π¨ CVE-2024-0762
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCoreβ’ for select Intel platforms
This issue affects:
Phoenix
SecureCoreβ’ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCoreβ’ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCoreβ’ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCoreβ’ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCoreβ’ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCoreβ’ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCoreβ’ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCoreβ’ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCoreβ’ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
π@cveNotify
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCoreβ’ for select Intel platforms
This issue affects:
Phoenix
SecureCoreβ’ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCoreβ’ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCoreβ’ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCoreβ’ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCoreβ’ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCoreβ’ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCoreβ’ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCoreβ’ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCoreβ’ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
π@cveNotify
Eclypsium | Supply Chain Security for the Modern Enterprise
UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware
Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobileβ¦
π¨ CVE-2024-1598
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCoreβ’ for Intel Gemini Lake.This issue affects:
SecureCoreβ’ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.
π@cveNotify
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCoreβ’ for Intel Gemini Lake.This issue affects:
SecureCoreβ’ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.
π@cveNotify
Phoenix Technologies - Leading PC Innovation since 1979 - Phoenix Technologies Website
Phoenix Technologies Buffer Overflow Vulnerability on GeminiLake - Phoenix Technologies - Leading PC Innovation since 1979
Phoenix was notified about a vulnerability in UEFI variable interfaces in Phoenix SCT firmware code on some platforms potentially leading to a buffer overflow.
π¨ CVE-2024-29979
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCoreβ’ for Intel Kaby Lake, Phoenix SecureCoreβ’ for Intel Coffee Lake, Phoenix SecureCoreβ’ for Intel Comet Lake, Phoenix SecureCoreβ’ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCoreβ’ for Intel Kaby Lake: before 4.0.1.1012; SecureCoreβ’ for Intel Coffee Lake: before 4.1.0.568; SecureCoreβ’ for Intel Comet Lake: before 4.2.1.292; SecureCoreβ’ for Intel Ice Lake: before 4.2.0.334.
π@cveNotify
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCoreβ’ for Intel Kaby Lake, Phoenix SecureCoreβ’ for Intel Coffee Lake, Phoenix SecureCoreβ’ for Intel Comet Lake, Phoenix SecureCoreβ’ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCoreβ’ for Intel Kaby Lake: before 4.0.1.1012; SecureCoreβ’ for Intel Coffee Lake: before 4.1.0.568; SecureCoreβ’ for Intel Comet Lake: before 4.2.1.292; SecureCoreβ’ for Intel Ice Lake: before 4.2.0.334.
π@cveNotify
Phoenix Technologies - Leading PC Innovation since 1979 - Phoenix Technologies Website
Unsafe Handling of Phoenix UEFI Variables - Phoenix Technologies - Leading PC Innovation since 1979
CVE-2024-29979 Phoenix has identified a potential vulnerability that involves unsafe UEFI variable handling in Phoenix SCT Firmware, potentially leading to unsafe memory access that could cause temporary denial of service.
π¨ CVE-2024-29980
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCoreβ’ for Intel Kaby Lake, Phoenix SecureCoreβ’ for Intel Coffee Lake, Phoenix SecureCoreβ’ for Intel Comet Lake, Phoenix SecureCoreβ’ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCoreβ’ for Intel Kaby Lake: before 4.0.1.1012; SecureCoreβ’ for Intel Coffee Lake: before 4.1.0.568; SecureCoreβ’ for Intel Comet Lake: before 4.2.1.292; SecureCoreβ’ for Intel Ice Lake: before 4.2.0.334.
π@cveNotify
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCoreβ’ for Intel Kaby Lake, Phoenix SecureCoreβ’ for Intel Coffee Lake, Phoenix SecureCoreβ’ for Intel Comet Lake, Phoenix SecureCoreβ’ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCoreβ’ for Intel Kaby Lake: before 4.0.1.1012; SecureCoreβ’ for Intel Coffee Lake: before 4.1.0.568; SecureCoreβ’ for Intel Comet Lake: before 4.2.1.292; SecureCoreβ’ for Intel Ice Lake: before 4.2.0.334.
π@cveNotify
Phoenix Technologies - Leading PC Innovation since 1979 - Phoenix Technologies Website
Unsafe Handling of IHV UEFI Variables - Phoenix Technologies - Leading PC Innovation since 1979
CVE-2024-29980 Phoenix has identified a potential vulnerability that involves unsafe UEFI variable handling in Phoenix SCT Firmware, potentially leading to unsafe memory access that could cause temporary denial of service.
π¨ CVE-2025-10974
A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such manipulation of the argument body_parts/point_cloud leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
π@cveNotify
A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such manipulation of the argument body_parts/point_cloud leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
π@cveNotify
GitHub
Security Report: Remote Code Execution Vulnerability in `/calculate` Endpoint Β· Issue #3 Β· giantspatula/SewKinect
Summary The /calculate endpoint in the application is vulnerable to Remote Code Execution (RCE) due to unsafe deserialization using Python's pickle.loads on user-supplied data. Details The endp...
π¨ CVE-2025-10975
A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
π@cveNotify
A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
π@cveNotify
GitHub
Security Report: Remote Code Execution Vulnerability in `experiments.robot.bridge.reasoning_server::run_reasoning_server` Β· Issueβ¦
Summary A critical Remote Code Execution (RCE) vulnerability exists in experiments.robot.bridge.reasoning_server::run_reasoning_server. The server accepts incoming messages and deserializes them us...
π¨ CVE-2025-10976
A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2025-10977
A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was identified in JeecgBoot up to 3.8.2. Impacted is an unknown function of the file /sys/tenant/deleteBatch. The manipulation of the argument ids leads to improper authorization. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2025-10978
A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security flaw has been discovered in JeecgBoot up to 3.8.2. The affected element is an unknown function of the file /sys/user/exportXls of the component Filter Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2025-10979
A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A weakness has been identified in JeecgBoot up to 3.8.2. The impacted element is an unknown function of the file /sys/role/exportXls. This manipulation causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2025-56769
An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class.
π@cveNotify
An issue was discovered in chinabugotech hutool before 5.8.4 allowing attackers to execute arbitrary expressions that lead to arbitrary method invocation and potentially remote code execution (RCE) via the QLExpressEngine class.
π@cveNotify
GitHub
Remote Code Execution (RCE) vulnerability disclosure in hutool Β· Issue #3994 Β· chinabugotech/hutool
Summary The QLExpressEngine is one of the expression engines used in Hutool. However, Hutool uses it to evaluate expressions without sufficient security protections. As a result, attackers can craf...
π¨ CVE-2025-10980
A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security vulnerability has been detected in JeecgBoot up to 3.8.2. This affects an unknown function of the file /sys/position/exportXls. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2025-10981
A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was detected in JeecgBoot up to 3.8.2. This impacts an unknown function of the file /sys/tenant/exportXls. Performing manipulation results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2025-10987
A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2020-36851
Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services, retrieve instance role credentials or other sensitive metadata, and interact with internal APIs and services that are not intended to be internet-facing. The vulnerability is exploitable by sending crafted requests to the proxy with the target resource encoded in the URL; many cors-anywhere deployments forward arbitrary methods and headers (including PUT), which can permit exploitation of IMDSv2 workflows as well as access to internal management APIs. Successful exploitation can result in theft of cloud credentials, unauthorized access to internal services, remote code execution or privilege escalation (depending on reachable backends), data exfiltration, and full compromise of cloud resources. Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections.
π@cveNotify
Rob -- W / cors-anywhere instances configured as an open proxy allow unauthenticated external users to induce the server to make HTTP requests to arbitrary targets (SSRF). Because the proxy forwards requests and headers, an attacker can reach internal-only endpoints and link-local metadata services, retrieve instance role credentials or other sensitive metadata, and interact with internal APIs and services that are not intended to be internet-facing. The vulnerability is exploitable by sending crafted requests to the proxy with the target resource encoded in the URL; many cors-anywhere deployments forward arbitrary methods and headers (including PUT), which can permit exploitation of IMDSv2 workflows as well as access to internal management APIs. Successful exploitation can result in theft of cloud credentials, unauthorized access to internal services, remote code execution or privilege escalation (depending on reachable backends), data exfiltration, and full compromise of cloud resources. Mitigation includes: restricting the proxy to trusted origins or authentication, whitelisting allowed target hosts, preventing access to link-local and internal IP ranges, removing support for unsafe HTTP methods/headers, enabling cloud provider mitigations, and deploying network-level protections.
π@cveNotify
GitHub
Adding a security section in the documentation? Β· Issue #152 Β· Rob--W/cors-anywhere
Hello, While I have a general understanding of web security, when I checked the documentation I saw that it would pretty easy to set this up. But the security question popped up in my mind immediat...
π¨ CVE-2025-20333
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.
π@cveNotify
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device.
This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker with valid VPN user credentials could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as root, possibly resulting in the complete compromise of the affected device.
π@cveNotify
Cisco
Cisco Security Advisory: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Softwareβ¦
Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devicesβ¦
π¨ CVE-2025-20362
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication that should otherwise be inaccessible without authentication.
This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.
π@cveNotify
A vulnerability in the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication that should otherwise be inaccessible without authentication.
This vulnerability is due to improper validation of user-supplied input in HTTP(S) requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a targeted web server on a device. A successful exploit could allow the attacker to access a restricted URL without authentication.
π@cveNotify
Cisco
Cisco Security Advisory: Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Softwareβ¦
Update: On November 5, 2025, Cisco became aware of a new attack variant against devices running Cisco Secure ASA Software or Cisco Secure FTD Software releases that are affected by CVE-2025-20333 and CVE-2025-20362. This attack can cause unpatched devicesβ¦
π¨ CVE-2025-10988
A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2025-10989
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2025-60017
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).
π@cveNotify
Unitree Go2, G1, H1, and B2 devices through 2025-09-20 allow root OS command injection via the hostapd_restart.sh wifi_ssid or wifi_pass parameter (within restart_wifi_ap and restart_wifi_sta).
π@cveNotify
GitHub
GitHub - Bin4ry/UniPwn
Contribute to Bin4ry/UniPwn development by creating an account on GitHub.
π¨ CVE-2025-10178
The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbd_featured_image' shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify
The CM Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cmbd_featured_image' shortcode in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
π@cveNotify