored cross-site scripting vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce a tooltip, could be executed by the user's browser. Users should upgrade to Collabora Online 23.05.10.1 or higher. Earlier series of Collabora Online, 22.04, 21.11, etc. are unaffected.
๐@cveNotify
GitHub
CVE-2024-29182 Stored Cross-Site-Scripting vulnerability via tooltip
### Impact
A stored XSS vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce ...
A stored XSS vulnerability was found in Collabora Online. An attacker could create a document with an XSS payload in document text referenced by field which, if hovered over to produce ...
๐จ CVE-2023-46047
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.
๐@cveNotify
An issue in Sane 1.2.1 allows a local attacker to execute arbitrary code via a crafted file to the sanei_configure_attach() function. NOTE: this is disputed because there is no expectation that the product should be starting with an attacker-controlled configuration file.
๐@cveNotify
seclists.org
Full Disclosure: null pointer deference in Sane via a crafted config file
๐จ CVE-2023-46052
Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.
๐@cveNotify
Sane 1.2.1 heap bounds overwrite in init_options() from backend/test.c via a long init_mode string in a configuration file. NOTE: this is disputed because there is no expectation that test.c code should be executed with an attacker-controlled configuration file.
๐@cveNotify
seclists.org
Full Disclosure: Buffer overflow in Sane
๐จ CVE-2024-31820
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component.
๐@cveNotify
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the getLangFolderForEdit method of the Languages.php component.
๐@cveNotify
Gist
CVE-2024-31820
CVE-2024-31820. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-31821
SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php component.
๐@cveNotify
SQL Injection vulnerability in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the manageQuantitiesAndProcurement method of the Orders_model.php component.
๐@cveNotify
Gist
CVE-2024-31821
CVE-2024-31821. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-31822
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component.
๐@cveNotify
An issue in Ecommerce-CodeIgniter-Bootstrap commit v. d22b54e8915f167a135046ceb857caaf8479c4da allows a remote attacker to execute arbitrary code via the saveLanguageFiles method of the Languages.php component.
๐@cveNotify
Gist
CVE-2024-31822
CVE-2024-31822. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2025-10824
A vulnerability was determined in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized.
๐@cveNotify
A vulnerability was determined in axboe fio up to 3.41. This impacts the function __parse_jobs_ini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized.
๐@cveNotify
GitHub
Heap Use-After-Free in option sorting (opt_cmp / qsort) ยท Issue #1981 ยท axboe/fio
Hi, I found a heap-use-after-free vulnerability using my fuzzer. Environment OS: Ubuntu 22.04 Compiler: clang 13.0.1 Sanitizers: AddressSanitizer (ASan) + UndefinedBehaviorSanitizer (UBSan) Build I...
๐จ CVE-2024-37404
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.
๐@cveNotify
Improper Input Validation in the admin portal of Ivanti Connect Secure before 22.7R2.1 and 9.1R18.9, or Ivanti Policy Secure before 22.7R1.1 allows a remote authenticated attacker to achieve remote code execution.
๐@cveNotify
Ivanti
Security Advisory Ivanti Connect Secure and Policy Secure (CVE-2024-37404)
<p><strong>Summary</strong>
Ivanti has released updates for Ivanti Connect Secure and Policy Secure which addresses a critical vulnerability. Successful exploitation could allow a remote authenticated attacker to achieve remote code execution.
We are notโฆ
Ivanti has released updates for Ivanti Connect Secure and Policy Secure which addresses a critical vulnerability. Successful exploitation could allow a remote authenticated attacker to achieve remote code execution.
We are notโฆ
๐จ CVE-2020-26308
Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
๐@cveNotify
Validate.js provides a declarative way of validating javascript objects. Versions 0.13.1 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). As of time of publication, no known patches are available.
๐@cveNotify
GitHub
Security Issue: Request for contact ยท Issue #342 ยท ansman/validate.js
Hello, The GitHub Security Lab team has found a potential vulnerability in your project. Please create a Security Advisory and invite me in to further disclose and discuss the vulnerability details...
๐จ CVE-2024-48910
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.
๐@cveNotify
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify was vulnerable to prototype pollution. This vulnerability is fixed in 2.4.2.
๐@cveNotify
GitHub
fix: Fixed a prototype pollution bug reported by @kevin_mizu ยท cure53/DOMPurify@d1dd037
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo: - fix: Fixed a prototype pollution bug reported by @kevin_mizu ยท cure53/โฆ
๐จ CVE-2024-50354
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory.
๐@cveNotify
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. In gnark 0.11.0 and earlier, deserialization of Groth16 verification keys allocate excessive memory, consuming a lot of resources and triggering a crash with the error fatal error: runtime: out of memory.
๐@cveNotify
GitHub
fix: sanitize groth16 verification key reading (#1307) ยท Consensys/gnark@47ae846
gnark is a fast zk-SNARK library that offers a high-level API to design circuits. The library is open source and developed under the Apache 2.0 license - fix: sanitize groth16 verification key reading (#1307) ยท Consensys/gnark@47ae846
๐จ CVE-2025-10828
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/edit.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
GitHub
webray.com.cn/Pet Grooming Management/SourceCodester Pet Grooming Management Software edit.php sql injection Vulnerability.md atโฆ
This project is submitted for cve. Contribute to para-paradise/webray.com.cn development by creating an account on GitHub.
๐จ CVE-2025-10829
A vulnerability was detected in Campcodes Computer Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/sup_edit1.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
๐@cveNotify
A vulnerability was detected in Campcodes Computer Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /pages/sup_edit1.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
๐@cveNotify
GitHub
Campcodes Computer Sales and Inventory System V1.0 /ComputerSalesInventorySystem/pages/sup_edit1.php SQL injection ยท Issue #1โฆ
Campcodes Computer Sales and Inventory System V1.0 /ComputerSalesInventorySystem/pages/sup_edit1.php SQL injection NAME OF AFFECTED PRODUCT(S) Computer Sales and Inventory System Vendor Homepage ht...