๐จ CVE-2025-0699
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sys/role/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
๐@cveNotify
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sys/role/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
๐@cveNotify
GitHub
3 ยท Issue #21 ยท JoeyBling/bootplus
ๅบไบSpringBoot + Shiro + MyBatisPlus็ๆ้็ฎก็ๆกๆถ. Contribute to JoeyBling/bootplus development by creating an account on GitHub.
๐จ CVE-2025-0700
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/sys/log/list. The manipulation of the argument logId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
๐@cveNotify
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/sys/log/list. The manipulation of the argument logId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
๐@cveNotify
GitHub
4 ยท Issue #22 ยท JoeyBling/bootplus
ๅบไบSpringBoot + Shiro + MyBatisPlus็ๆ้็ฎก็ๆกๆถ. Contribute to JoeyBling/bootplus development by creating an account on GitHub.
๐จ CVE-2024-5413
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.
๐@cveNotify
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/scheduled.php, all parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.
๐@cveNotify
www.incibe.es
Cross-Site Scripting Vulnerability in phpMyBackupPro
INCIBE has coordinated the publication of 3 high severity vulnerabilities affecting phpMyBackupPro, ve
๐จ CVE-2024-5414
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/get_file.php, 'view' parameter. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.
๐@cveNotify
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/get_file.php, 'view' parameter. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.
๐@cveNotify
www.incibe.es
Cross-Site Scripting Vulnerability in phpMyBackupPro
INCIBE has coordinated the publication of 3 high severity vulnerabilities affecting phpMyBackupPro, ve
๐จ CVE-2024-5415
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.
๐@cveNotify
A vulnerability have been discovered in PhpMyBackupPro affecting version 2.3 that could allow an attacker to execute XSS through /phpmybackuppro/backup.php, 'comments' and 'db' parameters. This vulnerabilities could allow an attacker to create a specially crafted URL and send it to a victim to retrieve their session details.
๐@cveNotify
www.incibe.es
Cross-Site Scripting Vulnerability in phpMyBackupPro
INCIBE has coordinated the publication of 3 high severity vulnerabilities affecting phpMyBackupPro, ve
๐จ CVE-2025-52886
Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.
๐@cveNotify
Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue.
๐@cveNotify
GitLab
poppler 25.06.0 (04bd9168) ยท Commits ยท poppler / poppler ยท GitLab
freedesktop.org GitLab login
๐จ CVE-2025-45814
Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack.
๐@cveNotify
Missing authentication checks in the query.fcgi endpoint of NS3000 v8.1.1.125110 , v7.2.8.124852 , and v7.x and NS2000 v7.02.08 allows attackers to execute a session hijacking attack.
๐@cveNotify
GitHub
my--cve-vulnerability-research/CVE-2025-45814 at main ยท shiky8/my--cve-vulnerability-research
This repository contains information on all of the CVEs I found. - shiky8/my--cve-vulnerability-research
๐จ CVE-2025-45813
ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.
๐@cveNotify
ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.
๐@cveNotify
GitHub
my--cve-vulnerability-research/CVE-2025-45813 at main ยท shiky8/my--cve-vulnerability-research
This repository contains information on all of the CVEs I found. - shiky8/my--cve-vulnerability-research
๐จ CVE-2025-45938
Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting (XSS) via the Jira fullName parameter.
๐@cveNotify
Akeles Out of Office Assistant for Jira 4.0.1 is vulberable to Cross Site Scripting (XSS) via the Jira fullName parameter.
๐@cveNotify
๐จ CVE-2024-4991
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it.
๐@cveNotify
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_pass/aksi_pass.php parameter in nama_lengkap. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in SiAdmin
INCIBE has coordinated the publication of 3 vulnerabilities: 2 of critical severity and 1 of medium se
๐จ CVE-2024-4992
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it.
๐@cveNotify
Vulnerability in SiAdmin 1.1 that allows SQL injection via the /modul/mod_kuliah/aksi_kuliah.php parameter in nim. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the system and retrieve all the information stored in it.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in SiAdmin
INCIBE has coordinated the publication of 3 vulnerabilities: 2 of critical severity and 1 of medium se
๐จ CVE-2024-4993
Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and thereby steal their cookie session credentials.
๐@cveNotify
Vulnerability in SiAdmin 1.1 that allows XSS via the /show.php query parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and thereby steal their cookie session credentials.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in SiAdmin
INCIBE has coordinated the publication of 3 vulnerabilities: 2 of critical severity and 1 of medium se
๐จ CVE-2024-8072
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
๐@cveNotify
Mage AI allows remote unauthenticated attackers to leak the terminal server command history of arbitrary users
๐@cveNotify
Jfrog
Mage AI Terminal Server Infoleak | JFSA-2024-001039574
CVE-2024-8072, MEDIUM, Mage AI Terminal Server Infoleak
๐จ CVE-2024-45187
Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server
๐@cveNotify
Guest users in the Mage AI framework that remain logged in after their accounts are deleted, are mistakenly given high privileges and specifically given access to remotely execute arbitrary code through the Mage AI terminal server
๐@cveNotify
Jfrog
Mage AI deleted users RCE | JFSA-2024-001039602
CVE-2024-45187, HIGH, Mage AI deleted users RCE
๐จ CVE-2024-45188
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request
๐@cveNotify
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request
๐@cveNotify
Jfrog
Mage AI file content request remote arbitrary file leak | JFSA-2024-001039603
CVE-2024-45188, MEDIUM, Mage AI file content request remote arbitrary file leak
๐จ CVE-2024-45190
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request
๐@cveNotify
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request
๐@cveNotify
Jfrog
Mage AI pipeline interaction request remote arbitrary file leak | JFSA-2024-001039605
CVE-2024-45190, MEDIUM, Mage AI pipeline interaction request remote arbitrary file leak
๐จ CVE-2025-25191
Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100.
๐@cveNotify
Group-Office is an enterprise CRM and groupware tool. This Stored XSS vulnerability exists where user input in the Name field is not properly sanitized before being stored. This vulnerability is fixed in 6.8.100.
๐@cveNotify
GitHub
Fixes Stored XSS Vulnerability via user's name field (GHSA-j7p3-v652-โฆ ยท Intermesh/groupoffice@c5c83e1
โฆp3gf)
๐จ CVE-2025-27911
An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion (if saved to disk) or a termination of the server process with an out-of-memory error.
๐@cveNotify
An issue was discovered in Datalust Seq before 2024.3.13545. Expansion of identifiers in message templates can be used to bypass the system "Event body limit bytes" setting, leading to increased resource consumption. With sufficiently large events, there can be disk space exhaustion (if saved to disk) or a termination of the server process with an out-of-memory error.
๐@cveNotify
Seq
Seq โ centralized structured logs
Collect logs and traces, monitor applications, and hunt bugs โ without data leaving your infrastructure.
๐จ CVE-2025-27912
An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. Exploitation of the vulnerability allows the attacker to conduct impersonation attacks and perform actions in Seq on behalf of the targeted user.
๐@cveNotify
An issue was discovered in Datalust Seq before 2024.3.13545. Missing Content-Type validation can lead to CSRF when (1) Entra ID or OpenID Connect authentication is in use and a user visits a compromised/malicious site, or (2) when username/password or Active Directory authentication is in use and a user visits a compromised/malicious site under the same effective top-level domain as the Seq server. Exploitation of the vulnerability allows the attacker to conduct impersonation attacks and perform actions in Seq on behalf of the targeted user.
๐@cveNotify
Seq
Seq โ centralized structured logs
Collect logs and traces, monitor applications, and hunt bugs โ without data leaving your infrastructure.
๐จ CVE-2025-2176
A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
๐@cveNotify
A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The identifier of the patch is ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
๐@cveNotify
GitHub
src/conv.c, src/io-sim.c, src/search.c: Avoid integer overflow leadinโฆ ยท zapping-vbi/zvbi@ca16721
โฆg to heap overflow
๐จ CVE-2025-2177
A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
๐@cveNotify
A vulnerability classified as critical was found in libzvbi up to 0.2.43. This vulnerability affects the function vbi_search_new of the file src/search.c. The manipulation of the argument pat_len leads to integer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.2.44 is able to address this issue. The patch is identified as ca1672134b3e2962cd392212c73f44f8f4cb489f. It is recommended to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.
๐@cveNotify
GitHub
src/conv.c, src/io-sim.c, src/search.c: Avoid integer overflow leadinโฆ ยท zapping-vbi/zvbi@ca16721
โฆg to heap overflow