π¨ CVE-2025-57873
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
π@cveNotify
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
π@cveNotify
ArcGIS Blog
Portal for ArcGIS Security 2025 Update 3 Patch
Esri has released the Portal for ArcGIS Security 2025 Update 2 Patch that resolves 9 medium severity vulnerabilities in versions 11.4 and prior.
π¨ CVE-2025-57874
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
π@cveNotify
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
π@cveNotify
ArcGIS Blog
Portal for ArcGIS Security 2025 Update 3 Patch
Esri has released the Portal for ArcGIS Security 2025 Update 2 Patch that resolves 9 medium severity vulnerabilities in versions 11.4 and prior.
π¨ CVE-2025-57875
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
π@cveNotify
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
π@cveNotify
ArcGIS Blog
Portal for ArcGIS Security 2025 Update 3 Patch
Esri has released the Portal for ArcGIS Security 2025 Update 2 Patch that resolves 9 medium severity vulnerabilities in versions 11.4 and prior.
π¨ CVE-2025-57876
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victimβs browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
π@cveNotify
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victimβs browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
π@cveNotify
ArcGIS Blog
Portal for ArcGIS Security 2025 Update 3 Patch
Esri has released the Portal for ArcGIS Security 2025 Update 2 Patch that resolves 9 medium severity vulnerabilities in versions 11.4 and prior.
π¨ CVE-2025-57877
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
π@cveNotify
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
π@cveNotify
ArcGIS Blog
Portal for ArcGIS Security 2025 Update 3 Patch
Esri has released the Portal for ArcGIS Security 2025 Update 2 Patch that resolves 9 medium severity vulnerabilities in versions 11.4 and prior.
π¨ CVE-2025-57878
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
π@cveNotify
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
π@cveNotify
ArcGIS Blog
Portal for ArcGIS Security 2025 Update 3 Patch
Esri has released the Portal for ArcGIS Security 2025 Update 2 Patch that resolves 9 medium severity vulnerabilities in versions 11.4 and prior.
π¨ CVE-2025-57879
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
π@cveNotify
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
π@cveNotify
ArcGIS Blog
Portal for ArcGIS Security 2025 Update 3 Patch
Esri has released the Portal for ArcGIS Security 2025 Update 2 Patch that resolves 9 medium severity vulnerabilities in versions 11.4 and prior.
π¨ CVE-2025-61581
** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control.
This issue affects Apache Traffic Control: all versions.
People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control.
This issue affects Apache Traffic Control: all versions.
People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
π¨ CVE-2025-61922
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
π@cveNotify
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
π@cveNotify
GitHub
Customer account takeover via email
# Impact
Missing validation on Express Checkout feature allows silent log-in
## Affected versions
The issue was introduced in PrestaShop Checkout 1.3.0 .
All versions above 1.3.0 are vuln...
Missing validation on Express Checkout feature allows silent log-in
## Affected versions
The issue was introduced in PrestaShop Checkout 1.3.0 .
All versions above 1.3.0 are vuln...
π¨ CVE-2025-61553
An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access. Given it's a heap overflow in a privileged hypervisor context, exploitation may enable arbitrary code execution or guest-to-host privilege escalation.
π@cveNotify
An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access. Given it's a heap overflow in a privileged hypervisor context, exploitation may enable arbitrary code execution or guest-to-host privilege escalation.
π@cveNotify
GitHub
advisories/CVE-2025-61553/README.md at main Β· retrage/advisories
Security Advisories. Contribute to retrage/advisories development by creating an account on GitHub.
π¨ CVE-2025-62427
The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution mechanism of Angular's Server-Side Rendering package (@angular/ssr) before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestUrl uses the native URL constructor. When an incoming request path (e.g., originalUrl or url) begins with a double forward slash (//) or backslash (\\), the URL constructor treats it as a schema-relative URL. This behavior overrides the security-intended base URL (protocol, host, and port) supplied as the second argument, instead resolving the URL against the scheme of the base URL but adopting the attacker-controlled hostname. This allows an attacker to specify an external domain in the URL path, tricking the Angular SSR environment into setting the page's virtual location (accessible via DOCUMENT or PlatformLocation tokens) to this attacker-controlled domain. Any subsequent relative HTTP requests made during the SSR process (e.g., using HttpClient.get('assets/data.json')) will be incorrectly resolved against the attacker's domain, forcing the server to communicate with an arbitrary external endpoint. This vulnerability is fixed in 19.2.18, 20.3.6, and 21.0.0-next.8.
π@cveNotify
The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution mechanism of Angular's Server-Side Rendering package (@angular/ssr) before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestUrl uses the native URL constructor. When an incoming request path (e.g., originalUrl or url) begins with a double forward slash (//) or backslash (\\), the URL constructor treats it as a schema-relative URL. This behavior overrides the security-intended base URL (protocol, host, and port) supplied as the second argument, instead resolving the URL against the scheme of the base URL but adopting the attacker-controlled hostname. This allows an attacker to specify an external domain in the URL path, tricking the Angular SSR environment into setting the page's virtual location (accessible via DOCUMENT or PlatformLocation tokens) to this attacker-controlled domain. Any subsequent relative HTTP requests made during the SSR process (e.g., using HttpClient.get('assets/data.json')) will be incorrectly resolved against the attacker's domain, forcing the server to communicate with an arbitrary external endpoint. This vulnerability is fixed in 19.2.18, 20.3.6, and 21.0.0-next.8.
π@cveNotify
GitHub
fix(@angular/ssr): prevent malicious URL from overriding host Β· angular/angular-cli@5271547
A request with a specially crafted URL starting with a double slash (e.g., `//example.com`) could cause the server-side rendering logic to interpret the request as being for a different host. This ...
π¨ CVE-2025-60358
radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.
π@cveNotify
radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.
π@cveNotify
GitHub
Fix memleak in function _load_relocations by xiaoxiaoafeifei Β· Pull Request #24224 Β· radareorg/radare2
Mark this if you consider it ready to merge
I've added tests (optional)
I wrote some lines in the book (optional)
Description
I've added tests (optional)
I wrote some lines in the book (optional)
Description
π¨ CVE-2025-61554
A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access.
π@cveNotify
A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access.
π@cveNotify
GitHub
advisories/CVE-2025-61554/README.md at c20246f93edac1b8ad3c8c5e3e768d02405850c7 Β· retrage/advisories
Security Advisories. Contribute to retrage/advisories development by creating an account on GitHub.
π¨ CVE-2025-11902
A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
Security_Note/Vulnerability_Discovery/ChanCMSv3.3.2.md at main Β· NarcherAlter/Security_Note
Contribute to NarcherAlter/Security_Note development by creating an account on GitHub.
π¨ CVE-2025-11903
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
Security_Note/Vulnerability_Discovery/ChanCMSv3.3.2.md at main Β· NarcherAlter/Security_Note
Contribute to NarcherAlter/Security_Note development by creating an account on GitHub.
π¨ CVE-2025-48044
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2.
This issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d.
π@cveNotify
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2.
This issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d.
π@cveNotify
GitHub
Merge commit from fork Β· ash-project/ash@8b83efa
The Policy Refactoring (#2365) introduced a bug where bypass policies
were contributing only their condition to one_condition_matches instead
of their complete expression (condition AND policies).
...
were contributing only their condition to one_condition_matches instead
of their complete expression (condition AND policies).
...
π¨ CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.
π@cveNotify
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.
π@cveNotify
GitHub
GitHub - shinyColumn/CVE-2025-46408: Improper Hostname Verification in EagleEyes Lite Android Application
Improper Hostname Verification in EagleEyes Lite Android Application - shinyColumn/CVE-2025-46408
π¨ CVE-2025-10477
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
π@cveNotify
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
π@cveNotify
GitHub
Miker132/CVE-
Contribute to Miker132/CVE- development by creating an account on GitHub.
π¨ CVE-2025-55211
FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
π@cveNotify
FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
π@cveNotify
GitHub
Authenticated Command Injection in Framework module
## Summary
Authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages in some recent v17 releases of the framework module.
...
Authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages in some recent v17 releases of the framework module.
...
π¨ CVE-2025-59056
FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.
π@cveNotify
FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.
π@cveNotify
GitHub
Blaming framework/amp_conf/htdocs/admin/ajax.php at release/17.0 Β· FreePBX/framework
This module provides a facility to install bug fixes to the framework code that is not otherwise housed in a module - Blaming framework/amp_conf/htdocs/admin/ajax.php at release/17.0 Β· FreePBX/fram...
π¨ CVE-2025-36244
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.
π@cveNotify
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.
π@cveNotify
Ibm
Security Bulletin: AIX/VIOS is vulnerable to arbitrary file write due to Kerberos (CVE-2025-36244)
Vulnerability in AIX's Kerberos could allow a non-privileged local user to write to arbitrary files (CVE-2025-36244)