π¨ CVE-2025-7207
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.
π@cveNotify
A vulnerability, which was classified as problematic, was found in mruby up to 3.4.0-rc2. Affected is the function scope_new of the file mrbgems/mruby-compiler/core/codegen.c of the component nregs Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The name of the patch is 1fdd96104180cc0fb5d3cb086b05ab6458911bb9. It is recommended to apply a patch to fix this issue.
π@cveNotify
GitHub
mruby-compiler (scope_new): need to initialize nregs; fix #6509 Β· mruby/mruby@1fdd961
`nregs` should not be smaller than `nlocals`.
π¨ CVE-2025-53671
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
π@cveNotify
Jenkins Nouvola DiveCloud Plugin 1.08 and earlier does not mask DiveCloud API Keys and Credentials Encryption Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
π@cveNotify
Jenkins Security Advisory 2025-07-09
Jenkins β an open source automation server which enables developers around the world to reliably build, test, and deploy their software
π¨ CVE-2025-53672
Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
π@cveNotify
Jenkins Kryptowire Plugin 0.2 and earlier stores the Kryptowire API key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
π@cveNotify
Jenkins Security Advisory 2025-07-09
Jenkins β an open source automation server which enables developers around the world to reliably build, test, and deploy their software
π¨ CVE-2025-53673
Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
π@cveNotify
Jenkins Sensedia Api Platform tools Plugin 1.0 stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to the Jenkins controller file system.
π@cveNotify
Jenkins Security Advisory 2025-07-09
Jenkins β an open source automation server which enables developers around the world to reliably build, test, and deploy their software
π¨ CVE-2025-51531
A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.
π@cveNotify
A reflected cross-site scripting (XSS) vulnerability in Sage DPW 2024_12_004 and earlier allows attackers to execute arbitrary JavaScript in the context of a victim's browser via injecting a crafted payload into the tabfields parameter at /dpw/scripts/cgiip.exe/WService. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.
π@cveNotify
Sec4You-Pentest
Sage DPW CVE-2025-51531 XSS Schwachstelle tabfields
Eine Cross-Site-Scripting(XSS) Schwachstelle in Sage DPW DB-Monitoring "tabfields" ermΓΆglicht das ausfΓΌhren von Payloads.
π¨ CVE-2025-51532
Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.
π@cveNotify
Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.
π@cveNotify
Sec4You-Pentest
Sage DPW CVE-2025-51532 Admin DB-Statistiken einsehbar
Eine Schwachstelle in Sage DPW ermΓΆglicht unautorisierten Zugriff auf URLs zur AusfΓΌhrung administrativer Datenbankstatistiken
π¨ CVE-2024-55398
4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.
π@cveNotify
4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.
π@cveNotify
π¨ CVE-2024-55402
4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.
π@cveNotify
4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.
π@cveNotify
π¨ CVE-2025-46660
An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.
π@cveNotify
An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.
π@cveNotify
Gist
CVE-2025-46660
CVE-2025-46660. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-55401
An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.
π@cveNotify
An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.
π@cveNotify
π¨ CVE-2025-51533
An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.
π@cveNotify
An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.
π@cveNotify
Sec4You-Pentest
CVE-2025-51533 Sage DPW Schwachstelle Vorhersagbar IDs
In SAGE DPW erlaubt eine Schwachstelle durch vorhersagbare URL-IDs den unautorisierten Zugriff auf interne Formulare - ohne Authentifizierung
π¨ CVE-2025-50928
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function.
π@cveNotify
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function.
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2025-9669
A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
# Jinhe OA SQL Injection Vulnerability Report Β· Issue #1 Β· 1276486/CVE
Jinhe OA SQL Injection Vulnerability Report AFFECTED PRODUCT Product: Jinhe OA (Jhsoft OA) Affected Component: C6/Jhsoft.Web.appraise/GetTreeDate.aspx VENDOR INFORMATION Vendor: Jinhe Network (Jhso...
π¨ CVE-2025-9727
A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
GitHub
IOT_sec/DIR-816L.pdf at main Β· scanleale/IOT_sec
Contribute to scanleale/IOT_sec development by creating an account on GitHub.
π¨ CVE-2023-21481
Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.
π@cveNotify
Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.
π@cveNotify
π¨ CVE-2023-21482
Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard.
π@cveNotify
Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard.
π@cveNotify
π¨ CVE-2025-49692
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
π@cveNotify
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-54113
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2025-54901
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
π@cveNotify
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
π@cveNotify
π¨ CVE-2023-42906
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
π@cveNotify
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
π@cveNotify
seclists.org
Full Disclosure: APPLE-SA-12-11-2023-4 macOS Sonoma 14.2
π₯1
π¨ CVE-2025-46741
A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.
π@cveNotify
A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.
π@cveNotify
selinc.com
Login