π¨ CVE-2025-11010
A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_include_common of the file /src/ucl_util.c. Such manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_include_common of the file /src/ucl_util.c. Such manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2023-4813
A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
π@cveNotify
A flaw has been identified in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.
π@cveNotify
π¨ CVE-2023-4806
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
π@cveNotify
A flaw has been identified in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.
π@cveNotify
π¨ CVE-2025-11011
A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d. It is suggested to install a patch to address this issue.
π@cveNotify
A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d. It is suggested to install a patch to address this issue.
π@cveNotify
GitHub
fix: validate __type field before accessing in fromJson (#1009) Β· BehaviorTree/BehaviorTree.CPP@4b23dca
Co-authored-by: ahuo <ahuo2865189826@gmail.com>
π¨ CVE-2025-11012
A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument error_msgs_buffer can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called cb6c7514efa628adb8180b58b4c9ccdebbe096e3. A patch should be applied to remediate this issue.
π@cveNotify
A vulnerability was determined in BehaviorTree up to 4.7.0. This affects the function ParseScript of the file /src/script_parser.cpp of the component Diagnostic Message Handler. Executing manipulation of the argument error_msgs_buffer can lead to stack-based buffer overflow. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. This patch is called cb6c7514efa628adb8180b58b4c9ccdebbe096e3. A patch should be applied to remediate this issue.
π@cveNotify
GitHub
fix: use dynamically growing error buffer in ParseScript (#1007) Β· BehaviorTree/BehaviorTree.CPP@cb6c751
* fix: use dynamically growing error buffer in ParseScript
* style: format code
* fix: use dynamically growing error buffer in ValidateScript
---------
Co-authored-by: ahuo <ahuo28651898...
* style: format code
* fix: use dynamically growing error buffer in ValidateScript
---------
Co-authored-by: ahuo <ahuo28651898...
π¨ CVE-2024-28242
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds.
π@cveNotify
Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds.
π@cveNotify
GitHub
SECURITY: Generate more category CSS on client Β· discourse/discourse@b425fbc
This commit moves the generation of category background CSS from the
server side to the client side. This simplifies the server side code
because it does not need to check which categories are visi...
server side to the client side. This simplifies the server side code
because it does not need to check which categories are visi...
π¨ CVE-2024-49765
Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround.
π@cveNotify
Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround.
π@cveNotify
GitHub
Bypass of Discourse Connect using other login paths if enabled
### Impact
Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login.
### Patches
This problem i...
Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login.
### Patches
This problem i...
π¨ CVE-2025-46813
Discourse is an open-source community platform. A data leak vulnerability affects sites deployed between commits 10df7fdee060d44accdee7679d66d778d1136510 and 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b. On login-required sites, the leak meant that some content on the site's homepage could be visible to unauthenticated users. Only login-required sites that got deployed during this timeframe are affected, roughly between April 30 2025 noon EDT and May 2 2025, noon EDT. Sites on the stable branch are unaffected. Private content on an instance's homepage could be visible to unauthenticated users on login-required sites. Versions of 3.5.0.beta4 after commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b are not vulnerable to the issue. No workarounds are available. Sites must upgrade to a non-vulnerable version of Discourse.
π@cveNotify
Discourse is an open-source community platform. A data leak vulnerability affects sites deployed between commits 10df7fdee060d44accdee7679d66d778d1136510 and 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b. On login-required sites, the leak meant that some content on the site's homepage could be visible to unauthenticated users. Only login-required sites that got deployed during this timeframe are affected, roughly between April 30 2025 noon EDT and May 2 2025, noon EDT. Sites on the stable branch are unaffected. Private content on an instance's homepage could be visible to unauthenticated users on login-required sites. Versions of 3.5.0.beta4 after commit 82d84af6b0efbd9fa2aeec3e91ce7be1a768511b are not vulnerable to the issue. No workarounds are available. Sites must upgrade to a non-vulnerable version of Discourse.
π@cveNotify
GitHub
DEV: Show login-required screen in root route (#32350) Β· discourse/discourse@10df7fd
This changes means that login-required sites will show a splash screen
on `/`. Users heading to `/login` or `/signup` will see the respective
forms.
on `/`. Users heading to `/login` or `/signup` will see the respective
forms.
π¨ CVE-2025-51451
In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
π@cveNotify
In TOTOLINK EX1200T firmware 4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm.
π@cveNotify
π¨ CVE-2025-9006
A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2025-9007
A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function formeditFileName of the file /goform/editFileName. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2025-9009
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
itsourcecode Online Tour and Travel Management System Project V1.0 /admin/email_setup.php SQL injection Β· Issue #3 Β· lin-3-start/linβ¦
itsourcecode Online Tour and Travel Management System Project V1.0 /admin/email_setup.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Tour and Travel Management System Vendor Homepage https://...
π¨ CVE-2025-9028
A flaw has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /adphar.php. Executing manipulation of the argument phuname can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /adphar.php. Executing manipulation of the argument phuname can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
π@cveNotify
π¨ CVE-2025-55599
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey.
π@cveNotify
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey.
π@cveNotify
GitHub
my_vuln/D-Link6/vuln_65/65.md at main Β· wudipjq/my_vuln
Contribute to wudipjq/my_vuln development by creating an account on GitHub.
π¨ CVE-2025-55602
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter.
π@cveNotify
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter.
π@cveNotify
GitHub
my_vuln/D-Link6/vuln_79/79.md at main Β· wudipjq/my_vuln
Contribute to wudipjq/my_vuln development by creating an account on GitHub.
π¨ CVE-2025-55603
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter.
π@cveNotify
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter.
π@cveNotify
GitHub
my_vuln/Tenda3/vuln_45/45.md at main Β· wudipjq/my_vuln
Contribute to wudipjq/my_vuln development by creating an account on GitHub.
π¨ CVE-2025-55605
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.
π@cveNotify
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.
π@cveNotify
GitHub
my_vuln/Tenda3/vuln_46/46.md at main Β· wudipjq/my_vuln
Contribute to wudipjq/my_vuln development by creating an account on GitHub.
π¨ CVE-2025-55606
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.
π@cveNotify
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.
π@cveNotify
GitHub
my_vuln/Tenda3/vuln_44/44.md at main Β· wudipjq/my_vuln
Contribute to wudipjq/my_vuln development by creating an account on GitHub.
π¨ CVE-2025-55611
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter.
π@cveNotify
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter.
π@cveNotify
GitHub
my_vuln/D-Link6/vuln_80/80.md at main Β· wudipjq/my_vuln
Contribute to wudipjq/my_vuln development by creating an account on GitHub.
π¨ CVE-2025-10011
A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
CVE/i-educar/CVE-2025-10011.md at main Β· marcelomulder/CVE
CVE's POC. Contribute to marcelomulder/CVE development by creating an account on GitHub.
π¨ CVE-2024-24267
gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
π@cveNotify
gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
π@cveNotify
GitHub
gpac: 2.2.1 -> 2.4.0, clear knownVulnerabilities list by LeSuisse Β· Pull Request #305402 Β· NixOS/nixpkgs
Description of changes
Changes:
https://github.com/gpac/gpac/releases/tag/v2.4.0
Things done
Built on platform(s)
x86_64-linux
aarch64-linux
x86_64-darwin
aarch64-darwin
For non-Linux: Is...
Changes:
https://github.com/gpac/gpac/releases/tag/v2.4.0
Things done
Built on platform(s)
x86_64-linux
aarch64-linux
x86_64-darwin
aarch64-darwin
For non-Linux: Is...