π¨ CVE-2025-9009
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in itsourcecode Online Tour and Travel Management System 1.0. Affected is an unknown function of the file /admin/email_setup.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
itsourcecode Online Tour and Travel Management System Project V1.0 /admin/email_setup.php SQL injection Β· Issue #3 Β· lin-3-start/linβ¦
itsourcecode Online Tour and Travel Management System Project V1.0 /admin/email_setup.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Tour and Travel Management System Vendor Homepage https://...
π¨ CVE-2025-9028
A flaw has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /adphar.php. Executing manipulation of the argument phuname can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in code-projects Online Medicine Guide 1.0. This vulnerability affects unknown code of the file /adphar.php. Executing manipulation of the argument phuname can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
π@cveNotify
π¨ CVE-2025-55599
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey.
π@cveNotify
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formWlanSetup function via the parameter f_wds_wepKey.
π@cveNotify
GitHub
my_vuln/D-Link6/vuln_65/65.md at main Β· wudipjq/my_vuln
Contribute to wudipjq/my_vuln development by creating an account on GitHub.
π¨ CVE-2025-55602
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter.
π@cveNotify
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formSysCmd function via the submit-url parameter.
π@cveNotify
GitHub
my_vuln/D-Link6/vuln_79/79.md at main Β· wudipjq/my_vuln
Contribute to wudipjq/my_vuln development by creating an account on GitHub.
π¨ CVE-2025-55603
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter.
π@cveNotify
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromSetSysTime function via the ntpServer parameter.
π@cveNotify
GitHub
my_vuln/Tenda3/vuln_45/45.md at main Β· wudipjq/my_vuln
Contribute to wudipjq/my_vuln development by creating an account on GitHub.
π¨ CVE-2025-55605
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.
π@cveNotify
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the saveParentControlInfo function via the deviceName parameter.
π@cveNotify
GitHub
my_vuln/Tenda3/vuln_46/46.md at main Β· wudipjq/my_vuln
Contribute to wudipjq/my_vuln development by creating an account on GitHub.
π¨ CVE-2025-55606
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.
π@cveNotify
Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.
π@cveNotify
GitHub
my_vuln/Tenda3/vuln_44/44.md at main Β· wudipjq/my_vuln
Contribute to wudipjq/my_vuln development by creating an account on GitHub.
π¨ CVE-2025-55611
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter.
π@cveNotify
D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter.
π@cveNotify
GitHub
my_vuln/D-Link6/vuln_80/80.md at main Β· wudipjq/my_vuln
Contribute to wudipjq/my_vuln development by creating an account on GitHub.
π¨ CVE-2025-10011
A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /module/TabelaArredondamento/edit. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
CVE/i-educar/CVE-2025-10011.md at main Β· marcelomulder/CVE
CVE's POC. Contribute to marcelomulder/CVE development by creating an account on GitHub.
π¨ CVE-2024-24267
gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
π@cveNotify
gpac v2.2.1 (fixed in v2.4.0) was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function.
π@cveNotify
GitHub
gpac: 2.2.1 -> 2.4.0, clear knownVulnerabilities list by LeSuisse Β· Pull Request #305402 Β· NixOS/nixpkgs
Description of changes
Changes:
https://github.com/gpac/gpac/releases/tag/v2.4.0
Things done
Built on platform(s)
x86_64-linux
aarch64-linux
x86_64-darwin
aarch64-darwin
For non-Linux: Is...
Changes:
https://github.com/gpac/gpac/releases/tag/v2.4.0
Things done
Built on platform(s)
x86_64-linux
aarch64-linux
x86_64-darwin
aarch64-darwin
For non-Linux: Is...
π¨ CVE-2024-4349
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability.
π@cveNotify
A vulnerability has been found in SourceCodester Pisay Online E-Learning System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /lesson/controller.php. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262489 was assigned to this vulnerability.
π@cveNotify
GitHub
SourceCodester Pisay Online E-Learning System using PHP/MySQL 1.0 /lesson/controller.php Unrestricted Upload Β· Issue #19 Β· CveSecLook/cve
SourceCodester Pisay Online E-Learning System using PHP/MySQL 1.0 /lesson/controller.php Unrestricted Upload NAME OF AFFECTED PRODUCT(S) Pisay Online E-Learning System using PHP/MySQL Vendor Homepa...
π¨ CVE-2024-27243
Buffer overflow in some Zoom Workplace Apps and SDKβs may allow an authenticated user to conduct a denial of service via network access.
π@cveNotify
Buffer overflow in some Zoom Workplace Apps and SDKβs may allow an authenticated user to conduct a denial of service via network access.
π@cveNotify
Zoom
ZSB-24014
π¨ CVE-2024-9034
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2024-9035
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Admin Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/login.php of the component Admin Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2024-56328
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP, disable inline Oneboxes globally, or allow specific domains for Oneboxing.
π@cveNotify
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP, disable inline Oneboxes globally, or allow specific domains for Oneboxing.
π@cveNotify
GitHub
HTMLi(XSS without CSP) via Onebox urls
### Impact
An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled.
### Patches
This pr...
An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled.
### Patches
This pr...
π¨ CVE-2025-22602
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP.
π@cveNotify
Discourse is an open source platform for community discussion. In affected versions an attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should enable CSP.
π@cveNotify
GitHub
Stored DOM-based XSS (without CSP) via video placeholders
### Impact
An attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled.
### Patch...
An attacker can execute arbitrary JavaScript on users' browsers by posting a malicious video placeholder html element. This issue only affects sites with CSP disabled.
### Patch...
π¨ CVE-2024-53851
Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This vulnerability is only exploitable by authenticated users. This issue has been patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade should turn off the `enable inline onebox on all domains` site setting and remove all entries from the `allowed inline onebox domains` site setting.
π@cveNotify
Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This vulnerability is only exploitable by authenticated users. This issue has been patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade should turn off the `enable inline onebox on all domains` site setting and remove all entries from the `allowed inline onebox domains` site setting.
π@cveNotify
GitHub
SECURITY: Limit /inline-onebox to 10 URLs at a time Β· discourse/discourse@416ec83
A platform for community discussion. Free, open, simple. - SECURITY: Limit /inline-onebox to 10 URLs at a time Β· discourse/discourse@416ec83
π¨ CVE-2025-48062
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML. This includes inviting someone (without an account) to a PM and inviting someone (without an account) to a topic with a custom message. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. This can be worked around if the relevant templates are overridden without `{topic_title}`.
π@cveNotify
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, certain invites via email may result in HTML injection in the email body if the topic title includes HTML. This includes inviting someone (without an account) to a PM and inviting someone (without an account) to a topic with a custom message. This issue is patched in version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch. This can be worked around if the relevant templates are overridden without `{topic_title}`.
π@cveNotify
GitHub
HTML injection when inviting to topic via email
### Impact
Certain invites via email may result in HTML injection in the email body if the topic title includes HTML.
- Inviting someone (without an account) to a PM
- Inviting someone (wit...
Certain invites via email may result in HTML injection in the email body if the topic title includes HTML.
- Inviting someone (without an account) to a PM
- Inviting someone (wit...
π¨ CVE-2025-52046
Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.
π@cveNotify
Totolink A3300R V17.0.0cu.596_B20250515 was found to contain a command injection vulnerability in the sub_4197C0 function via the mac and desc parameters. This vulnerability allows unauthenticated attackers to execute arbitrary commands via a crafted request.
π@cveNotify
GitHub
Totolink/CVE-2025-52046/CVE-2025-52046.md at main Β· w0rkd4tt/Totolink
Contribute to w0rkd4tt/Totolink development by creating an account on GitHub.
π¨ CVE-2025-50154
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
π@cveNotify
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network.
π@cveNotify
π¨ CVE-2025-59340
jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Priori to 2.8.1, by using mapper.getTypeFactory().constructFromCanonical(), it is possible to instruct the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary classes. This enables the creation of semi-arbitrary class instances without directly invoking restricted methods or class literals. As a result, an attacker can escape the sandbox and instantiate classes such as java.net.URL, opening up the ability to access local files and URLs(e.g., file:///etc/passwd). With further chaining, this primitive can potentially lead to remote code execution (RCE). This vulnerability is fixed in 2.8.1.
π@cveNotify
jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Priori to 2.8.1, by using mapper.getTypeFactory().constructFromCanonical(), it is possible to instruct the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary classes. This enables the creation of semi-arbitrary class instances without directly invoking restricted methods or class literals. As a result, an attacker can escape the sandbox and instantiate classes such as java.net.URL, opening up the ability to access local files and URLs(e.g., file:///etc/passwd). With further chaining, this primitive can potentially lead to remote code execution (RCE). This vulnerability is fixed in 2.8.1.
π@cveNotify
GitHub
Merge commit from fork Β· HubSpot/jinjava@66df351
Restrict property accessing to disallow fetching properties from restricted bases