๐จ CVE-2025-10909
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
๐@cveNotify
A security flaw has been discovered in Mangati NovoSGA up to 2.2.9. The impacted element is an unknown function of the file /admin of the component SVG File Handler. Performing manipulation of the argument logoNavbar/logoLogin results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
๐@cveNotify
๐จ CVE-2025-11648
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TF_FQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability has been found in Tomofun Furbo 360 and Furbo Mini. Impacted is an unknown function of the file TF_FQDN.json of the component GATT Interface URL Handler. Such manipulation leads to server-side request forgery. The attack may be performed from remote. Attacks of this nature are highly complex. The exploitability is considered difficult. The firmware versions determined to be affected are Furbo 360 up to FB0035_FW_036 and Furbo Mini up to MC0020_FW_074. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
Furbo-Advisories/SSRF-via-BLE.md at main ยท dead1nfluence/Furbo-Advisories
Contribute to dead1nfluence/Furbo-Advisories development by creating an account on GitHub.
๐จ CVE-2025-40004
In the Linux kernel, the following vulnerability has been resolved:
net/9p: Fix buffer overflow in USB transport layer
A buffer overflow vulnerability exists in the USB 9pfs transport layer
where inconsistent size validation between packet header parsing and
actual data copying allows a malicious USB host to overflow heap buffers.
The issue occurs because:
- usb9pfs_rx_header() validates only the declared size in packet header
- usb9pfs_rx_complete() uses req->actual (actual received bytes) for
memcpy
This allows an attacker to craft packets with small declared size
(bypassing validation) but large actual payload (triggering overflow
in memcpy).
Add validation in usb9pfs_rx_complete() to ensure req->actual does not
exceed the buffer capacity before copying data.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
net/9p: Fix buffer overflow in USB transport layer
A buffer overflow vulnerability exists in the USB 9pfs transport layer
where inconsistent size validation between packet header parsing and
actual data copying allows a malicious USB host to overflow heap buffers.
The issue occurs because:
- usb9pfs_rx_header() validates only the declared size in packet header
- usb9pfs_rx_complete() uses req->actual (actual received bytes) for
memcpy
This allows an attacker to craft packets with small declared size
(bypassing validation) but large actual payload (triggering overflow
in memcpy).
Add validation in usb9pfs_rx_complete() to ensure req->actual does not
exceed the buffer capacity before copying data.
๐@cveNotify
๐จ CVE-2025-62577
ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.
๐@cveNotify
ETERNUS SF provided by Fsas Technologies Inc. contains an incorrect default permissions vulnerability. A low-privileged user with access to the management server may obtain database credentials, potentially allowing execution of OS commands with administrator privileges.
๐@cveNotify
jvn.jp
JVN#44266462: ETERNUS SF vulnerable to incorrect default permissions
Japan Vulnerability Notes
๐จ CVE-2025-5318
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
๐@cveNotify
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
๐@cveNotify
๐จ CVE-2025-31342
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.
๐@cveNotify
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file.
๐@cveNotify
zuso.ai
ZUSO Generation ๅฆๆขญไธไปฃ
็บๅฐ็ฃๆฌๅๅฐๆฅญไน่ณ่จๅฎๅ
จๆๅๆฅญ่
๏ผๆๅๅ้ๅ
ทๅ่ถ
้ 10 ๅนดไปฅไธ้งญๅฎขๆปๆๆๆณๅ่ฑๅฏๅจ่
ๅๆ็ถๆญท๏ผๅฐ็บไผๆฅญ็ต็นๆไพๅฎข่ฃฝๅ่ณๅฎๆๅ่งฃๆฑบๆนๆกใ
๐จ CVE-2025-57838
Some Honor products are affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Some Honor products are affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Honor
Security Advisory โ Information Leak Vulnerability in Honor Product - HONOR Global
Some Honor products are affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
๐จ CVE-2025-57839
Photo module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Photo module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Honor
Security Advisory โ Information Leak Vulnerability in Photo Module - HONOR Global
Photo module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
๐จ CVE-2025-61932
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
๐@cveNotify
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets.
๐@cveNotify
jvn.jp
JVN#86318557: Lanscope Endpoint Manager (On-Premises) vulnerable to improper verification of source of a communication channel
Japan Vulnerability Notes
๐จ CVE-2025-7759
A vulnerability was identified in thinkgem JeeSite up to 5.12.0. This vulnerability affects unknown code of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. Such manipulation of the argument Source leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The name of the patch is 1c5e49b0818037452148e0f8ff69ed04cb8fefdc. It is advisable to implement a patch to correct this issue.
๐@cveNotify
A vulnerability was identified in thinkgem JeeSite up to 5.12.0. This vulnerability affects unknown code of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. Such manipulation of the argument Source leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The name of the patch is 1c5e49b0818037452148e0f8ff69ed04cb8fefdc. It is advisable to implement a patch to correct this issue.
๐@cveNotify
GitHub
GitHub - MentalityXt/jeesite_ssrf
Contribute to MentalityXt/jeesite_ssrf development by creating an account on GitHub.
๐จ CVE-2025-41028
A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter โsEstadoUsrโ in โ/epsilonnetws/WSAvisos.asmxโ.
๐@cveNotify
A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter โsEstadoUsrโ in โ/epsilonnetws/WSAvisos.asmxโ.
๐@cveNotify
๐จ CVE-2025-57837
Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
๐@cveNotify
Honor
Security Advisory โ Information Leak Vulnerability in Tileservice Module - HONOR Global
Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
๐จ CVE-2025-8349
Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed without proper sanitisation when other users access it. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
๐@cveNotify
Cross-site Scripting (XSS) stored vulnerability in Tawk Live Chat. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by uploading a malicious PDF with JavaScript payload through the chatbot. The PDF is stored by the application and subsequently displayed without proper sanitisation when other users access it. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to perform actions on behalf of the user.
๐@cveNotify
www.incibe.es
Cross-Site Scripting (XSS) stored in Tawk Live Chat
INCIBE has coordinated the publication of a medium-severity vulnerability affecting Live Chat Tawk, a
๐จ CVE-2025-59287
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
๐@cveNotify
Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
๐@cveNotify
๐จ CVE-2025-56219
Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created.
๐@cveNotify
Incorrect access control in SigningHub v8.6.8 allows attackers to arbitrarily add user accounts without any rate limiting. This can lead to a resource exhaustion and a Denial of Service (DoS) when an excessively large number of user accounts are created.
๐@cveNotify
Ascertia
High-trust PKI & Digital Signature Solutions | Ascertia
High-trust PKI and digital signature software solutions powered by Ascertia. Learn more about our full product range for enterprise, government and TSPs:
๐จ CVE-2025-56223
A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files.
๐@cveNotify
A lack of rate limiting in the component /Home/UploadStreamDocument of SigningHub v8.6.8 allows attackers to cause a Denial of Service (DoS) via uploading an excessive number of files.
๐@cveNotify
Ascertia
High-trust PKI & Digital Signature Solutions | Ascertia
High-trust PKI and digital signature software solutions powered by Ascertia. Learn more about our full product range for enterprise, government and TSPs:
๐จ CVE-2025-56224
A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack.
๐@cveNotify
A lack of rate limiting in the One-Time Password (OTP) verification endpoint of SigningHub v8.6.8 allows attackers to bypass verification via a bruteforce attack.
๐@cveNotify
Ascertia
High-trust PKI & Digital Signature Solutions | Ascertia
High-trust PKI and digital signature software solutions powered by Ascertia. Learn more about our full product range for enterprise, government and TSPs:
๐จ CVE-2025-61454
A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who visits a malicious link or submits a crafted request.
๐@cveNotify
A Cross-Site Scripting (XSS) vulnerability exists in Bhabishya-123 E-commerce 1.0, specifically within the search endpoint. Unsanitized input in the /search parameter is directly reflected back into the response HTML, allowing attackers to execute arbitrary JavaScript in the browser of a user who visits a malicious link or submits a crafted request.
๐@cveNotify
GitHub
GitHub - tansique-17/CVE-2025-61454: Public Disclosure
Public Disclosure. Contribute to tansique-17/CVE-2025-61454 development by creating an account on GitHub.
๐จ CVE-2025-54263
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-94
๐จ CVE-2025-54264
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโs browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.
๐@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by a stored Cross-Site Scripting (XSS) Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victimโs browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue requires user interaction in that a victim must browse to the page containing the vulnerable field. Scope is changed.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-94
๐จ CVE-2025-54265
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-94