🚨 CVE-2024-24731
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.
🎖@cveNotify
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Silicon Labs Gecko OS. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the implementation of the http_download command. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device.
🎖@cveNotify
🚨 CVE-2025-0466
The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.
🎖@cveNotify
The Sensei LMS WordPress plugin before 4.24.4 does not properly protect some its REST API routes, allowing unauthenticated attackers to leak sensei_email and sensei_message Information.
🎖@cveNotify
WPScan
Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure
See details on Sensei LMS < 4.24.4 - Unauthenticated sensei_email/sensei_message Disclosure CVE 2025-0466. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2022-28224
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.
🎖@cveNotify
Clusters using Calico (version 3.22.1 and below), Calico Enterprise (version 3.12.0 and below), may be vulnerable to route hijacking with the floating IP feature. Due to insufficient validation, a privileged attacker may be able to set a floating IP annotation to a pod even if the feature is not enabled. This may allow the attacker to intercept and reroute traffic to their compromised pod.
🎖@cveNotify
Tigera - Creator of Calico
Security Bulletins – TTA-2022-001 | Tigera - Creator of Calico
Security Bulletins Calico Enterprise & Calico OS are vulnerable to pod route hijacking Return to List Description Severity Notes Calico Enterprise & Calico OS are vulnerable to pod route hijacking Reference: TTA-2022-001 Date published: June...
🚨 CVE-2024-35591
An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.
🎖@cveNotify
An arbitrary file upload vulnerability in O2OA v8.3.8 allows attackers to execute arbitrary code via uploading a crafted PDF file.
🎖@cveNotify
GitHub
O2OA has XSS vulnerability · Issue #156 · o2oa/o2oa
1. testing environment The testing environment is VMware Workstation: Seed Ubuntu 20.04 The version is as follows: Test version: O2OA open source version Warehouse address: https://gitee.com/o2oa/O...
🚨 CVE-2025-1716
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.
🎖@cveNotify
picklescan before 0.0.21 does not treat 'pip' as an unsafe global. An attacker could craft a malicious model that uses Pickle to pull in a malicious PyPI package (hosted, for example, on pypi.org or GitHub) via `pip.main()`. Because pip is not a restricted global, the model, when scanned with picklescan, would pass security checks and appear to be safe, when it could instead prove to be problematic.
🎖@cveNotify
GitHub
Merge commit from fork · mmaitre314/picklescan@78ce704
Security scanner detecting Python Pickle files performing suspicious actions - Merge commit from fork · mmaitre314/picklescan@78ce704
🚨 CVE-2025-47850
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
🎖@cveNotify
In JetBrains YouTrack before 2025.1.74704 restricted attachments could become visible after issue cloning
🎖@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
🚨 CVE-2025-48391
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
🎖@cveNotify
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
🎖@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
🚨 CVE-2025-6276
A vulnerability was found in Brilliance Golden Link Secondary System up to 20250609. It has been rated as critical. Affected by this issue is some unknown functionality of the file /storagework/rentTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability was found in Brilliance Golden Link Secondary System up to 20250609. It has been rated as critical. Affected by this issue is some unknown functionality of the file /storagework/rentTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
POC/黄金通二级系统三代管理端系统rentTakeInfoPage接口存在SQL注入.md at main · eeeeeekkkkkkkk/POC
Contribute to eeeeeekkkkkkkk/POC development by creating an account on GitHub.
🚨 CVE-2025-6277
A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
POC/黄金通二级系统三代管理端系统custTakeInfoPage接口存在SQL注入.md at main · eeeeeekkkkkkkk/POC
Contribute to eeeeeekkkkkkkk/POC development by creating an account on GitHub.
🚨 CVE-2025-6282
A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function create_upload_file of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The reported GitHub issue was closed automatically with the label "not planned" by a bot.
🎖@cveNotify
A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function create_upload_file of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The reported GitHub issue was closed automatically with the label "not planned" by a bot.
🎖@cveNotify
GitHub
[Security] Path traversal in /api/upload · Issue #141 · xlang-ai/OpenAgents
RCA in backend/api/file.py file: @app.route("/api/upload", methods=["POST"]) def create_upload_file() -> dict | Response: """Uploads a new file.""&qu...
🚨 CVE-2025-6283
A vulnerability was found in xataio Xata Agent up to 0.3.0. It has been classified as problematic. This affects the function GET of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to path traversal. Upgrading to version 0.3.1 is able to address this issue. The patch is named 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc. It is recommended to upgrade the affected component.
🎖@cveNotify
A vulnerability was found in xataio Xata Agent up to 0.3.0. It has been classified as problematic. This affects the function GET of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to path traversal. Upgrading to version 0.3.1 is able to address this issue. The patch is named 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc. It is recommended to upgrade the affected component.
🎖@cveNotify
GitHub
Add eval folder path (#191) · xataio/agent@03f2705
Fixes: https://github.com/xataio/agent/issues/179
🚨 CVE-2025-6365
A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
🎖@cveNotify
A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
🎖@cveNotify
GitHub
Kernel-Level Denial of Service (DoS) Vulnerability in set_pte_at() · Issue #17 · HobbesOSR/kitten
Description The set_pte_at() function directly invokes panic() and enters an infinite loop, causing the kernel to crash. As a critical interface for memory management, this function is called by mu...
🚨 CVE-2025-55229
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
🎖@cveNotify
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
🎖@cveNotify
🚨 CVE-2025-55230
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2021-45688
An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.
🎖@cveNotify
An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.
🎖@cveNotify
🚨 CVE-2024-1297
Loomio version 2.22.0 allows executing arbitrary commands on the server.
This is possible because the application is vulnerable to OS Command Injection.
🎖@cveNotify
Loomio version 2.22.0 allows executing arbitrary commands on the server.
This is possible because the application is vulnerable to OS Command Injection.
🎖@cveNotify
Fluidattacks
Loomio 2.22.1 - Code injection | Fluid Attacks
AppSec solution that integrates AI, automated tools, and pentesters to help you prevent, detect, manage, and fix vulnerabilities continuously across your SDLC.
🚨 CVE-2024-41476
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.
🎖@cveNotify
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.
🎖@cveNotify
Gist
CVE-2024-41476
CVE-2024-41476. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2025-27566
Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.
🎖@cveNotify
Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.
🎖@cveNotify
a-blog cms developer
JVNで報告された脆弱性への対応について | お知らせ | ブログ | a-blog cms developer
a-blog cms で複数の脆弱性が見つかりました。 該当の状況に当てはまる場合は大変お手数ですが以下のご対応をお願いいたします。 ### JVN識別番号 - **JVNVU#90760614** 報告された脆弱性は以下になります。 - 特...
🚨 CVE-2025-32999
Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
🎖@cveNotify
Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
🎖@cveNotify
a-blog cms developer
JVNで報告された脆弱性への対応について | お知らせ | ブログ | a-blog cms developer
a-blog cms で複数の脆弱性が見つかりました。 該当の状況に当てはまる場合は大変お手数ですが以下のご対応をお願いいたします。 ### JVN識別番号 - **JVNVU#90760614** 報告された脆弱性は以下になります。 - 特...
🚨 CVE-2025-36560
Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.
🎖@cveNotify
Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.
🎖@cveNotify
a-blog cms developer
JVNで報告された脆弱性への対応について | お知らせ | ブログ | a-blog cms developer
a-blog cms で複数の脆弱性が見つかりました。 該当の状況に当てはまる場合は大変お手数ですが以下のご対応をお願いいたします。 ### JVN識別番号 - **JVNVU#90760614** 報告された脆弱性は以下になります。 - 特...
🚨 CVE-2025-47794
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.
🎖@cveNotify
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.
🎖@cveNotify
GitHub
Insecure temporary file creation, race with write access and permission
### Impact
An attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack.
### Patches
It is recommended that the...
An attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack.
### Patches
It is recommended that the...