π¨ CVE-2025-40989
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
π@cveNotify
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_message/add/xxx", affecting to "message" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
π@cveNotify
www.incibe.es
Multiple vulnerabilities in Creativeitem products
INCIBE has coordinated the publication of 4 vulnerabilities of medium severity, affecting Ekushey CRM
π¨ CVE-2025-40990
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
π@cveNotify
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_bug/create/xxx", affecting to "title" and "description" parameters via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
π@cveNotify
www.incibe.es
Multiple vulnerabilities in Creativeitem products
INCIBE has coordinated the publication of 4 vulnerabilities of medium severity, affecting Ekushey CRM
π¨ CVE-2025-40991
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
π@cveNotify
Stored Cross Site Scripting vulnerability in Ekushey CRM v5.0 by Creativeitem, due to lack of proper validation of user inputs via the "/ekushey/index.php/client/project_file/upload/xxxx", affecting to "description" parameter via POST. This vulnerability could allow a remote attacker to send a specially crafted query to an authenticated user and steal his/her cookie session details.
π@cveNotify
www.incibe.es
Multiple vulnerabilities in Creativeitem products
INCIBE has coordinated the publication of 4 vulnerabilities of medium severity, affecting Ekushey CRM
π¨ CVE-2025-40992
Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/update_profile', affecting to 'name' parameter via POST. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal his/her cookie session details.
π@cveNotify
Stored XSS vulnerability in Creativeitem Sociopro due to lack of proper validation of user inputs via the endpoint '/sociopro/profile/update_profile', affecting to 'name' parameter via POST. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal his/her cookie session details.
π@cveNotify
www.incibe.es
Multiple vulnerabilities in Creativeitem products
INCIBE has coordinated the publication of 4 vulnerabilities of medium severity, affecting Ekushey CRM
π¨ CVE-2025-54293
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.
π@cveNotify
Path Traversal in the log file retrieval function in Canonical LXD 5.0 LTS on Linux allows authenticated remote attackers to read arbitrary files on the host system via crafted log file names or symbolic links.
π@cveNotify
GitHub
Path Traversal Vulnerability in Instance Log File Retrieval Function
### Impact
Although outside the scope of this penetration test, a path traversal vulnerability exists in the validLogFileName function that validates log file names in lxd/instance_logs.go in the ...
Although outside the scope of this penetration test, a path traversal vulnerability exists in the validLogFileName function that validates log file names in lxd/instance_logs.go in the ...
π¨ CVE-2024-12369
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.
π@cveNotify
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack.
π@cveNotify
π¨ CVE-2024-58260
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.
π@cveNotify
A vulnerability has been identified within Rancher Manager where a missing server-side validation on the `.username` field in Rancher can allow users with update permissions on other User resources to cause denial of access for targeted accounts.
π@cveNotify
π¨ CVE-2024-58267
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancherβs authentication tokens.
π@cveNotify
A vulnerability has been identified within Rancher Manager whereby the SAML authentication from the Rancher CLI tool is vulnerable to phishing attacks. The custom authentication protocol for SAML-based providers can be abused to steal Rancherβs authentication tokens.
π@cveNotify
π¨ CVE-2025-41064
Incorrect authentication vulnerability in OpenSIAC, which could allow an attacker to impersonate a person using Cl@ve as an authentication method.
π@cveNotify
Incorrect authentication vulnerability in OpenSIAC, which could allow an attacker to impersonate a person using Cl@ve as an authentication method.
π@cveNotify
www.incibe.es
Incorrect authentication in GTTΒ΄s group OpenSIAC
INCIBE has coordinated the publication of a critical vulnerability affecting OpenSIAC from the GTT gro
π¨ CVE-2024-39072
AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnerable to SQL injection via manager/conference/calendar_remind.php.
π@cveNotify
AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnerable to SQL injection via manager/conference/calendar_remind.php.
π@cveNotify
π¨ CVE-2024-39935
jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5.
π@cveNotify
jc21 NGINX Proxy Manager before 2.11.3 allows backend/internal/certificate.js OS command injection by an authenticated user (with certificate management privileges) via untrusted input to the DNS provider configuration. NOTE: this is not part of any NGINX software shipped by F5.
π@cveNotify
GitHub
Fix command injection when passing bash commands into the dns provide⦠· NginxProxyManager/nginx-proxy-manager@99cce7e
β¦r configuration
- Use built in node functions to write the file
- And to delete the file
- Use built in node functions to write the file
- And to delete the file
π¨ CVE-2024-34361
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.
π@cveNotify
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue.
π@cveNotify
GitHub
Add protocol validation when downloading blocklist from URL Β· pi-hole/pi-hole@2c497a9
Signed-off-by: DL6ER <dl6er@dl6er.de>
π¨ CVE-2025-57105
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.
π@cveNotify
The DI-7400G+ router has a command injection vulnerability, which allows attackers to execute arbitrary commands on the device. The sub_478D28 function in in mng_platform.asp, and sub_4A12DC function in wayos_ac_server.asp of the jhttpd program, with the parameter ac_mng_srv_host.
π@cveNotify
π¨ CVE-2025-0642
Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025.
π@cveNotify
Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025.
π@cveNotify
π¨ CVE-2025-11239
Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present).
π@cveNotify
Potentially sensitive information in jobs on KNIME Business Hub prior to 1.16.0 were visible to all members of the user's team. Starting with KNIME Business Hub 1.16.0 only metadata of jobs is shown to team members. Only the creator of a job can see all information including in- and output data (if present).
π@cveNotify
KNIME
Security Advisories | KNIME
This page summarizes all security advisories for KNIME Software products and services, including KNIME Analytics Platform, KNIME Server, and KNIME Hub.
π¨ CVE-2025-11240
An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation which, when opened by the user, redirects the user to a page of the attackers choice. This might open the possibility for fishing or other similar attacks. The problem has been fixed in KNIME Business Hub 1.16.0.
π@cveNotify
An open redirect vulnerability existed in KNIME Business Hub prior to version 1.16.0. An unauthenticated remote attacker could craft a link to a legitimate KNIME Business Hub installation which, when opened by the user, redirects the user to a page of the attackers choice. This might open the possibility for fishing or other similar attacks. The problem has been fixed in KNIME Business Hub 1.16.0.
π@cveNotify
KNIME
Security Advisories | KNIME
This page summarizes all security advisories for KNIME Software products and services, including KNIME Analytics Platform, KNIME Server, and KNIME Hub.
π¨ CVE-2025-22862
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2 all versions, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.
π@cveNotify
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS 7.4.0 through 7.4.7, 7.2 all versions, 7.0.6 and above; and FortiProxy 7.6.0 through 7.6.2, 7.4.0 through 7.4.8, 7.2 all versions, 7.0.5 and above may allow an authenticated attacker to elevate their privileges via triggering a malicious Webhook action in the Automation Stitch component.
π@cveNotify
FortiGuard Labs
PSIRT | FortiGuard Labs
None
π¨ CVE-2025-41010
Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an βOriginβ header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled.
π@cveNotify
Incorrect Cross-Origin Resource Sharing (CORS) configuration in Hiberus Sintra. Cross-Origin Resource Sharing (CORS) allows browsers to make cross-domain requests in a controlled manner. This request has an βOriginβ header that identifies the domain making the initial request and defines the protocol between a browser and a server to see if the request is allowed. An attacker can exploit this and potentially perform privileged actions and access confidential information when Access-Control-Allow-Credentials is enabled.
π@cveNotify
www.incibe.es
Cross-origin resource sharing (CORS) in Hiberus Sintra
INCIBE has coordinated the publication of a medium-severity vulnerability affecting Sintra de Hiberus,
π¨ CVE-2024-38513
Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id value, resulting in the creation of a session with that key. If a website relies on the mere presence of a session for security purposes, this can lead to significant security risks, including unauthorized access and session fixation attacks. All users utilizing GoFiber's session middleware in the affected versions are impacted. The issue has been addressed in version 2.52.5. Users are strongly encouraged to upgrade to version 2.52.5 or higher to mitigate this vulnerability. Users who are unable to upgrade immediately can apply the following workarounds to reduce the risk: Either implement additional validation to ensure session IDs are not supplied by the user and are securely generated by the server, or regularly rotate session IDs and enforce strict session expiration policies.
π@cveNotify
Fiber is an Express-inspired web framework written in Go A vulnerability present in versions prior to 2.52.5 is a session middleware issue in GoFiber versions 2 and above. This vulnerability allows users to supply their own session_id value, resulting in the creation of a session with that key. If a website relies on the mere presence of a session for security purposes, this can lead to significant security risks, including unauthorized access and session fixation attacks. All users utilizing GoFiber's session middleware in the affected versions are impacted. The issue has been addressed in version 2.52.5. Users are strongly encouraged to upgrade to version 2.52.5 or higher to mitigate this vulnerability. Users who are unable to upgrade immediately can apply the following workarounds to reduce the risk: Either implement additional validation to ensure session IDs are not supplied by the user and are securely generated by the server, or regularly rotate session IDs and enforce strict session expiration policies.
π@cveNotify
GitHub
fix(middleware/session): mutex for thread safety (#3050) Β· gofiber/fiber@66a8814
* chore: Remove extra release and acquire ctx calls in session_test.go
* feat: Remove unnecessary session mutex lock in decodeSessionData function
* chore: Refactor session benchmark tests
...
* feat: Remove unnecessary session mutex lock in decodeSessionData function
* chore: Refactor session benchmark tests
...
π¨ CVE-2024-6381
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2
π@cveNotify
The bson_strfreev function in the MongoDB C driver library may be susceptible to an integer overflow where the function will try to free memory at a negative offset. This may result in memory corruption. This issue affected libbson versions prior to 1.26.2
π@cveNotify
π¨ CVE-2024-6382
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2
π@cveNotify
Incorrect handling of certain string inputs may result in MongoDB Rust driver constructing unintended server commands. This may cause unexpected application behavior including data modification. This issue affects MongoDB Rust Driver 2.0 versions prior to 2.8.2
π@cveNotify