π¨ CVE-2024-28319
gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374
π@cveNotify
gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374
π@cveNotify
GitHub
Out of Read in gf_dash_setup_period media_tools/dash_client.c:6374 Β· Issue #2763 Β· gpac/gpac
Description Out of Read in gf_dash_setup_period media_tools/dash_client.c:6374 Version git log commit 422b78ecf79ceeee97104d219cc4f184b1348cec (HEAD -> master, origin/master, origin/HEAD) Author...
π¨ CVE-2008-6198
SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter.
π@cveNotify
SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin for MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the page parameter.
π@cveNotify
π¨ CVE-2008-7082
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.
π@cveNotify
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.
π@cveNotify
π¨ CVE-2009-4448
inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.
π@cveNotify
inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, allows remote attackers to cause a denial of service (CPU consumption) via a crafted request with a large year value, which triggers a long loop, as reachable through member.php and possibly other vectors.
π@cveNotify
MyBB Blog
MyBB 1.4.11 Released β Minor Patch & Security Update
MyBB 1.4.11 is now available on the MyBB website and is a minor patch update to 1.4.10. This release is to ensure that all users on 1.4.10 have the latest patches, to fix a small and rare bug that β¦
π¨ CVE-2009-4449
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.
π@cveNotify
Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php.
π@cveNotify
MyBB Blog
MyBB 1.4.11 Released β Minor Patch & Security Update
MyBB 1.4.11 is now available on the MyBB website and is a minor patch update to 1.4.10. This release is to ensure that all users on 1.4.10 have the latest patches, to fix a small and rare bug that β¦
π¨ CVE-2009-4813
Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action.
π@cveNotify
Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action.
π@cveNotify
π¨ CVE-2010-5096
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.
π@cveNotify
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the keywords parameter in a (1) do_search action to search.php or (2) do_stuff action to private.php. NOTE: the vendor disputes this issue, saying "Although this doesn't lead to an SQL injection, it does provide a general MyBB SQL error.
π@cveNotify
π¨ CVE-2024-56676
In the Linux kernel, the following vulnerability has been resolved:
thermal: testing: Initialize some variables annoteded with _free()
Variables annotated with __free() need to be initialized if the function
can return before they get updated for the first time or the attempt to
free the memory pointed to by them upon function return may crash the
kernel.
Fix this issue in some places in the thermal testing code.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
thermal: testing: Initialize some variables annoteded with _free()
Variables annotated with __free() need to be initialized if the function
can return before they get updated for the first time or the attempt to
free the memory pointed to by them upon function return may crash the
kernel.
Fix this issue in some places in the thermal testing code.
π@cveNotify
π¨ CVE-2025-29156
Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet
π@cveNotify
Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet
π@cveNotify
Gist
xss_for_peststore
xss_for_peststore. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2025-29157
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version
π@cveNotify
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version
π@cveNotify
Gist
Poc for Peststore Information Disclosure Vulnerability
Poc for Peststore Information Disclosure Vulnerability - gist:3c36f78e8de9f6a3cfb0959477c07443
π¨ CVE-2025-57632
libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256). An attacker can craft responses with many chained PDUs to overflow v->niov and perform heap out-of-bounds writes, causing memory corruption, crashes, and potentially arbitrary code execution. The SMB2_OPLOCK_BREAK path bypasses message ID validation.
π@cveNotify
libsmb2 6.2+ is vulnerable to Buffer Overflow. When processing SMB2 chained PDUs (NextCommand), libsmb2 repeatedly calls smb2_add_iovector() to append to a fixed-size iovec array without checking the upper bound of v->niov (SMB2_MAX_VECTORS=256). An attacker can craft responses with many chained PDUs to overflow v->niov and perform heap out-of-bounds writes, causing memory corruption, crashes, and potentially arbitrary code execution. The SMB2_OPLOCK_BREAK path bypasses message ID validation.
π@cveNotify
Gist
CVE-2025-57632
CVE-2025-57632. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2025-59402
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls.
π@cveNotify
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls.
π@cveNotify
GainSec
Root from the Coop - Device 3: Root Shell on Flock Safety's Bravo Compute Box - GainSec
Covering the newest and likely rarest of Fock's Devices I've had the chance to get my hands on. In this case, it's a (edge) Compute Box. Much newer harder then the other stuff and its own huge set of challenges. Come see how little I've explored this deviceβ¦
π¨ CVE-2025-59404
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions.
π@cveNotify
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with its bootloader unlocked. This permits bypass of Android Verified Boot (AVB) and allows direct modification of partitions.
π@cveNotify
GainSec
Root from the Coop - Device 3: Root Shell on Flock Safety's Bravo Compute Box - GainSec
Covering the newest and likely rarest of Fock's Devices I've had the chance to get my hands on. In this case, it's a (edge) Compute Box. Much newer harder then the other stuff and its own huge set of challenges. Come see how little I've explored this deviceβ¦
π¨ CVE-2025-59408
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections.
π@cveNotify
Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections.
π@cveNotify
GainSec
Root from the Coop - Device 3: Root Shell on Flock Safety's Bravo Compute Box - GainSec
Covering the newest and likely rarest of Fock's Devices I've had the chance to get my hands on. In this case, it's a (edge) Compute Box. Much newer harder then the other stuff and its own huge set of challenges. Come see how little I've explored this deviceβ¦
π¨ CVE-2025-53644
OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
π@cveNotify
OpenCV is an Open Source Computer Vision Library. Versions 4.10.0 and 4.11.0 have an uninitialized pointer variable on stack that may lead to arbitrary heap buffer write when reading crafted JPEG images. Version 4.12.0 fixes the vulnerability.
π@cveNotify
GitHub
Cherry-pick OpenJPEG deconding status fix. Β· opencv/opencv@a39db41
Open Source Computer Vision Library. Contribute to opencv/opencv development by creating an account on GitHub.
π¨ CVE-2025-54874
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
π@cveNotify
OpenJPEG is an open-source JPEG 2000 codec. In OpenJPEG from 2.5.1 through 2.5.3, a call to opj_jp2_read_header may lead to OOB heap memory write when the data stream p_stream is too short and p_image is not initialized.
π@cveNotify
GitHub
opj_jp2_read_header: Check for error after parsing header. Β· uclouvain/openjpeg@f809b80
Consider the case where the caller has not set the p_image
pointer to NULL before calling opj_read_header().
If opj_j2k_read_header_procedure() fails while obtaining the rest
of the marker segment...
pointer to NULL before calling opj_read_header().
If opj_j2k_read_header_procedure() fails while obtaining the rest
of the marker segment...
π¨ CVE-2025-11047
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
π¨ CVE-2025-11048
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
π@cveNotify
π¨ CVE-2025-59845
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victimβs browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victimβs cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.
π@cveNotify
Apollo Studio Embeddable Explorer & Embeddable Sandbox are website embeddable software solutions from Apollo GraphQL. Prior to Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3, a cross-site request forgery (CSRF) vulnerability was identified. The vulnerability arises from missing origin validation in the client-side code that handles window.postMessage events. A malicious website can send forged messages to the embedding page, causing the victimβs browser to execute arbitrary GraphQL queries or mutations against their GraphQL server while authenticated with the victimβs cookies. This issue has been patched in Apollo Sandbox version 2.7.2 and Apollo Explorer version 3.7.3.
π@cveNotify
GitHub
CSRF via window.postMessage origin-validation bypass in Apollo Embedded Sandbox and Explorer
### Impact
A **Cross-Site Request Forgery (CSRF)** vulnerability was identified in Apolloβs **Embedded Sandbox** and **Embedded Explorer**.
The vulnerability arises from missing origin valida...
A **Cross-Site Request Forgery (CSRF)** vulnerability was identified in Apolloβs **Embedded Sandbox** and **Embedded Explorer**.
The vulnerability arises from missing origin valida...
π¨ CVE-2025-59934
Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the tokenβs signature, expiration, issuer, or audience. If an attacker learns the victimβs actual user.id, they can craft an arbitrary JWT with an alg: "none" header and use it to authenticate and reset the victimβs password. This issue has been patched in version 4.0.1.
π@cveNotify
Formbricks is an open source qualtrics alternative. Prior to version 4.0.1, Formbricks is missing JWT signature verification. This vulnerability stems from a token validation routine that only decodes JWTs (jwt.decode) without verifying their signatures. Both the email verification token login path and the password reset server action use the same validator, which does not check the tokenβs signature, expiration, issuer, or audience. If an attacker learns the victimβs actual user.id, they can craft an arbitrary JWT with an alg: "none" header and use it to authenticate and reset the victimβs password. This issue has been patched in version 4.0.1.
π@cveNotify
GitHub
formbricks/apps/web/lib/jwt.ts at 843110b0d6c37b5c0da54291616f84c91c55c4fc Β· formbricks/formbricks
Open Source Qualtrics Alternative. Contribute to formbricks/formbricks development by creating an account on GitHub.
π¨ CVE-2024-34477
configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file.
π@cveNotify
configureNFS in lib/common/functions.sh in FOG through 1.5.10 allows local users to gain privileges by mounting a crafted NFS share (because of no_root_squash and insecure). In order to exploit the vulnerability, someone needs to mount an NFS share in order to add an executable file as root. In addition, the SUID bit must be added to this file.
π@cveNotify