π¨ CVE-2025-54234
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
π@cveNotify
ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe ColdFusion | APSB25-52
π¨ CVE-2025-54261
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed.
π@cveNotify
ColdFusion versions 2025.3, 2023.15, 2021.21 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution by an attacker. The victim must have optional configurations enabled. Scope is changed.
π@cveNotify
Adobe
Adobe Security Bulletin
Security updates available for Adobe ColdFusion | APSB25-93
π¨ CVE-2025-54255
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
π@cveNotify
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass impacting integrity. An attacker does not have to be authenticated. Exploitation of this issue does not require user interaction, and scope is unchanged.
π@cveNotify
Adobe
Adobe Security Bulletin
Prenotification Security Advisory for Adobe Acrobat and Reader | APSB25-85
π¨ CVE-2025-23297
NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges.
π@cveNotify
NVIDIA Installer for NvAPP for Windows contains a vulnerability in the FrameviewSDK installation process, where an attacker with local unprivileged access could modify files in the Frameview SDK directory. A successful exploit of this vulnerability might lead to escalation of privileges.
π@cveNotify
π¨ CVE-2025-23355
NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service.
π@cveNotify
NVIDIA Nsight Graphics for Windows contains a vulnerability in an ngfx component, where an attacker could cause a DLL highjacking attack. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and denial of service.
π@cveNotify
π¨ CVE-2024-27239
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
π@cveNotify
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
π@cveNotify
Zoom
ZSB-24018
π¨ CVE-2025-46742
Users who were required to change their password could still access system information before changing their password
π@cveNotify
Users who were required to change their password could still access system information before changing their password
π@cveNotify
selinc.com
Login
π¨ CVE-2025-46744
An authenticated administrator could modify the Created By username for a user account
π@cveNotify
An authenticated administrator could modify the Created By username for a user account
π@cveNotify
selinc.com
Login
π¨ CVE-2025-46745
An authenticated user without user-management permissions could view other users' account information.
π@cveNotify
An authenticated user without user-management permissions could view other users' account information.
π@cveNotify
selinc.com
Login
π¨ CVE-2025-61582
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated actor to crash the application through the submission of specially crafted Unicode input, requiring no prior authentication or privileges. The flaw manifests when Unicode tag characters are submitted to the Server field on the login page. The application fails to properly handle these characters during the ASCII conversion process, resulting in an unhandled exception that terminates the application within four to five seconds of submission. This issue is fixed in version 2.2.2.
π@cveNotify
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A Denial of Dervice vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability permits an unauthenticated actor to crash the application through the submission of specially crafted Unicode input, requiring no prior authentication or privileges. The flaw manifests when Unicode tag characters are submitted to the Server field on the login page. The application fails to properly handle these characters during the ASCII conversion process, resulting in an unhandled exception that terminates the application within four to five seconds of submission. This issue is fixed in version 2.2.2.
π@cveNotify
GitHub
fixes unauthenticated denial of service and reflected cross-site scri⦠· joni1802/ts3-manager@3a06991
β¦pting
π¨ CVE-2025-61583
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2.
π@cveNotify
TS3 Manager is modern web interface for maintaining Teamspeak3 servers. A reflected cross-site scripting vulnerability has been identified in versions 2.2.1 and earlier. The vulnerability exists in the error handling mechanism of the login page, where malicious scripts embedded in server hostnames are executed in the victim's browser context without proper sanitization. This issue is fixed in version 2.2.2.
π@cveNotify
GitHub
fixes unauthenticated denial of service and reflected cross-site scri⦠· joni1802/ts3-manager@3a06991
β¦pting
π¨ CVE-2025-46745
An authenticated user without user-management permissions could view other users account information.
π@cveNotify
An authenticated user without user-management permissions could view other users account information.
π@cveNotify
selinc.com
Login
π¨ CVE-2025-21479
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
π@cveNotify
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
π@cveNotify
π¨ CVE-2025-55621
An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another.
π@cveNotify
An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL. NOTE: this is disputed by the Supplier because it is intentional behavior; the photos are part of a social platform on which users expect to find one another.
π@cveNotify
relieved-knuckle-264 on Notion
Reolink - Download a profile due to IDOR | Notion
π 1. Reporting information
π₯1
π¨ CVE-2025-11020
An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*.
π@cveNotify
An attacker can obtain server information using Path Traversal vulnerability to conduct SQL Injection, which possibly exploits Unrestricted Upload of File with Dangerous Type vulnerability in MarkAny SafePC Enterprise on Windows, Linux.This issue affects SafePC Enterprise: V7.0.* (V7.0.YYYY.MM.DD) before V7.0.1, and V5.*.*.
π@cveNotify
Markany
κΈ°μ
μ 보 보μ
μΆκ·ΌλΆν° ν΄κ·ΌκΉμ§ λͺ¨λ 보μμ μλν νμ¬ μμ νκ² λ³΄νΈνκ³ μ¬μ©μμ λΆνΈμ μ΅μν ν©λλ€.
π¨ CVE-2025-11182
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All versions to v9.0.1.1.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Download of Code Without Integrity Check vulnerability in GTONE ChangeFlow allows Path Traversal.This issue affects ChangeFlow: All versions to v9.0.1.1.
π@cveNotify
π¨ CVE-2025-11221
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Unrestricted Upload of File with Dangerous Type vulnerability in GTONE ChangeFlow allows Path Traversal, Accessing Functionality Not Properly Constrained by ACLs.This issue affects ChangeFlow: from All versions through v9.0.1.1.
π@cveNotify
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Unrestricted Upload of File with Dangerous Type vulnerability in GTONE ChangeFlow allows Path Traversal, Accessing Functionality Not Properly Constrained by ACLs.This issue affects ChangeFlow: from All versions through v9.0.1.1.
π@cveNotify
π¨ CVE-2025-58775
KV STUDIO and VT5-WX15/WX12 contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
π@cveNotify
KV STUDIO and VT5-WX15/WX12 contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
π@cveNotify
jvn.jp
JVNVU#97069449: Multiple vulnerabilities in multiple Keyence products
Japan Vulnerability Notes
π¨ CVE-2025-58776
KV Studio versions 12.23 and prior contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
π@cveNotify
KV Studio versions 12.23 and prior contain a stack-based buffer overflow vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
π@cveNotify
jvn.jp
JVNVU#97069449: Multiple vulnerabilities in multiple Keyence products
Japan Vulnerability Notes
π¨ CVE-2025-58777
VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
π@cveNotify
VT Studio versions 8.53 and prior contain an access of uninitialized pointer vulnerability. If the product uses a specially crafted file, arbitrary code may be executed on the affected product.
π@cveNotify
jvn.jp
JVNVU#97069449: Multiple vulnerabilities in multiple Keyence products
Japan Vulnerability Notes
π₯1
π¨ CVE-2025-40645
Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to β/api/reserva/web/clientsβ using the βphoneβ parameter.
π@cveNotify
Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to β/api/reserva/web/clientsβ using the βphoneβ parameter.
π@cveNotify
www.incibe.es
Multiple vulnerabilities in ViDay
INCIBE has coordinated the publication of two vulnerabilities, one high severity and one medium severi