π¨ CVE-2025-51532
Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.
π@cveNotify
Incorrect access control in Sage DPW 2024_12_004 and earlier allows unauthorized attackers to access the built-in Database Monitor via a crafted request. The vendor has stated that the issue is fixed in 2025_06_000, released in June 2025.
π@cveNotify
Sec4You-Pentest
Sage DPW CVE-2025-51532 Admin DB-Statistiken einsehbar
Eine Schwachstelle in Sage DPW ermΓΆglicht unautorisierten Zugriff auf URLs zur AusfΓΌhrung administrativer Datenbankstatistiken
π¨ CVE-2024-55398
4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.
π@cveNotify
4C Strategies Exonaut before v22.4 was discovered to contain insecure permissions.
π@cveNotify
π¨ CVE-2024-55402
4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.
π@cveNotify
4C Strategies Exonaut before v22.4 was discovered to contain an access control issue.
π@cveNotify
π¨ CVE-2025-46660
An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.
π@cveNotify
An issue was discovered in 4C Strategies Exonaut 21.6. Passwords, stored in the database, are hashed without a salt.
π@cveNotify
Gist
CVE-2025-46660
CVE-2025-46660. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2024-55401
An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.
π@cveNotify
An issue in 4C Strategies Exonaut before v22.4 allows attackers to execute a directory traversal.
π@cveNotify
π¨ CVE-2025-51533
An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.
π@cveNotify
An Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via sending a crafted GET request.
π@cveNotify
Sec4You-Pentest
CVE-2025-51533 Sage DPW Schwachstelle Vorhersagbar IDs
In SAGE DPW erlaubt eine Schwachstelle durch vorhersagbare URL-IDs den unautorisierten Zugriff auf interne Formulare - ohne Authentifizierung
π¨ CVE-2025-50928
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function.
π@cveNotify
Easy Hosting Control Panel EHCP v20.04.1.b was discovered to contain a SQL injection vulnerability via the id parameter in the Change Settings function.
π@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
π¨ CVE-2025-9669
A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
# Jinhe OA SQL Injection Vulnerability Report Β· Issue #1 Β· 1276486/CVE
Jinhe OA SQL Injection Vulnerability Report AFFECTED PRODUCT Product: Jinhe OA (Jhsoft OA) Affected Component: C6/Jhsoft.Web.appraise/GetTreeDate.aspx VENDOR INFORMATION Vendor: Jinhe Network (Jhso...
π¨ CVE-2025-9727
A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
GitHub
IOT_sec/DIR-816L.pdf at main Β· scanleale/IOT_sec
Contribute to scanleale/IOT_sec development by creating an account on GitHub.
π¨ CVE-2023-21481
Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.
π@cveNotify
Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.
π@cveNotify
π¨ CVE-2023-21482
Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard.
π@cveNotify
Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard.
π@cveNotify
π¨ CVE-2025-49692
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
π@cveNotify
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-54113
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2025-54901
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
π@cveNotify
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
π@cveNotify
π¨ CVE-2023-42906
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
π@cveNotify
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
π@cveNotify
seclists.org
Full Disclosure: APPLE-SA-12-11-2023-4 macOS Sonoma 14.2
π₯1
π¨ CVE-2025-46741
A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.
π@cveNotify
A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.
π@cveNotify
selinc.com
Login
π¨ CVE-2025-54234
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
π@cveNotify
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe ColdFusion | APSB25-52
π¨ CVE-2025-54261
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed.
π@cveNotify
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe ColdFusion | APSB25-93
π¨ CVE-2025-54255
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
π@cveNotify
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
π@cveNotify
Adobe
Adobe Security Bulletin
Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-85
π¨ CVE-2025-23297
NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges.
π@cveNotify
NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges.
π@cveNotify
π¨ CVE-2025-23355
NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service.
π@cveNotify
NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service.
π@cveNotify