🚨 CVE-2025-55082
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.
🎖@cveNotify
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was a potential out of bound read in _nx_secure_tls_process_clienthello() because of a missing validation of PSK length provided in the user message.
🎖@cveNotify
GitHub
Out of bound read and possible info leak in _nx_secure_tls_psk_identity_find()
The `_nx_secure_tls_psk_identity_find()` function is called to compare a psk identity string (that is extracted from a TLS hello client message) with identities that the TLS stack knows about. It l...
🚨 CVE-2025-55083
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
🎖@cveNotify
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check resulting it out by two out of bound read.
🎖@cveNotify
GitHub
Broken bounds check in _nx_secure_tls_process_clienthello_psk_extension() doesn't account for offset
The _nx_secure_tls_process_clienthello_psk_extension() function parses a list of id's. It checks to make sure there is enough data to read the list length, and if so, extracts the list length. ...
🚨 CVE-2025-55084
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.
🎖@cveNotify
In NetX Duo version before 6.4.4, the component of Eclipse Foundation ThreadX, there was an incorrect bound check in_nx_secure_tls_proc_clienthello_supported_versions_extension() in the extension version field.
🎖@cveNotify
GitHub
Off-by-one out of bound read in _nx_secure_tls_proc_clienthello_supported_versions_extension()
The _nx_secure_tls_proc_clienthello_supported_versions_extension() function parses out version extensions from a TLS packet. The extension format for this starts with a 1 byte length field, followe...
🚨 CVE-2025-55090
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.
🎖@cveNotify
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ipv4_packet_receive() function when received an Ethernet frame with less than 4 bytes of IP packet.
🎖@cveNotify
GitHub
Potential out of bound read issue in _nx_ipv4_packet_receive()
The _nx_ipv4_packet_receive() function is called to parse an IPv4 packet. It reads the header and then passes the data up to a higher level protocol (e.g., TCP, UDP, ...). At the start of the funct...
🚨 CVE-2025-55091
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.
🎖@cveNotify
In NetX Duo before 6.4.4, the networking support module for Eclipse Foundation ThreadX, there was a potential out of bound read issue in _nx_ip_packet_receive() function when received an Ethernet with type set as IP but no IP data.
🎖@cveNotify
GitHub
Potential out of bound read in _nx_ip_packet_receive()
The_nx_ip_packet_receive() function looks at the first byte in the IP header to determine the IP version, and calls v4 or v6 accordingly. There is no bounds check prior to reading the IP version. I...
🚨 CVE-2025-22166
This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center.
This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network.
Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.25
Confluence Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7
Confluence Data Center and Server 10.0: Upgrade to a release greater than or equal to 10.0.2
See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]).
This vulnerability was reported via our Atlassian (Internal) program.
🎖@cveNotify
This High severity DoS (Denial of Service) vulnerability was introduced in version 2.0 of Confluence Data Center.
This DoS (Denial of Service) vulnerability, with a CVSS Score of 8.3, allows an attacker to cause a resource to be unavailable for its intended users by temporarily or indefinitely disrupting services of a host connected to a network.
Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.25
Confluence Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.7
Confluence Data Center and Server 10.0: Upgrade to a release greater than or equal to 10.0.2
See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]).
This vulnerability was reported via our Atlassian (Internal) program.
🎖@cveNotify
Atlassian
Confluence Server Download Archives | Atlassian
Previous versions of Confluence Server are available for download. Some older versions may no longer be supported by Atlassian.
🚨 CVE-2025-11534
The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.
🎖@cveNotify
The affected Raisecom devices allow SSH sessions to be established without completing user authentication. This could allow attackers to gain shell access without valid credentials.
🎖@cveNotify
🚨 CVE-2025-60500
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a web-accessible directory.
🎖@cveNotify
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a web-accessible directory.
🎖@cveNotify
GitHub
GitHub - H4zaz/CVE-2025-60500: Exploit about School Management System 7.1 (Authenticated RCE)
Exploit about School Management System 7.1 (Authenticated RCE) - H4zaz/CVE-2025-60500
🚨 CVE-2025-60506
Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site scripting (XSS) via the Public Comments feature. An attacker with a low-privileged account (e.g., Student) can inject arbitrary JavaScript payloads into a comment. When any other user (Student, Teacher, or Admin) views the annotated PDF, the payload is executed in their browser, leading to session hijacking, credential theft, or other attacker-controlled actions.
🎖@cveNotify
Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site scripting (XSS) via the Public Comments feature. An attacker with a low-privileged account (e.g., Student) can inject arbitrary JavaScript payloads into a comment. When any other user (Student, Teacher, or Admin) views the annotated PDF, the payload is executed in their browser, leading to session hijacking, credential theft, or other attacker-controlled actions.
🎖@cveNotify
GitHub
GitHub - onurcangnc/moodle-xss-pdfannotator: The Moodle PDF Annotator plugin’s Public Comments feature doesn’t sanitize user input…
The Moodle PDF Annotator plugin’s Public Comments feature doesn’t sanitize user input before displaying it in the PDF viewer. This allows low-privileged users to store malicious JavaScript that exe...
🚨 CVE-2025-60511
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user's block (e.g., administrator) and send queries that are executed with that block's configuration. This can expose administrator-only Source of Truth entries, alter model behavior, and potentially misuse API resources.
🎖@cveNotify
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user's block (e.g., administrator) and send queries that are executed with that block's configuration. This can expose administrator-only Source of Truth entries, alter model behavior, and potentially misuse API resources.
🎖@cveNotify
Moodle
Online Learning With The World's Most Popular LMS - Moodle
Teach & learn better with Moodle: the best and most popular LMS for online teaching and learning management in K-12, higher education, and workplace
🚨 CVE-2025-60772
Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrator via crafted HTTP requests.
🎖@cveNotify
Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrator via crafted HTTP requests.
🎖@cveNotify
GitHub
vuln-reports/vendors/netlink/CVE-2025-60772/advisory.md at main · navy-birds-MRS/vuln-reports
Contribute to navy-birds-MRS/vuln-reports development by creating an account on GitHub.
🚨 CVE-2025-62518
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.
🎖@cveNotify
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.
🎖@cveNotify
Edera
CVE-2025-62518 Shows the Cost of Open Source Abandonware
Edera uncovers TARmageddon (CVE-2025-62518), a Rust async-tar RCE flaw exposing the real dangers of open-source abandonware and supply chain security.
🚨 CVE-2025-62595
Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation incorrectly treats some specially crafted URLs as safe relative paths. Exploiting this vulnerability could allow attackers to perform phishing, social engineering, or other redirect-based attacks on users of affected applications. This issue has been patched in version 3.0.3.
🎖@cveNotify
Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation incorrectly treats some specially crafted URLs as safe relative paths. Exploiting this vulnerability could allow attackers to perform phishing, social engineering, or other redirect-based attacks on users of affected applications. This issue has been patched in version 3.0.3.
🎖@cveNotify
GitHub
fix: normalize referer before redirect (#1908) · koajs/koa@769fd75
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
🚨 CVE-2025-62597
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the sql parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?sql=1. This issue has been patched in version 3.5.1.
🎖@cveNotify
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the sql parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?sql=1. This issue has been patched in version 3.5.1.
🎖@cveNotify
GitHub
Resolução XSS em editar_info_pessoal.php [Security https://github.com… · LabRedesCefetRJ/WeGIA@e41395f
…/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wqjv-fhc9-h7hm]
🚨 CVE-2025-62598
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the action parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?action=1. This issue has been patched in version 3.5.1.
🎖@cveNotify
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the action parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?action=1. This issue has been patched in version 3.5.1.
🎖@cveNotify
GitHub
Release 3.5.1 · LabRedesCefetRJ/WeGIA
What's Changed
Update SECURITY.md by @nilsonLazarin in #1183
Securities 250926 by @GabrielPintoSouza in #1188
Correção de bugs e vulnerabilidades ao longo dos dias 26/09 ao 08/10/2025 by @Gabr...
Update SECURITY.md by @nilsonLazarin in #1183
Securities 250926 by @GabrielPintoSouza in #1188
Correção de bugs e vulnerabilidades ao longo dos dias 26/09 ao 08/10/2025 by @Gabr...
🚨 CVE-2025-62605
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon internally treats reblogs as statuses. Since they were not special-treated, an attacker could reblog any post, then quote their reblog, technically quoting themselves, but having the quote feature a preview of the post they did not get authorization for with all of the affordances that would be otherwise denied by the quote controls. This issue has been patched in versions 4.4.8 and 4.5.0-beta.2.
🎖@cveNotify
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon internally treats reblogs as statuses. Since they were not special-treated, an attacker could reblog any post, then quote their reblog, technically quoting themselves, but having the quote feature a preview of the post they did not get authorization for with all of the affordances that would be otherwise denied by the quote controls. This issue has been patched in versions 4.4.8 and 4.5.0-beta.2.
🎖@cveNotify
GitHub
Merge commit from fork · mastodon/mastodon@2dc4552
* Add validation to reject quotes of reblogs
* Do not process quotes of reblogs as potentially valid quotes
* Refuse to serve quoted reblogs over REST API
* Do not process quotes of reblogs as potentially valid quotes
* Refuse to serve quoted reblogs over REST API
🚨 CVE-2025-60305
SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations.
🎖@cveNotify
SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations.
🎖@cveNotify
Sourcecodester
Free Source Code Projects and Tutorials - sourcecodester.com
Free Source Code Projects and Tutorials - Python, PHP, Visual Basic, C#, Java, JavaScript, C/C++, HTML/CSS, SQL
🚨 CVE-2025-60307
code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts.
🎖@cveNotify
code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts.
🎖@cveNotify
🚨 CVE-2025-46265
On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
F5
F5OS vulnerability CVE-2025-46265
Security Advisory Description On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. (CVE-2025-46265) Impact This vulnerability may allow a remote…
🚨 CVE-2025-52585
When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
F5
BIG-IP Client SSL profile vulnerability CVE-2025-52585
Security Advisory Description When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM)…
🚨 CVE-2025-53859
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
F5
NGINX ngx_mail_smtp_module vulnerability CVE-2025-53859
Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary…