🚨 CVE-2022-0363
The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts.
🎖@cveNotify
The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts.
🎖@cveNotify
WPScan
myCred < 2.4.4 - Subscriber+ Arbitrary Post Creation
See details on myCred < 2.4.4 - Subscriber+ Arbitrary Post Creation CVE 2022-0363. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2022-1092
The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog
🎖@cveNotify
The myCred WordPress plugin before 2.4.3.1 does not have authorisation and CSRF checks in its mycred-tools-import-export AJAX action, allowing any authenticated user to call and and retrieve the list of email address present in the blog
🎖@cveNotify
WPScan
myCred < 2.4.4 - Subscriber+ Import/Export to Email Address Disclosure
See details on myCred < 2.4.4 - Subscriber+ Import/Export to Email Address Disclosure CVE 2022-1092. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2024-39072
AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnerable to SQL injection via manager/conference/calendar_remind.php.
🎖@cveNotify
AMTT Hotel Broadband Operation System (HiBOS) v3.0.3.151204 is vulnerable to SQL injection via manager/conference/calendar_remind.php.
🎖@cveNotify
🚨 CVE-2024-41476
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.
🎖@cveNotify
AMTT Hotel Broadband Operation System (HiBOS) V3.0.3.151204 and before is vulnerable to SQL Injection via /manager/card/card_detail.php.
🎖@cveNotify
Gist
CVE-2024-41476
CVE-2024-41476. GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2024-11050
A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
🚨 CVE-2024-11051
A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been classified as critical. Affected is an unknown function of the file /manager/frontdesk/online_status.php. The manipulation of the argument AccountID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been classified as critical. Affected is an unknown function of the file /manager/frontdesk/online_status.php. The manipulation of the argument AccountID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
🚨 CVE-2024-57880
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array
The code uses the initialised member of the asoc_sdw_dailink struct to
determine if a member of the array is in use. However in the case the
array is completely full this will lead to an access 1 past the end of
the array, expand the array by one entry to include a space for a
terminator.
🎖@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array
The code uses the initialised member of the asoc_sdw_dailink struct to
determine if a member of the array is in use. However in the case the
array is completely full this will lead to an access 1 past the end of
the array, expand the array by one entry to include a space for a
terminator.
🎖@cveNotify
🚨 CVE-2025-8963
A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated".
🎖@cveNotify
A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated".
🎖@cveNotify
GitHub
积木报表存在Postgre SQL JDBC RCE漏洞 · Issue #4010 · jeecgboot/jimureport
版本号: 最新版V2.1.1,<=2.1.1 问题描述: 积木报表BI大屏工作台的数据大屏模板,设计里添加数据源处通过测试数据源配置可以调用/drag/onlDragDataSource/testConnection接口,后端没有做任何限制,导致在连接Postgre SQL数据库时攻击者可以构造特殊的连接参数从而最终RCE 错误日志&截图: 重现步骤: 启动项目后访问http:...
🚨 CVE-2025-55293
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if (p.public_key.size > 0) {', clearing the existing publicKey (and resetting the size to 0) for a known node. Then a new key bypasses 'if (info->user.public_key.size > 0) {', and this malicious key is stored in NodeDB. This vulnerability is fixed in 2.6.3.
🎖@cveNotify
Meshtastic is an open source mesh networking solution. Prior to v2.6.3, an attacker can send NodeInfo with a empty publicKey first, then overwrite it with a new key. First sending a empty key bypasses 'if (p.public_key.size > 0) {', clearing the existing publicKey (and resetting the size to 0) for a known node. Then a new key bypasses 'if (info->user.public_key.size > 0) {', and this malicious key is stored in NodeDB. This vulnerability is fixed in 2.6.3.
🎖@cveNotify
GitHub
Fix NodeInfo exploit overwriting publicKey in NodeDB (#6372) · meshtastic/firmware@cf7f0f9
Co-authored-by: dfsx1 <dfsx1@users.noreply.github.com>
🚨 CVE-2025-53948
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.
🎖@cveNotify
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required.
🎖@cveNotify
🚨 CVE-2025-54156
The Sante PACS Server Web Portal sends credential information without encryption.
🎖@cveNotify
The Sante PACS Server Web Portal sends credential information without encryption.
🎖@cveNotify
🚨 CVE-2023-24676
An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code.
🎖@cveNotify
An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code.
🎖@cveNotify
Medium
CVE-2023-24676 | The Power of Remote File Inclusion in Proccesswire CMS
Whats is Processwire?
🚨 CVE-2024-9950
A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows
unauthenticated user to modify compliance scripts due to insecure temporary directory.
🎖@cveNotify
A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows
unauthenticated user to modify compliance scripts due to insecure temporary directory.
🎖@cveNotify
🚨 CVE-2025-51471
Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.
🎖@cveNotify
Cross-Domain Token Exposure in server.auth.getAuthorizationToken in Ollama 0.6.7 allows remote attackers to steal authentication tokens and bypass access controls via a malicious realm value in a WWW-Authenticate header returned by the /api/pull endpoint.
🎖@cveNotify
GitHub
GitHub - ollama/ollama: Get up and running with Kimi-K2.5, GLM-5, MiniMax, DeepSeek, gpt-oss, Qwen, Gemma and other models.
Get up and running with Kimi-K2.5, GLM-5, MiniMax, DeepSeek, gpt-oss, Qwen, Gemma and other models. - ollama/ollama
🚨 CVE-2025-46709
Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception.
🎖@cveNotify
Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception.
🎖@cveNotify
Imagination
Imagination GPU Driver Vulnerabilities - Imagination
This page contains summary details of security vulnerabilities reported on Imagination Technologies Power VR Graphics driver.
🚨 CVE-2025-45146
ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.
🎖@cveNotify
ModelCache for LLM through v0.2.0 was discovered to contain an deserialization vulnerability via the component /manager/data_manager.py. This vulnerability allows attackers to execute arbitrary code via supplying crafted data.
🎖@cveNotify
GitHub
Vulnerability-Research/CVE-2025-45146/README.md at main · EDMPL/Vulnerability-Research
This repository contains information on some CVEs that I found. - EDMPL/Vulnerability-Research
🚨 CVE-2025-50946
OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.
🎖@cveNotify
OS Command Injection in Olivetin 2025.4.22 Custom Themes via the ParseRequestURI function in service/internal/executor/arguments.go.
🎖@cveNotify
GitHub
GitHub - OliveTin/OliveTin: OliveTin gives safe and simple access to predefined shell commands from a web interface.
OliveTin gives safe and simple access to predefined shell commands from a web interface. - GitHub - OliveTin/OliveTin: OliveTin gives safe and simple access to predefined shell commands from a web...
🚨 CVE-2025-57164
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.
🎖@cveNotify
Flowise through v3.0.4 is vulnerable to remote code execution via unsanitized evaluation of user input in the "Supabase RPC Filter" field.
🎖@cveNotify
GitHub
GitHub - FlowiseAI/Flowise: Build AI Agents, Visually
Build AI Agents, Visually. Contribute to FlowiseAI/Flowise development by creating an account on GitHub.
🚨 CVE-2025-60514
Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts.
🎖@cveNotify
Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts.
🎖@cveNotify
GitHub
fix: query builder hotfix by MoShizzle · Pull Request #288 · tillywork/tillywork
Summary by CodeRabbit
Bug Fixes
Improved validation of field names to enhance query safety.
Enhanced handling of "in" and "nin" operators for safer and more c...
Bug Fixes
Improved validation of field names to enhance query safety.
Enhanced handling of "in" and "nin" operators for safer and more c...
🚨 CVE-2025-62419
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE values are directly concatenated into the JDBC URL without filtering illegal parameters. This allows an attacker to inject a malicious JDBC string into the HOSTNAME field to bypass previously patched vulnerabilities CVE-2025-57773 and CVE-2025-58045. The vulnerability is fixed in version 2.10.14. No known workarounds exist.
🎖@cveNotify
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC URL injection vulnerability exists in the DB2 and MongoDB data source configuration handlers. In the DB2 data source handler, when the extraParams field is empty, the HOSTNAME, PORT, and DATABASE values are directly concatenated into the JDBC URL without filtering illegal parameters. This allows an attacker to inject a malicious JDBC string into the HOSTNAME field to bypass previously patched vulnerabilities CVE-2025-57773 and CVE-2025-58045. The vulnerability is fixed in version 2.10.14. No known workarounds exist.
🎖@cveNotify
GitHub
fix: 修复 jdbc 漏洞 · dataease/dataease@bb320e4
🔥 人人可用的开源 BI 工具,数据可视化神器。An open-source BI tool alternative to Tableau. - fix: 修复 jdbc 漏洞 · dataease/dataease@bb320e4
🚨 CVE-2025-62420
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual connection URL. An attacker can provide a jdbcUrl that starts with jdbc:h2 while supplying a different jdbc field with an arbitrary JDBC driver and connection string. This allows an authenticated attacker to trigger arbitrary JDBC connections with malicious drivers, potentially leading to remote code execution. The vulnerability is fixed in version 2.10.14. No known workarounds exist.
🎖@cveNotify
DataEase is a data visualization and analytics platform. In DataEase versions through 2.10.13, a JDBC driver bypass vulnerability exists in the H2 database connection handler. The getJdbc function in H2.java checks if the jdbcUrl starts with jdbc:h2 but returns a separate jdbc field as the actual connection URL. An attacker can provide a jdbcUrl that starts with jdbc:h2 while supplying a different jdbc field with an arbitrary JDBC driver and connection string. This allows an authenticated attacker to trigger arbitrary JDBC connections with malicious drivers, potentially leading to remote code execution. The vulnerability is fixed in version 2.10.14. No known workarounds exist.
🎖@cveNotify
GitHub
fix: 修复 jdbc 漏洞 · dataease/dataease@bb320e4
🔥 人人可用的开源 BI 工具,数据可视化神器。An open-source BI tool alternative to Tableau. - fix: 修复 jdbc 漏洞 · dataease/dataease@bb320e4