π¨ CVE-2025-57878
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
π@cveNotify
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
π@cveNotify
ArcGIS Blog
Portal for ArcGIS Security 2025 Update 3 Patch
Esri has released the Portal for ArcGIS Security 2025 Update 2 Patch that resolves 9 medium severity vulnerabilities in versions 11.4 and prior.
π¨ CVE-2025-57879
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
π@cveNotify
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
π@cveNotify
ArcGIS Blog
Portal for ArcGIS Security 2025 Update 3 Patch
Esri has released the Portal for ArcGIS Security 2025 Update 2 Patch that resolves 9 medium severity vulnerabilities in versions 11.4 and prior.
π¨ CVE-2025-61581
** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control.
This issue affects Apache Traffic Control: all versions.
People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
** UNSUPPORTED WHEN ASSIGNED ** Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control.
This issue affects Apache Traffic Control: all versions.
People with access to the management interface of the Traffic Router component could specify malicious patterns and cause unavailability.
As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users.
NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
π¨ CVE-2025-61922
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
π@cveNotify
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. Starting in version 1.3.0 and prior to versions 4.4.1 and 5.0.5, missing validation on the Express Checkout feature allows silent login, enabling account takeover via email. The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
π@cveNotify
GitHub
Customer account takeover via email
# Impact
Missing validation on Express Checkout feature allows silent log-in
## Affected versions
The issue was introduced in PrestaShop Checkout 1.3.0 .
All versions above 1.3.0 are vuln...
Missing validation on Express Checkout feature allows silent log-in
## Affected versions
The issue was introduced in PrestaShop Checkout 1.3.0 .
All versions above 1.3.0 are vuln...
π¨ CVE-2025-61553
An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access. Given it's a heap overflow in a privileged hypervisor context, exploitation may enable arbitrary code execution or guest-to-host privilege escalation.
π@cveNotify
An out-of-bounds write in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access. Given it's a heap overflow in a privileged hypervisor context, exploitation may enable arbitrary code execution or guest-to-host privilege escalation.
π@cveNotify
GitHub
advisories/CVE-2025-61553/README.md at main Β· retrage/advisories
Security Advisories. Contribute to retrage/advisories development by creating an account on GitHub.
π¨ CVE-2025-62427
The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution mechanism of Angular's Server-Side Rendering package (@angular/ssr) before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestUrl uses the native URL constructor. When an incoming request path (e.g., originalUrl or url) begins with a double forward slash (//) or backslash (\\), the URL constructor treats it as a schema-relative URL. This behavior overrides the security-intended base URL (protocol, host, and port) supplied as the second argument, instead resolving the URL against the scheme of the base URL but adopting the attacker-controlled hostname. This allows an attacker to specify an external domain in the URL path, tricking the Angular SSR environment into setting the page's virtual location (accessible via DOCUMENT or PlatformLocation tokens) to this attacker-controlled domain. Any subsequent relative HTTP requests made during the SSR process (e.g., using HttpClient.get('assets/data.json')) will be incorrectly resolved against the attacker's domain, forcing the server to communicate with an arbitrary external endpoint. This vulnerability is fixed in 19.2.18, 20.3.6, and 21.0.0-next.8.
π@cveNotify
The Angular SSR is a server-rise rendering tool for Angular applications. The vulnerability is a Server-Side Request Forgery (SSRF) flaw within the URL resolution mechanism of Angular's Server-Side Rendering package (@angular/ssr) before 19.2.18, 20.3.6, and 21.0.0-next.8. The function createRequestUrl uses the native URL constructor. When an incoming request path (e.g., originalUrl or url) begins with a double forward slash (//) or backslash (\\), the URL constructor treats it as a schema-relative URL. This behavior overrides the security-intended base URL (protocol, host, and port) supplied as the second argument, instead resolving the URL against the scheme of the base URL but adopting the attacker-controlled hostname. This allows an attacker to specify an external domain in the URL path, tricking the Angular SSR environment into setting the page's virtual location (accessible via DOCUMENT or PlatformLocation tokens) to this attacker-controlled domain. Any subsequent relative HTTP requests made during the SSR process (e.g., using HttpClient.get('assets/data.json')) will be incorrectly resolved against the attacker's domain, forcing the server to communicate with an arbitrary external endpoint. This vulnerability is fixed in 19.2.18, 20.3.6, and 21.0.0-next.8.
π@cveNotify
GitHub
fix(@angular/ssr): prevent malicious URL from overriding host Β· angular/angular-cli@5271547
A request with a specially crafted URL starting with a double slash (e.g., `//example.com`) could cause the server-side rendering logic to interpret the request as being for a different host. This ...
π¨ CVE-2025-60358
radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.
π@cveNotify
radare2 v.5.9.8 and before contains a memory leak in the function _load_relocations.
π@cveNotify
GitHub
Fix memleak in function _load_relocations by xiaoxiaoafeifei Β· Pull Request #24224 Β· radareorg/radare2
Mark this if you consider it ready to merge
I've added tests (optional)
I wrote some lines in the book (optional)
Description
I've added tests (optional)
I wrote some lines in the book (optional)
Description
π¨ CVE-2025-61554
A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access.
π@cveNotify
A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access.
π@cveNotify
GitHub
advisories/CVE-2025-61554/README.md at c20246f93edac1b8ad3c8c5e3e768d02405850c7 Β· retrage/advisories
Security Advisories. Contribute to retrage/advisories development by creating an account on GitHub.
π¨ CVE-2025-11902
A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the function findField of the file /cms/article/findField. Performing manipulation of the argument cid results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
Security_Note/Vulnerability_Discovery/ChanCMSv3.3.2.md at main Β· NarcherAlter/Security_Note
Contribute to NarcherAlter/Security_Note development by creating an account on GitHub.
π¨ CVE-2025-11903
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A flaw has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the function update of the file /cms/article/update. Executing manipulation of the argument cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
Security_Note/Vulnerability_Discovery/ChanCMSv3.3.2.md at main Β· NarcherAlter/Security_Note
Contribute to NarcherAlter/Security_Note development by creating an account on GitHub.
π¨ CVE-2025-48044
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2.
This issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d.
π@cveNotify
Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2.
This issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d.
π@cveNotify
GitHub
Merge commit from fork Β· ash-project/ash@8b83efa
The Policy Refactoring (#2365) introduced a bug where bypass policies
were contributing only their condition to one_condition_matches instead
of their complete expression (condition AND policies).
...
were contributing only their condition to one_condition_matches instead
of their complete expression (condition AND policies).
...
π¨ CVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.
π@cveNotify
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.
π@cveNotify
GitHub
GitHub - shinyColumn/CVE-2025-46408: Improper Hostname Verification in EagleEyes Lite Android Application
Improper Hostname Verification in EagleEyes Lite Android Application - shinyColumn/CVE-2025-46408
π¨ CVE-2025-10477
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
π@cveNotify
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
π@cveNotify
GitHub
Miker132/CVE-
Contribute to Miker132/CVE- development by creating an account on GitHub.
π¨ CVE-2025-55211
FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
π@cveNotify
FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
π@cveNotify
GitHub
Authenticated Command Injection in Framework module
## Summary
Authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages in some recent v17 releases of the framework module.
...
Authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages in some recent v17 releases of the framework module.
...
π¨ CVE-2025-59056
FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.
π@cveNotify
FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.
π@cveNotify
GitHub
Blaming framework/amp_conf/htdocs/admin/ajax.php at release/17.0 Β· FreePBX/framework
This module provides a facility to install bug fixes to the framework code that is not otherwise housed in a module - Blaming framework/amp_conf/htdocs/admin/ajax.php at release/17.0 Β· FreePBX/fram...
π¨ CVE-2025-36244
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.
π@cveNotify
IBM AIX 7.2, 7.3, IBM VIOS 3.1, and 4.1, when configured to use Kerberos network authentication, could allow a local user to write to files on the system with root privileges due to improper initialization of critical variables.
π@cveNotify
Ibm
Security Bulletin: AIX/VIOS is vulnerable to arbitrary file write due to Kerberos (CVE-2025-36244)
Vulnerability in AIX's Kerberos could allow a non-privileged local user to write to arbitrary files (CVE-2025-36244)
π¨ CVE-2025-56263
by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files of any size and type.
π@cveNotify
by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files of any size and type.
π@cveNotify
GitHub
Arbitrary File Upload Vulnerability Β· Issue #50 Β· by-night/sms
The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files of any size and type. The upload method in the com.zjh.sms.controller.Upload class directly extracts th...
π¨ CVE-2025-57350
The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parser_jsonarray component. When processing CSV input containing specially crafted header fields that reference prototype chains (e.g., using __proto__ syntax), the application may unintentionally modify properties of the base Object prototype. This vulnerability can lead to denial of service conditions or unexpected behavior in applications relying on unmodified prototype chains, particularly when untrusted CSV data is processed. The flaw does not require user interaction beyond providing a maliciously constructed CSV file.
π@cveNotify
The csvtojson package, a tool for converting CSV data to JSON with customizable parsing capabilities, contains a prototype pollution vulnerability in versions prior to 2.0.10. This issue arises due to insufficient sanitization of nested header names during the parsing process in the parser_jsonarray component. When processing CSV input containing specially crafted header fields that reference prototype chains (e.g., using __proto__ syntax), the application may unintentionally modify properties of the base Object prototype. This vulnerability can lead to denial of service conditions or unexpected behavior in applications relying on unmodified prototype chains, particularly when untrusted CSV data is processed. The flaw does not require user interaction beyond providing a maliciously constructed CSV file.
π@cveNotify
GitHub
Prototype Pollution Vulnerability in csvtojson Prior to 2.0.10 Β· Issue #498 Β· Keyang/node-csvtojson
Summary The csvtojson package, a popular CSV-to-JSON conversion tool, contains a prototype pollution vulnerability in versions prior to 2.0.10. This flaw allows attackers to manipulate the prototyp...
π¨ CVE-2025-59305
Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to data corruption or denial of service through unauthorized access to TRPC endpoints such as backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry.
π@cveNotify
Improper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migration control functions. This can lead to data corruption or denial of service through unauthorized access to TRPC endpoints such as backgroundMigrations.all, backgroundMigrations.status, and backgroundMigrations.retry.
π@cveNotify
Depthfirst
depthfirst | How An Authorization Flaw Reveals A Common Security Blind Spot: CVE-2025-59305 Case Study
We recently discovered a textbook example of this in Langfuse, a leading open-source LLM engineering platform with 16k stars on Github. A subtle flaw in its background job controls allowed any authenticated user to access highly sensitive administrative functionsβ¦
π¨ CVE-2025-57330
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
π@cveNotify
The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
π@cveNotify
π¨ CVE-2025-57347
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution vulnerabilities by injecting malicious input values (e.g., "__proto__"), enabling unauthorized modification of the JavaScript Object prototype chain. Successful exploitation could lead to denial of service conditions, unexpected application behavior, or potential execution of arbitrary code in contexts where polluted properties are later accessed or executed. The issue affects versions prior to 7.0.11 and remains unpatched at the time of disclosure.
π@cveNotify
A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution vulnerabilities by injecting malicious input values (e.g., "__proto__"), enabling unauthorized modification of the JavaScript Object prototype chain. Successful exploitation could lead to denial of service conditions, unexpected application behavior, or potential execution of arbitrary code in contexts where polluted properties are later accessed or executed. The issue affects versions prior to 7.0.11 and remains unpatched at the time of disclosure.
π@cveNotify
GitHub
PoCs/JavaScript/prototype-pollution/CVE-2025-57347 at main Β· OrangeShieldInfos/PoCs
Collection of Proof-of-Concepts. Contribute to OrangeShieldInfos/PoCs development by creating an account on GitHub.