π¨ CVE-2025-9669
A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in Jinher OA 1.0. This issue affects some unknown processing of the file GetTreeDate.aspx. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
# Jinhe OA SQL Injection Vulnerability Report Β· Issue #1 Β· 1276486/CVE
Jinhe OA SQL Injection Vulnerability Report AFFECTED PRODUCT Product: Jinhe OA (Jhsoft OA) Affected Component: C6/Jhsoft.Web.appraise/GetTreeDate.aspx VENDOR INFORMATION Vendor: Jinhe Network (Jhso...
π¨ CVE-2025-9727
A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
A weakness has been identified in D-Link DIR-816L 206b01. Affected by this issue is the function soapcgi_main of the file /soap.cgi. This manipulation of the argument service causes os command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
GitHub
IOT_sec/DIR-816L.pdf at main Β· scanleale/IOT_sec
Contribute to scanleale/IOT_sec development by creating an account on GitHub.
π¨ CVE-2023-21481
Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.
π@cveNotify
Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.
π@cveNotify
π¨ CVE-2023-21482
Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard.
π@cveNotify
Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard.
π@cveNotify
π¨ CVE-2025-49692
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
π@cveNotify
Improper access control in Azure Windows Virtual Machine Agent allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-54113
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2025-54901
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
π@cveNotify
Buffer over-read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
π@cveNotify
π¨ CVE-2023-42906
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
π@cveNotify
Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Sonoma 14.2. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.
π@cveNotify
seclists.org
Full Disclosure: APPLE-SA-12-11-2023-4 macOS Sonoma 14.2
π₯1
π¨ CVE-2025-46741
A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.
π@cveNotify
A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.
π@cveNotify
selinc.com
Login
π¨ CVE-2025-54234
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
π@cveNotify
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe ColdFusion | APSB25-52
π¨ CVE-2025-54261
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed.
π@cveNotify
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe ColdFusion | APSB25-93
π¨ CVE-2025-54255
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
π@cveNotify
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
π@cveNotify
Adobe
Adobe Security Bulletin
Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-85
π¨ CVE-2025-23297
NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges.
π@cveNotify
NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges.
π@cveNotify
π¨ CVE-2025-23355
NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service.
π@cveNotify
NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service.
π@cveNotify
π¨ CVE-2024-27239
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
π@cveNotify
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
π@cveNotify
Zoom
ZSB-24018
π¨ CVE-2025-46742
Users who were required to change their password could still access system information before changing their password
π@cveNotify
Users who were required to change their password could still access system information before changing their password
π@cveNotify
selinc.com
Login
π¨ CVE-2025-46744
An authenticated administrator could modify the Created By username for a user account
π@cveNotify
An authenticated administrator could modify the Created By username for a user account
π@cveNotify
selinc.com
Login
π¨ CVE-2025-46745
An authenticated user without user-management permissions could view other users' account information.
π@cveNotify
An authenticated user without user-management permissions could view other users' account information.
π@cveNotify
selinc.com
Login
π¨ CVE-2025-61582
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated actor to crash the application through the submission of specially crafted Unicode input, requiring no prior authentication or privileges. The flaw manifests when Unicode tag characters are submitted to the Server field on the login page. The application fails to properly handle these characters during the ASCII conversion process, resulting in an unhandled exception that terminates the application within four to five seconds of submission. This issue is fixed in version 2.2.2.
π@cveNotify
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated actor to crash the application through the submission of specially crafted Unicode input, requiring no prior authentication or privileges. The flaw manifests when Unicode tag characters are submitted to the Server field on the login page. The application fails to properly handle these characters during the ASCII conversion process, resulting in an unhandled exception that terminates the application within four to five seconds of submission. This issue is fixed in version 2.2.2.
π@cveNotify
GitHub
fixes unauthenticated denial of service and reflected cross-site scri⦠· joni1802/ts3-manager@3a06991
β¦pting
π¨ CVE-2025-61583
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2.
π@cveNotify
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2.
π@cveNotify
GitHub
fixes unauthenticated denial of service and reflected cross-site scri⦠· joni1802/ts3-manager@3a06991
β¦pting
π¨ CVE-2025-46745
An authenticated user without user-management permissions could view other users account information.
π@cveNotify
An authenticated user without user-management permissions could view other users account information.
π@cveNotify
selinc.com
Login