π¨ CVE-2025-34187
Ilevia EVE X1/X5 Server version β€ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.
π@cveNotify
Ilevia EVE X1/X5 Server version β€ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads. Execution with sudo grants full root access, resulting in remote privilege escalation and potential system compromise.
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π₯1
π¨ CVE-2025-43346
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, iOS 18.7 and iPadOS 18.7, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
π@cveNotify
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 26, watchOS 26, iOS 18.7 and iPadOS 18.7, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
π@cveNotify
Apple Support
About the security content of iOS 26 and iPadOS 26 - Apple Support
This document describes the security content of iOS 26 and iPadOS 26.
π¨ CVE-2025-55780
A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.
π@cveNotify
A null pointer dereference occurs in the function break_word_for_overflow_wrap() in MuPDF 1.26.4 when rendering a malformed EPUB document. Specifically, the function calls fz_html_split_flow() to split a FLOW_WORD node, but does not check if node->next is valid before accessing node->next->overflow_wrap, resulting in a crash if the split fails or returns a partial node chain.
π@cveNotify
π¨ CVE-2025-57324
parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
π@cveNotify
parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
π@cveNotify
π¨ CVE-2025-10948
A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability has been found in MikroTik RouterOS 7. This affects the function parse_json_element of the file /rest/ip/address/print of the component libjson.so. The manipulation leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
GitHub - a2ure123/libjson-unicode-buffer-overflow-poc
Contribute to a2ure123/libjson-unicode-buffer-overflow-poc development by creating an account on GitHub.
π¨ CVE-2025-59426
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.130.1, the project's OIDC redirect handling logic constructs the host and protocol of the final redirect URL based on the X-Forwarded-Host or Host headers and the X-Forwarded-Proto value. In deployments where a reverse proxy forwards client-supplied X-Forwarded-* headers to the origin as-is, or where the origin trusts them without validation, an attacker can inject an arbitrary host and trigger an open redirect that sends users to a malicious domain. This issue has been patched in version 1.130.1.
π@cveNotify
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.130.1, the project's OIDC redirect handling logic constructs the host and protocol of the final redirect URL based on the X-Forwarded-Host or Host headers and the X-Forwarded-Proto value. In deployments where a reverse proxy forwards client-supplied X-Forwarded-* headers to the origin as-is, or where the origin trusts them without validation, an attacker can inject an arbitrary host and trigger an open redirect that sends users to a malicious domain. This issue has been patched in version 1.130.1.
π@cveNotify
GitHub
lobehub/src/app/(backend)/oidc/consent/route.ts at aa841a3879c30142720485182ad62aa0dbd74edc Β· lobehub/lobehub
The ultimate space for work and life β to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level β enabling multi-agent collaboration, e...
π¨ CVE-2025-59831
git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommiters(options, callback) which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not sanitize for user input or practice secure process execution API to separate commands from their arguments and as such, uncontrolled user input is concatenated into command execution. This issue has been patched in version 0.1.2.
π@cveNotify
git-commiters is a Node.js function module providing committers stats for their git repository. Prior to version 0.1.2, there is a command injection vulnerability in git-commiters. This vulnerability manifests with the library's primary exported API: gitCommiters(options, callback) which allows specifying options such as cwd for current working directory and revisionRange as a revision pointer, such as HEAD. However, the library does not sanitize for user input or practice secure process execution API to separate commands from their arguments and as such, uncontrolled user input is concatenated into command execution. This issue has been patched in version 0.1.2.
π@cveNotify
GitHub
fix: Command Injection vulnerability reported by lirantal Β· snowyu/git-commiters.js@7f0abfe
Statistical summary of various infomation about git committer. - fix: Command Injection vulnerability reported by lirantal Β· snowyu/git-commiters.js@7f0abfe
π¨ CVE-2025-59834
ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c.
π@cveNotify
ADB MCP Server is a MCP (Model Context Protocol) server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. This issue has been patched via commit 041729c.
π@cveNotify
GitHub
adb-mcp/src/index.ts at master Β· srmorete/adb-mcp
An MCP (Model Context Protocol) server for interacting with Android devices through ADB in TypeScript. - srmorete/adb-mcp
π¨ CVE-2025-59839
The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. This issue has been patched via commit 4e075d3.
π@cveNotify
The EmbedVideo Extension is a MediaWiki extension which adds a parser function called #ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for stored XSS through wikitext. This issue has been patched via commit 4e075d3.
π@cveNotify
GitHub
mediawiki-extensions-EmbedVideo/resources/ext.embedVideo.videolink.js at 440fb331a84b2050f4cc084c1d31d58a1d1c202d Β· StarCitizenWiki/mediawikiβ¦
GDPR focused EmbedVideo. Supports YouTube, Twitch, Spotify and SoundCloud - StarCitizenWiki/mediawiki-extensions-EmbedVideo
π¨ CVE-2020-36851
Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services, retrieve instance role credentials or other sensitive metadata, and interact with internal APIs and services that are not intended to be internet-facing. The vulnerability is exploitable by sending crafted requests to the proxy with the target resource encoded in the URL; many cors-anywhere deployments forward arbitrary methods and headers (including PUT), which can permit exploitation of IMDSv2 workflows as well as access to internal management APIs. Successful exploitation can result in theft of cloud credentials, unauthorized access to internal services, remote code execution or privilege escalation (depending on reachable backends), data exfiltration, and full compromise of cloud resources. Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections.
π@cveNotify
Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services, retrieve instance role credentials or other sensitive metadata, and interact with internal APIs and services that are not intended to be internet-facing. The vulnerability is exploitable by sending crafted requests to the proxy with the target resource encoded in the URL; many cors-anywhere deployments forward arbitrary methods and headers (including PUT), which can permit exploitation of IMDSv2 workflows as well as access to internal management APIs. Successful exploitation can result in theft of cloud credentials, unauthorized access to internal services, remote code execution or privilege escalation (depending on reachable backends), data exfiltration, and full compromise of cloud resources. Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections.
π@cveNotify
GitHub
Adding a security section in the documentation? Β· Issue #152 Β· Rob--W/cors-anywhere
Hello, While I have a general understanding of web security, when I checked the documentation I saw that it would pretty easy to set this up. But the security question popped up in my mind immediat...
π¨ CVE-2025-10541
iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this directory, an attacker can place malicious DLLs or executables in it. Upon service restart, the files are moved to the applicationβs installation path and executed with SYSTEM privileges, leading to privilege escalation.
π@cveNotify
iMonitor EAM 9.6394 installs a system service (eamusbsrv64.exe) that runs with NT AUTHORITY\SYSTEM privileges. This service includes an insecure update mechanism that automatically loads files placed in the C:\sysupdate\ directory during startup. Because any local user can create and write to this directory, an attacker can place malicious DLLs or executables in it. Upon service restart, the files are moved to the applicationβs installation path and executed with SYSTEM privileges, leading to privilege escalation.
π@cveNotify
π¨ CVE-2025-10542
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management clientβs connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.
π@cveNotify
iMonitor EAM 9.6394 ships with default administrative credentials that are also displayed within the management clientβs connection dialog. If the administrator does not change these defaults, a remote attacker can authenticate to the EAM server and gain full control over monitored agents and data. This enables reading highly sensitive telemetry (including keylogger output) and issuing arbitrary actions to all connected clients.
π@cveNotify
π¨ CVE-2025-10949
A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in Changsha Developer Technology iView Editor up to 1.1.1. This impacts an unknown function of the component Markdown Handler. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
CVE/iView Editor XSS.docx at main Β· duckpigdog/CVE
CVE ζΌζ΄ζ₯εε
¬εΌ. Contribute to duckpigdog/CVE development by creating an account on GitHub.
π¨ CVE-2025-10950
A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
π@cveNotify
A vulnerability was determined in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected is the function log_handler of the file ml_logger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
π@cveNotify
GitHub
[BUG] Security Vulnerability - RCE Β· Issue #72 Β· geyang/ml-logger
Summary Unsafe serialization leads to command execution on the server and the user. Details The routing processing function log_handler has a deserialization vulnerability in the file ml_logger/ser...
π¨ CVE-2025-10951
A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
π@cveNotify
A vulnerability was identified in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this vulnerability is the function log_handler of the file ml_logger/server.py. Such manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit is publicly available and might be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
π@cveNotify
GitHub
[BUG] Insecure file uploads Β· Issue #73 Β· geyang/ml-logger
Summary Insecure file uploads allow any unauthenticated user to upload and overwrite any type of file on the server, resulting in security vulnerabilities. Details The routing handler function log_...
π¨ CVE-2025-27262
Ericsson
Indoor Connect 8855 contains a command injection vulnerability which if
exploited can lead to loss of integrity and confidentiality, as well as
unauthorized disclosure and modification of user and configuration data. It
may also be possible to execute commands with escalated privileges, impact
service availability, as well as modify system files and configuration
data.
π@cveNotify
Ericsson
Indoor Connect 8855 contains a command injection vulnerability which if
exploited can lead to loss of integrity and confidentiality, as well as
unauthorized disclosure and modification of user and configuration data. It
may also be possible to execute commands with escalated privileges, impact
service availability, as well as modify system files and configuration
data.
π@cveNotify
ericsson.com
Security Bulletin β Ericsson Indoor Connect 8855, September 2025
Summary: Ericsson has released the Indoor Connect 2025.Q2 update which addresses five security vulnerabilities found in Ericsson Indoor Connect 8855....
π¨ CVE-2025-36601
Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to Information disclosure.
π@cveNotify
Dell PowerScale OneFS, versions 9.5.0.0 through 9.11.0.0, contains an exposure of sensitive information to an unauthorized actor vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to Information disclosure.
π@cveNotify
π¨ CVE-2025-36857
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom configuration files. These files, which are loaded in alphabetical order, can override or change the settings of the original configuration files, creating a security vulnerability. This issue stems from improper directory access management.
This vulnerability was remediated in version 7.5.021 of the product.
π@cveNotify
Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom configuration files. These files, which are loaded in alphabetical order, can override or change the settings of the original configuration files, creating a security vulnerability. This issue stems from improper directory access management.
This vulnerability was remediated in version 7.5.021 of the product.
π@cveNotify
π¨ CVE-2025-40836
Ericsson
Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can lead to loss of integrity and confidentiality, as well
as unauthorized disclosure and modification of
of user
and configuration data. It may also be possible to execute commands with escalated privileges, impact
service availability, as well as modify system files and configuration
data.
π@cveNotify
Ericsson
Indoor Connect 8855 contains an improper input validation vulnerability which if exploited can lead to loss of integrity and confidentiality, as well
as unauthorized disclosure and modification of
of user
and configuration data. It may also be possible to execute commands with escalated privileges, impact
service availability, as well as modify system files and configuration
data.
π@cveNotify
ericsson.com
Security Bulletin β Ericsson Indoor Connect 8855, September 2025
Summary: Ericsson has released the Indoor Connect 2025.Q2 update which addresses five security vulnerabilities found in Ericsson Indoor Connect 8855....
π1
π¨ CVE-2025-40837
Ericsson
Indoor Connect 8855 contains a missing authorization vulnerability which if
exploited can allow access to the system as a user with higher privileges than
intended.
π@cveNotify
Ericsson
Indoor Connect 8855 contains a missing authorization vulnerability which if
exploited can allow access to the system as a user with higher privileges than
intended.
π@cveNotify
ericsson.com
Security Bulletin β Ericsson Indoor Connect 8855, September 2025
Summary: Ericsson has released the Indoor Connect 2025.Q2 update which addresses five security vulnerabilities found in Ericsson Indoor Connect 8855....
π¨ CVE-2025-40838
Ericsson
Indoor Connect 8855 contains a vulnerability where server-side security can be
bypassed in the client which if exploited can lead to unauthorized disclosure
of user accounts.
π@cveNotify
Ericsson
Indoor Connect 8855 contains a vulnerability where server-side security can be
bypassed in the client which if exploited can lead to unauthorized disclosure
of user accounts.
π@cveNotify
ericsson.com
Security Bulletin β Ericsson Indoor Connect 8855, September 2025
Summary: Ericsson has released the Indoor Connect 2025.Q2 update which addresses five security vulnerabilities found in Ericsson Indoor Connect 8855....
π₯1