🚨 CVE-2025-48391
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
🎖@cveNotify
In JetBrains YouTrack before 2025.1.76253 deletion of issues was possible due to missing permission checks in API
🎖@cveNotify
JetBrains
Fixed security issues
This page contains information about resolved security issues, including description, severity, assigned CVEs, and the product versions in which they were resolved.
🚨 CVE-2025-6276
A vulnerability was found in Brilliance Golden Link Secondary System up to 20250609. It has been rated as critical. Affected by this issue is some unknown functionality of the file /storagework/rentTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability was found in Brilliance Golden Link Secondary System up to 20250609. It has been rated as critical. Affected by this issue is some unknown functionality of the file /storagework/rentTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
POC/黄金通二级系统三代管理端系统rentTakeInfoPage接口存在SQL注入.md at main · eeeeeekkkkkkkk/POC
Contribute to eeeeeekkkkkkkk/POC development by creating an account on GitHub.
🚨 CVE-2025-6277
A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
POC/黄金通二级系统三代管理端系统custTakeInfoPage接口存在SQL注入.md at main · eeeeeekkkkkkkk/POC
Contribute to eeeeeekkkkkkkk/POC development by creating an account on GitHub.
🚨 CVE-2025-6282
A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function create_upload_file of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The reported GitHub issue was closed automatically with the label "not planned" by a bot.
🎖@cveNotify
A vulnerability was found in xlang-ai OpenAgents up to ff2e46440699af1324eb25655b622c4a131265bb and classified as critical. Affected by this issue is the function create_upload_file of the file backend/api/file.py. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The reported GitHub issue was closed automatically with the label "not planned" by a bot.
🎖@cveNotify
GitHub
[Security] Path traversal in /api/upload · Issue #141 · xlang-ai/OpenAgents
RCA in backend/api/file.py file: @app.route("/api/upload", methods=["POST"]) def create_upload_file() -> dict | Response: """Uploads a new file.""&qu...
🚨 CVE-2025-6283
A vulnerability was found in xataio Xata Agent up to 0.3.0. It has been classified as problematic. This affects the function GET of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to path traversal. Upgrading to version 0.3.1 is able to address this issue. The patch is named 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc. It is recommended to upgrade the affected component.
🎖@cveNotify
A vulnerability was found in xataio Xata Agent up to 0.3.0. It has been classified as problematic. This affects the function GET of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to path traversal. Upgrading to version 0.3.1 is able to address this issue. The patch is named 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc. It is recommended to upgrade the affected component.
🎖@cveNotify
GitHub
Add eval folder path (#191) · xataio/agent@03f2705
Fixes: https://github.com/xataio/agent/issues/179
🚨 CVE-2025-6365
A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
🎖@cveNotify
A vulnerability was found in HobbesOSR Kitten up to c4f8b7c3158983d1020af432be1b417b28686736 and classified as critical. Affected by this issue is the function set_pte_at in the library /include/arch-arm64/pgtable.h. The manipulation leads to resource consumption. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
🎖@cveNotify
GitHub
Kernel-Level Denial of Service (DoS) Vulnerability in set_pte_at() · Issue #17 · HobbesOSR/kitten
Description The set_pte_at() function directly invokes panic() and enters an infinite loop, causing the kernel to crash. As a critical interface for memory management, this function is called by mu...
🚨 CVE-2025-55229
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
🎖@cveNotify
Improper verification of cryptographic signature in Windows Certificates allows an unauthorized attacker to perform spoofing over a network.
🎖@cveNotify
🚨 CVE-2025-55230
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Untrusted pointer dereference in Windows MBT Transport driver allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2021-45688
An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.
🎖@cveNotify
An issue was discovered in the ash crate before 0.33.1 for Rust. util::read_spv may read from uninitialized memory locations.
🎖@cveNotify
🚨 CVE-2024-1297
Loomio version 2.22.0 allows executing arbitrary commands on the server.
This is possible because the application is vulnerable to OS Command Injection.
🎖@cveNotify
Loomio version 2.22.0 allows executing arbitrary commands on the server.
This is possible because the application is vulnerable to OS Command Injection.
🎖@cveNotify
Fluidattacks
Loomio 2.22.1 - Code injection | Fluid Attacks
AppSec solution that integrates AI, automated tools, and pentesters to help you prevent, detect, manage, and fix vulnerabilities continuously across your SDLC.
🚨 CVE-2024-41476
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.
🎖@cveNotify
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.
🎖@cveNotify
Gist
CVE-2024-41476
CVE-2024-41476. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2025-27566
Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.
🎖@cveNotify
Path traversal vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and versions prior to Ver. 3.0.47. This is an issue with insufficient path validation in the backup feature, and exploitation requires the administrator privilege. If this vulnerability is exploited, a remote authenticated attacker with the administrator privilege may obtain or delete any file on the server.
🎖@cveNotify
a-blog cms developer
JVNで報告された脆弱性への対応について | お知らせ | ブログ | a-blog cms developer
a-blog cms で複数の脆弱性が見つかりました。 該当の状況に当てはまる場合は大変お手数ですが以下のご対応をお願いいたします。 ### JVN識別番号 - **JVNVU#90760614** 報告された脆弱性は以下になります。 - 特...
🚨 CVE-2025-32999
Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
🎖@cveNotify
Cross-site scripting vulnerability exists in a-blog cms versions prior to Ver. 3.1.43 and prior to Ver. 3.0.47. This issue exists in a specific field in the entry editing screen, and exploitation requires contributor or higher level privileges. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product.
🎖@cveNotify
a-blog cms developer
JVNで報告された脆弱性への対応について | お知らせ | ブログ | a-blog cms developer
a-blog cms で複数の脆弱性が見つかりました。 該当の状況に当てはまる場合は大変お手数ですが以下のご対応をお願いいたします。 ### JVN識別番号 - **JVNVU#90760614** 報告された脆弱性は以下になります。 - 特...
🚨 CVE-2025-36560
Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.
🎖@cveNotify
Server-side request forgery vulnerability exists in a-blog cms multiple versions. If this vulnerability is exploited, a remote unauthenticated attacker may gain access to sensitive information by sending a specially crafted request.
🎖@cveNotify
a-blog cms developer
JVNで報告された脆弱性への対応について | お知らせ | ブログ | a-blog cms developer
a-blog cms で複数の脆弱性が見つかりました。 該当の状況に当てはまる場合は大変お手数ですが以下のご対応をお願いいたします。 ### JVN識別番号 - **JVNVU#90760614** 報告された脆弱性は以下になります。 - 特...
🚨 CVE-2025-47794
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.
🎖@cveNotify
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server prior to 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1, an attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack. Nextcloud Server versions 29.0.13, 30.0.7, and 31.0.1 and Nextcloud Enterprise Server 26.0.13.13, 27.1.11.13, 28.0.14.4, 29.0.13, 30.0.7, and 31.0.1 fix the issue. No known workarounds are available.
🎖@cveNotify
GitHub
Insecure temporary file creation, race with write access and permission
### Impact
An attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack.
### Patches
It is recommended that the...
An attacker on a multi-user system may read temporary files from Nextcloud running with a different user account, or run a symlink attack.
### Patches
It is recommended that the...
🚨 CVE-2025-26819
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.
🎖@cveNotify
Monero through 0.18.3.4 before ec74ff4 does not have response limits on HTTP server connections.
🎖@cveNotify
GitHub
Set response limits on http server connections · monero-project/monero@ec74ff4
Monero: the secure, private, untraceable cryptocurrency - Set response limits on http server connections · monero-project/monero@ec74ff4
🚨 CVE-2024-57259
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.
🎖@cveNotify
sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.
🎖@cveNotify
🚨 CVE-2025-25968
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.
🎖@cveNotify
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.
🎖@cveNotify
Ddsn
Digital Agency - Website and App Design, A.I. Strategy and Integration, User Experience (UX), Content Management, Hosting, E-business…
Web and mobile apps that shine. A.I. strategy and integration that performs. Powerful marketing and e-business platform. User experience (UX), information architecture, hosting, search engine experts.
🚨 CVE-2025-47790
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor confirmation after a successful login with the username and password when the server was configured with `remember_login_cookie_lifetime` set to `0`, once the session expired on the page to select the second factor and the page is reloaded. Nextcloud Server 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server is upgraded to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9 and 31.0.3 contain a patch. As a workaround, set the `remember_login_cookie_lifetime` in config.php to a value other than `0`, e.g. `900`. Beware that this is only a workaround for new sessions created after the configuration change. System administration can delete affected sessions.
🎖@cveNotify
Nextcloud Server is a self hosted personal cloud system. Nextcloud Server prior to 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server prior to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9, and 31.0.3 have a bug with session handling. The bug caused skipping the second factor confirmation after a successful login with the username and password when the server was configured with `remember_login_cookie_lifetime` set to `0`, once the session expired on the page to select the second factor and the page is reloaded. Nextcloud Server 29.0.15, 30.0.9, and 31.0.3 and Nextcloud Enterprise Server is upgraded to 26.0.13.15, 27.1.11.15, 28.0.14.6, 29.0.15, 30.0.9 and 31.0.3 contain a patch. As a workaround, set the `remember_login_cookie_lifetime` in config.php to a value other than `0`, e.g. `900`. Beware that this is only a workaround for new sessions created after the configuration change. System administration can delete affected sessions.
🎖@cveNotify
GitHub
Second factor not requested after session timeout
### Impact
A bug with the session handling caused skipping the second factor confirmation after a successful login with the username and password when the server was configured with `remember_lo...
A bug with the session handling caused skipping the second factor confirmation after a successful login with the username and password when the server was configured with `remember_lo...
🚨 CVE-2025-52043
In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter.
🎖@cveNotify
In Frappe ERPNext v15.57.5, the function import_coa() at erpnext/accounts/doctype/chart_of_accounts_importer/chart_of_accounts_importer.py is vulnerable to SQL injection, which allows an attacker to extract all information from databases by injecting a SQL query into the company parameter.
🎖@cveNotify
GitHub
Vulnerability-Disclosures/2025/Frappe Framework - Multiple SQL Injection.md at main · Vietsunshine-Electronic-Solution-JSC/Vulnerability…
Vulnerability-Disclosures. Contribute to Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures development by creating an account on GitHub.
🚨 CVE-2025-52047
In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter.
🎖@cveNotify
In Frappe ErpNext v15.57.5, the function get_income_account() at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter.
🎖@cveNotify
GitHub
Vulnerability-Disclosures/2025/Frappe Framework - Multiple SQL Injection.md at main · Vietsunshine-Electronic-Solution-JSC/Vulnerability…
Vulnerability-Disclosures. Contribute to Vietsunshine-Electronic-Solution-JSC/Vulnerability-Disclosures development by creating an account on GitHub.