π¨ CVE-2025-11588
A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in CodeAstro Gym Management System 1.0. This impacts an unknown function of the file /customer/index.php. Such manipulation of the argument fullname leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
π@cveNotify
π¨ CVE-2025-11589
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in CodeAstro Gym Management System 1.0. Affected is an unknown function of the file /admin/user-payment.php. Performing manipulation of the argument plan results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
π¨ CVE-2025-61911
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` parameter, and the non-default `escape_mode=1` is configured. The method `ldap.filter.escape_filter_chars` supports 3 different escaping modes. `escape_mode=0` (default) and `escape_mode=2` happen to raise exceptions when a `list` or `dict` object is supplied as the `assertion_value` parameter. However, `escape_mode=1` computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the `python-ldap` library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5 fixes the issue by adding a type check at the start of the `ldap.filter.escape_filter_chars` method to raise an exception when the supplied `assertion_value` parameter is not of type `str`.
π@cveNotify
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, the sanitization method `ldap.filter.escape_filter_chars` can be tricked to skip escaping of special characters when a crafted `list` or `dict` is supplied as the `assertion_value` parameter, and the non-default `escape_mode=1` is configured. The method `ldap.filter.escape_filter_chars` supports 3 different escaping modes. `escape_mode=0` (default) and `escape_mode=2` happen to raise exceptions when a `list` or `dict` object is supplied as the `assertion_value` parameter. However, `escape_mode=1` computes without performing adequate logic to ensure a fully escaped return value. If an application relies on the vulnerable method in the `python-ldap` library to escape untrusted user input, an attacker might be able to abuse the vulnerability to launch ldap injection attacks which could potentially disclose or manipulate ldap data meant to be inaccessible to them. Version 3.4.5 fixes the issue by adding a type check at the start of the `ldap.filter.escape_filter_chars` method to raise an exception when the supplied `assertion_value` parameter is not of type `str`.
π@cveNotify
GitHub
Merge commit from fork Β· python-ldap/python-ldap@3957526
LDAP client API for Python. Contribute to python-ldap/python-ldap development by creating an account on GitHub.
π¨ CVE-2025-61912
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.
π@cveNotify
python-ldap is a lightweight directory access protocol (LDAP) client API for Python. In versions prior to 3.4.5, ldap.dn.escape_dn_chars() escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to construct DNs from untrusted input can be made to consistently fail before a request is sent to the LDAP server (e.g., AD), resulting in a client-side denial of service. Version 3.4.5 contains a patch for the issue.
π@cveNotify
GitHub
Merge commit from fork Β· python-ldap/python-ldap@6ea8032
Update tests to expect \00 and verify RFC-compliant escaping
π¨ CVE-2025-11626
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
π@cveNotify
MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service
π@cveNotify
GitLab
Fuzz job crash: fuzz-2025-09-22-11446760871.pcap (#20724) Β· Issues Β· Wireshark Foundation / Wireshark Β· GitLab
Problems have been found with the following capture file: https://www.wireshark.org/download/automated/captures/fuzz-2025-09-22-11446760871.pcap.gz stderr:
π¨ CVE-2025-52647
The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.
π@cveNotify
The BigFix WebUI application responds with HOST information from the HTTP header field making it vulnerable to Host Header Poisoning Attacks.
π@cveNotify
Hcl-Software
Security Bulletin: HCL BigFix WebUI is affected by multiple security vulnerabilities - Customer Support
HCL BigFix WebUI is affected by the following open source vulnerabilities: form-data (CVE-2025-7783),
π¨ CVE-2025-52885
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointers once the reallocation happens. Version 25.10.0 contains a patch for the issue.
π@cveNotify
Poppler ia a library for rendering PDF files, and examining or modifying their structure. A use-after-free (write) vulnerability has been detected in versions Poppler prior to 25.10.0 within the StructTreeRoot class. The issue arises from the use of raw pointers to elements of a `std::vector`, which can lead to dangling pointers when the vector is resized. The vulnerability stems from the way that refToParentMap stores references to `std::vector` elements using raw pointers. These pointers may become invalid when the vector is resized. This vulnerability is a common security problem involving the use of raw pointers to `std::vectors`. Internally, `std::vector `stores its elements in a dynamically allocated array. When the array reaches its capacity and a new element is added, the vector reallocates a larger block of memory and moves all the existing elements to the new location. At this point if any pointers to elements are stored before a resize occurs, they become dangling pointers once the reallocation happens. Version 25.10.0 contains a patch for the issue.
π@cveNotify
GitLab
Check for duplicate entries (!1884) Β· Merge requests Β· poppler / poppler Β· GitLab
Fixes: #1580 If the vector isn't...
π¨ CVE-2025-62159
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously retrieved Kubernetes secrets directly, without validating the namespace context or the type of secret store. This allowed unauthorized cross-namespace secret access, violating security boundaries and potentially exposing sensitive credentials. In version 0.20.0, the provider code was updated to use the `resolvers.SecretKeyRef` utility, which enforces namespace validation and only allows cross-namespace access for `ClusterSecretStore` types. This ensures secrets are only retrieved from the correct namespace, mitigating the risk of unauthorized access. All users should upgrade to the latest version containing this fix. As a workaround, use a policy engine such as Kyverno or OPA to prevent using BeyondTrust provider and/or validate the `(Cluster)SecretStore` and ensure the namespace may only be set when using a `ClusterSecretStore`.
π@cveNotify
External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator versions 0.10.1 through 0.19.2. The provider previously retrieved Kubernetes secrets directly, without validating the namespace context or the type of secret store. This allowed unauthorized cross-namespace secret access, violating security boundaries and potentially exposing sensitive credentials. In version 0.20.0, the provider code was updated to use the `resolvers.SecretKeyRef` utility, which enforces namespace validation and only allows cross-namespace access for `ClusterSecretStore` types. This ensures secrets are only retrieved from the correct namespace, mitigating the risk of unauthorized access. All users should upgrade to the latest version containing this fix. As a workaround, use a policy engine such as Kyverno or OPA to prevent using BeyondTrust provider and/or validate the `(Cluster)SecretStore` and ensure the namespace may only be set when using a `ClusterSecretStore`.
π@cveNotify
GitHub
Insecure Secret Retrieval in BeyondTrust Provider
A vulnerability was discovered in the BeyondTrust provider implementation for External Secrets Operator. The provider previously retrieved Kubernetes secrets directly, without validating the namesp...
π¨ CVE-2025-62162
cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). Version 0.11.4 fixes the issue.
π@cveNotify
cel-rust is a Common Expression Language interpreter written in Rust. Starting in version 0.10.0 and prior to version 0.11.4, parsing certain malformed CEL expressions can cause the parser to panic, terminating the process. When the crate is used to evaluate untrusted expressions (e.g., user-supplied input over an API), an attacker can send crafted input to trigger a denial of service (DoS). Version 0.11.4 fixes the issue.
π@cveNotify
GitHub
Release cel-v0.11.4 Β· cel-rust/cel-rust
Fixed
antlr4rust update, and fix to allow for linefeed ParseErr
(parser) Gets rid of ever invoking Visitable with no impl
(string) String index accesses err out
(clippy) manual_is_multiple_of
(par...
antlr4rust update, and fix to allow for linefeed ParseErr
(parser) Gets rid of ever invoking Visitable with no impl
(string) String index accesses err out
(clippy) manual_is_multiple_of
(par...
π¨ CVE-2025-8093
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.
π@cveNotify
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Authenticator Login allows Authentication Bypass.This issue affects Authenticator Login: from 0.0.0 before 2.1.8.
π@cveNotify
Drupal.org
Authenticator Login - Moderately critical - Access bypass - SA-CONTRIB-2025-098
This module allows users to setup two-factor authentication (2FA) using authenticator apps for enhanced login security. The module did not protect all possible login paths provided by core modules. CVSS risk score (experimental) 6.3 / Medium CVSS:4.0/AV:β¦
π¨ CVE-2025-9549
Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
π@cveNotify
Missing Authorization vulnerability in Drupal Facets allows Forceful Browsing.This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
π@cveNotify
Drupal.org
Facets - Moderately critical - Information Disclosure - SA-CONTRIB-2025-099
This module enables you to to easily create and manage faceted search interfaces. The module doesn't sufficiently check access to entities when they are displayed as facets. This vulnerability is mitigated by the fact that only sites that show facets withβ¦
π¨ CVE-2025-9550
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
π@cveNotify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.10, from 3.0.0 before 3.0.1.
π@cveNotify
Drupal.org
Facets - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-100
This module enables you to to easily create and manage faceted search interfaces. The module doesnβt sufficiently filter certain user-provided text leading to a cross site scripting (XSS) vulnerability. This vulnerability is mitigated by the fact that anβ¦
π¨ CVE-2025-9551
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0.
π@cveNotify
Improper Restriction of Excessive Authentication Attempts vulnerability in Drupal Protected Pages allows Brute Force.This issue affects Protected Pages: from 0.0.0 before 1.8.0.
π@cveNotify
Drupal.org
Protected Pages - Moderately critical - Access bypass - SA-CONTRIB-2025-101
This module enables you to protect individual pages with a password. The module doesn't limit the number of password attempts, making it vulnerable to brute force attacks. This vulnerability is mitigated by the fact that an attacker must know the protectedβ¦
π¨ CVE-2025-9552
Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*.
π@cveNotify
Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*.
π@cveNotify
Drupal.org
Synchronize composer.json With Contrib Modules - Critical - Unsupported - SA-CONTRIB-2025-102
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-ownerβ¦
π¨ CVE-2025-9553
Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*.
π@cveNotify
Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*.
π@cveNotify
Drupal.org
API Key manager - Critical - Unsupported - SA-CONTRIB-2025-103
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-ownerβ¦
π¨ CVE-2025-9554
Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2: *.*.
π@cveNotify
Vulnerability in Drupal Owl Carousel 2.This issue affects Owl Carousel 2: *.*.
π@cveNotify
Drupal.org
Owl Carousel 2 - Critical - Unsupported - SA-CONTRIB-2025-104
The security team is marking this project unsupported. There is a known security issue with the project that has not been fixed by the maintainer. If you would like to maintain this project, please read: https://www.drupal.org/node/251466#s-becoming-ownerβ¦
π¨ CVE-2025-11590
A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing manipulation of the argument ename can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in CodeAstro Gym Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/equipment-entry.php. Executing manipulation of the argument ename can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
π¨ CVE-2025-31717
In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
π@cveNotify
π¨ CVE-2025-31718
In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
π@cveNotify
In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed.
π@cveNotify
π¨ CVE-2025-54654
Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality
π@cveNotify
Permission control vulnerability in the Gallery module. Successful exploitation of this vulnerability may affect service confidentiality
π@cveNotify
π¨ CVE-2025-11380
The Everest Backup β WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to retrieve back-up file locations that can be subsequently accessed and downloaded. This does require a back-up to be running in order for an attacker to retrieve the back-up location.
π@cveNotify
The Everest Backup β WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'everest_process_status' AJAX action in all versions up to, and including, 2.3.5. This makes it possible for unauthenticated attackers to retrieve back-up file locations that can be subsequently accessed and downloaded. This does require a back-up to be running in order for an attacker to retrieve the back-up location.
π@cveNotify