🚨 CVE-2025-46399
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.
🎖@cveNotify
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.
🎖@cveNotify
🚨 CVE-2025-46400
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.
🎖@cveNotify
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.
🎖@cveNotify
🚨 CVE-2025-46546
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/.
🎖@cveNotify
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/.
🎖@cveNotify
Deiteriy
Deiteriy - поставщик услуг информационной безопасности
Компания Deiteriy оказывает комплексные консультационные услуги в сфере информационных технологий и информационной безопасности на рынке России и стран СНГ, Европы и Азии. Обладает статусами CISA, PCI QSA, PCI PA-QSA, PCI QSA (P2PE) и PCI PA-QSA (P2PE).
🚨 CVE-2025-46547
In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.
🎖@cveNotify
In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.
🎖@cveNotify
Deiteriy
Deiteriy - поставщик услуг информационной безопасности
Компания Deiteriy оказывает комплексные консультационные услуги в сфере информационных технологий и информационной безопасности на рынке России и стран СНГ, Европы и Азии. Обладает статусами CISA, PCI QSA, PCI PA-QSA, PCI QSA (P2PE) и PCI PA-QSA (P2PE).
🚨 CVE-2025-46653
Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.
🎖@cveNotify
Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.
🎖@cveNotify
GitHub
formidable/CHANGELOG.md at d0fbec13edc8add54a1afb9ce1a8d3db803f8d47 · node-formidable/formidable
The most used, flexible, fast and streaming parser for multipart form data. Supports uploading to serverless environments, AWS S3, Azure, GCP or the filesystem. Used in production. - node-formidabl...
🚨 CVE-2025-59221
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
🎖@cveNotify
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
🎖@cveNotify
🚨 CVE-2025-59222
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
🎖@cveNotify
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
🎖@cveNotify
🚨 CVE-2025-59232
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
🎖@cveNotify
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
🎖@cveNotify
🚨 CVE-2025-59235
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
🎖@cveNotify
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
🎖@cveNotify
🚨 CVE-2025-59238
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
🎖@cveNotify
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
🎖@cveNotify
🚨 CVE-2025-59243
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
🎖@cveNotify
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
🎖@cveNotify
🚨 CVE-2025-46612
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.
🎖@cveNotify
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.
🎖@cveNotify
🚨 CVE-2025-46101
SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in json_scorm.php file
🎖@cveNotify
SQL Injection vulnerability in Beakon Software Beakon Learning Management System Sharable Content Object Reference Model (SCORM) version before 5.4.3 allows a remote attacker to obtain sensitive information via the ks parameter in json_scorm.php file
🎖@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
🚨 CVE-2025-43280
The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.
🎖@cveNotify
The issue was resolved by not loading remote images This issue is fixed in iOS 18.6 and iPadOS 18.6. Forwarding an email could display remote images in Mail in Lockdown Mode.
🎖@cveNotify
Apple Support
About the security content of iOS 18.6 and iPadOS 18.6 - Apple Support
This document describes the security content of iOS 18.6 and iPadOS 18.6.
🚨 CVE-2024-42192
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications.
🎖@cveNotify
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage which could allow an attacker to access other computers or applications.
🎖@cveNotify
Hcl-Software
Security Bulletin: HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage (CVE-2024-42192) - Customer…
HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a credential leakage vulnerability.
🚨 CVE-2025-11864
A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The attack may be performed from remote.
🎖@cveNotify
A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The attack may be performed from remote.
🎖@cveNotify
GitHub
CVE-Discovery/Nucleoid.md at main · lakshayyverma/CVE-Discovery
Contribute to lakshayyverma/CVE-Discovery development by creating an account on GitHub.
🚨 CVE-2025-11896
In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow.
🎖@cveNotify
In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow.
🎖@cveNotify
🚨 CVE-2025-62504
Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the configured per_connection_buffer_limit_bytes (default 1MB), Envoy generates a local reply whose headers override the original response headers, leaving dangling references and causing a crash. This results in denial of service. Updating to versions 1.36.2, 1.35.6, 1.34.10, or 1.33.12 fixes the issue. Increasing per_connection_buffer_limit_bytes (and for HTTP/2 the initial_stream_window_size) or increasing per_request_buffer_limit_bytes / request_body_buffer_limit can reduce the likelihood of triggering the condition but does not correct the underlying memory safety flaw.
🎖@cveNotify
Envoy is an open source edge and service proxy. Envoy versions earlier than 1.36.2, 1.35.6, 1.34.10, and 1.33.12 contain a use-after-free vulnerability in the Lua filter. When a Lua script executing in the response phase rewrites a response body so that its size exceeds the configured per_connection_buffer_limit_bytes (default 1MB), Envoy generates a local reply whose headers override the original response headers, leaving dangling references and causing a crash. This results in denial of service. Updating to versions 1.36.2, 1.35.6, 1.34.10, or 1.33.12 fixes the issue. Increasing per_connection_buffer_limit_bytes (and for HTTP/2 the initial_stream_window_size) or increasing per_request_buffer_limit_bytes / request_body_buffer_limit can reduce the likelihood of triggering the condition but does not correct the underlying memory safety flaw.
🎖@cveNotify
GitHub
Lua modified large enough response body will cause Envoy to crash
### Summary
When Lua directly returns an oversized response body exceeding the `per_connection_buffer_limit_bytes` (default 1MB), Envoy will crash directly.
### Details
A Use-After-Free vulner...
When Lua directly returns an oversized response body exceeding the `per_connection_buffer_limit_bytes` (default 1MB), Envoy will crash directly.
### Details
A Use-After-Free vulner...
🚨 CVE-2025-62506
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy restrictions when performing operations on their own account, specifically when creating new service accounts for the same user. The vulnerability exists in the IAM policy validation logic where the code incorrectly relied on the DenyOnly argument when validating session policies for restricted accounts. When a session policy is present, the system should validate that the action is allowed by the session policy, not just that it is not denied. An attacker with valid credentials for a restricted service or STS account can create a new service account for itself without policy restrictions, resulting in a new service account with full parent privileges instead of being restricted by the inline policy. This allows the attacker to access buckets and objects beyond their intended restrictions and modify, delete, or create objects outside their authorized scope. The vulnerability is fixed in version RELEASE.2025-10-15T17-29-55Z.
🎖@cveNotify
MinIO is a high-performance object storage system. In all versions prior to RELEASE.2025-10-15T17-29-55Z, a privilege escalation vulnerability allows service accounts and STS (Security Token Service) accounts with restricted session policies to bypass their inline policy restrictions when performing operations on their own account, specifically when creating new service accounts for the same user. The vulnerability exists in the IAM policy validation logic where the code incorrectly relied on the DenyOnly argument when validating session policies for restricted accounts. When a session policy is present, the system should validate that the action is allowed by the session policy, not just that it is not denied. An attacker with valid credentials for a restricted service or STS account can create a new service account for itself without policy restrictions, resulting in a new service account with full parent privileges instead of being restricted by the inline policy. This allows the attacker to access buckets and objects beyond their intended restrictions and modify, delete, or create objects outside their authorized scope. The vulnerability is fixed in version RELEASE.2025-10-15T17-29-55Z.
🎖@cveNotify
GitHub
fix: check sub-policy properly when present (#21642) · minio/minio@c1a4949
This fixes a security issue where sub-policy attached to a service
account or STS account is not properly validated under certain "own"
account operations (like creating new servi...
account or STS account is not properly validated under certain "own"
account operations (like creating new servi...