🚨 CVE-2025-60500
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a web-accessible directory.
🎖@cveNotify
QDocs Smart School Management System 7.1 allows authenticated users with roles such as "accountant" or "admin" to bypass file type restrictions in the media upload feature by abusing the alternate YouTube URL option. This logic flaw permits uploading of arbitrary PHP files, which are stored in a web-accessible directory.
🎖@cveNotify
GitHub
GitHub - H4zaz/CVE-2025-60500: Exploit about School Management System 7.1 (Authenticated RCE)
Exploit about School Management System 7.1 (Authenticated RCE) - H4zaz/CVE-2025-60500
🚨 CVE-2025-60506
Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site scripting (XSS) via the Public Comments feature. An attacker with a low-privileged account (e.g., Student) can inject arbitrary JavaScript payloads into a comment. When any other user (Student, Teacher, or Admin) views the annotated PDF, the payload is executed in their browser, leading to session hijacking, credential theft, or other attacker-controlled actions.
🎖@cveNotify
Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site scripting (XSS) via the Public Comments feature. An attacker with a low-privileged account (e.g., Student) can inject arbitrary JavaScript payloads into a comment. When any other user (Student, Teacher, or Admin) views the annotated PDF, the payload is executed in their browser, leading to session hijacking, credential theft, or other attacker-controlled actions.
🎖@cveNotify
GitHub
GitHub - onurcangnc/moodle-xss-pdfannotator: The Moodle PDF Annotator plugin’s Public Comments feature doesn’t sanitize user input…
The Moodle PDF Annotator plugin’s Public Comments feature doesn’t sanitize user input before displaying it in the PDF viewer. This allows low-privileged users to store malicious JavaScript that exe...
🚨 CVE-2025-60511
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user's block (e.g., administrator) and send queries that are executed with that block's configuration. This can expose administrator-only Source of Truth entries, alter model behavior, and potentially misuse API resources.
🎖@cveNotify
Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user's block (e.g., administrator) and send queries that are executed with that block's configuration. This can expose administrator-only Source of Truth entries, alter model behavior, and potentially misuse API resources.
🎖@cveNotify
Moodle
Online Learning With The World's Most Popular LMS - Moodle
Teach & learn better with Moodle: the best and most popular LMS for online teaching and learning management in K-12, higher education, and workplace
🚨 CVE-2025-60772
Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrator via crafted HTTP requests.
🎖@cveNotify
Improper authentication in the web-based management interface of NETLINK HG322G V1.0.00-231017, allows a remote unauthenticated attacker to escalate privileges and lock out the legitimate administrator via crafted HTTP requests.
🎖@cveNotify
GitHub
vuln-reports/vendors/netlink/CVE-2025-60772/advisory.md at main · navy-birds-MRS/vuln-reports
Contribute to navy-birds-MRS/vuln-reports development by creating an account on GitHub.
🚨 CVE-2025-62518
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.
🎖@cveNotify
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. When processing archives with PAX-extended headers containing size overrides, the parser incorrectly advances stream position based on ustar header size (often zero) instead of the PAX-specified size, causing it to interpret file content as legitimate tar headers. This issue has been patched in version 0.5.6. There are no workarounds.
🎖@cveNotify
Edera
CVE-2025-62518 Shows the Cost of Open Source Abandonware
Edera uncovers TARmageddon (CVE-2025-62518), a Rust async-tar RCE flaw exposing the real dangers of open-source abandonware and supply chain security.
🚨 CVE-2025-62595
Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation incorrectly treats some specially crafted URLs as safe relative paths. Exploiting this vulnerability could allow attackers to perform phishing, social engineering, or other redirect-based attacks on users of affected applications. This issue has been patched in version 3.0.3.
🎖@cveNotify
Koa is expressive middleware for Node.js using ES2017 async functions. In versions 2.16.2 to before 2.16.3 and 3.0.1 to before 3.0.3, a bypass to CVE-2025-8129 was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation incorrectly treats some specially crafted URLs as safe relative paths. Exploiting this vulnerability could allow attackers to perform phishing, social engineering, or other redirect-based attacks on users of affected applications. This issue has been patched in version 3.0.3.
🎖@cveNotify
GitHub
fix: normalize referer before redirect (#1908) · koajs/koa@769fd75
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
🚨 CVE-2025-62597
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the sql parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?sql=1. This issue has been patched in version 3.5.1.
🎖@cveNotify
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the sql parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?sql=1. This issue has been patched in version 3.5.1.
🎖@cveNotify
GitHub
Resolução XSS em editar_info_pessoal.php [Security https://github.com… · LabRedesCefetRJ/WeGIA@e41395f
…/LabRedesCefetRJ/WeGIA/security/advisories/GHSA-wqjv-fhc9-h7hm]
🚨 CVE-2025-62598
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the action parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?action=1. This issue has been patched in version 3.5.1.
🎖@cveNotify
WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. Prior to version 3.5.1, a reflected cross-site scripting (XSS) vulnerability was identified in the editar_info_pessoal.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the action parameter. The vulnerable endpoint is GET /WeGIA/html/pessoa/editar_info_pessoal.php?action=1. This issue has been patched in version 3.5.1.
🎖@cveNotify
GitHub
Release 3.5.1 · LabRedesCefetRJ/WeGIA
What's Changed
Update SECURITY.md by @nilsonLazarin in #1183
Securities 250926 by @GabrielPintoSouza in #1188
Correção de bugs e vulnerabilidades ao longo dos dias 26/09 ao 08/10/2025 by @Gabr...
Update SECURITY.md by @nilsonLazarin in #1183
Securities 250926 by @GabrielPintoSouza in #1188
Correção de bugs e vulnerabilidades ao longo dos dias 26/09 ao 08/10/2025 by @Gabr...
🚨 CVE-2025-62605
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon internally treats reblogs as statuses. Since they were not special-treated, an attacker could reblog any post, then quote their reblog, technically quoting themselves, but having the quote feature a preview of the post they did not get authorization for with all of the affordances that would be otherwise denied by the quote controls. This issue has been patched in versions 4.4.8 and 4.5.0-beta.2.
🎖@cveNotify
Mastodon is a free, open-source social network server based on ActivityPub. In Mastodon version 4.4, support for verifiable quote posts with quote controls was added, but it is possible for an attacker to bypass these controls in Mastodon versions prior to 4.4.8 and 4.5.0-beta.2. Mastodon internally treats reblogs as statuses. Since they were not special-treated, an attacker could reblog any post, then quote their reblog, technically quoting themselves, but having the quote feature a preview of the post they did not get authorization for with all of the affordances that would be otherwise denied by the quote controls. This issue has been patched in versions 4.4.8 and 4.5.0-beta.2.
🎖@cveNotify
GitHub
Merge commit from fork · mastodon/mastodon@2dc4552
* Add validation to reject quotes of reblogs
* Do not process quotes of reblogs as potentially valid quotes
* Refuse to serve quoted reblogs over REST API
* Do not process quotes of reblogs as potentially valid quotes
* Refuse to serve quoted reblogs over REST API
🚨 CVE-2025-60305
SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations.
🎖@cveNotify
SourceCodester Online Student Clearance System 1.0 is vulnerable to Incorrect Access Control. The application contains a logic flaw which allows low privilege users can forge high privileged sessions and perform sensitive operations.
🎖@cveNotify
Sourcecodester
Free Source Code Projects and Tutorials - sourcecodester.com
Free Source Code Projects and Tutorials - Python, PHP, Visual Basic, C#, Java, JavaScript, C/C++, HTML/CSS, SQL
🚨 CVE-2025-60307
code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts.
🎖@cveNotify
code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts.
🎖@cveNotify
🚨 CVE-2025-46265
On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
F5
F5OS vulnerability CVE-2025-46265
Security Advisory Description On F5OS, an improper authorization vulnerability exists where remotely authenticated users (LDAP, RADIUS, TACACS+) may be authorized with higher privilege F5OS roles. (CVE-2025-46265) Impact This vulnerability may allow a remote…
🚨 CVE-2025-52585
When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
F5
BIG-IP Client SSL profile vulnerability CVE-2025-52585
Security Advisory Description When a BIG-IP LTM Client SSL profile is configured on a virtual server with SSL Forward Proxy enabled and Anonymous Diffie-Hellman (ADH) ciphers enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM)…
🚨 CVE-2025-53859
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary bytes sent in a request to the authentication server. This issue happens during the NGINX SMTP authentication process and requires the attacker to make preparations against the target system to extract the leaked data. The issue affects NGINX only if (1) it is built with the ngx_mail_smtp_module, (2) the smtp_auth directive is configured with method "none," and (3) the authentication server returns the "Auth-Wait" response header.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
F5
NGINX ngx_mail_smtp_module vulnerability CVE-2025-53859
Security Advisory Description NGINX Open Source and NGINX Plus have a vulnerability in the ngx_mail_smtp_module that might allow an unauthenticated attacker to over-read NGINX SMTP authentication process memory; as a result, the server side may leak arbitrary…
🚨 CVE-2025-0274
HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.
🎖@cveNotify
HCL BigFix Modern Client Management (MCM) 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.
🎖@cveNotify
Hcl-Software
Security Bulletin: HCL BigFix Modern Client Management and BigFix Mobile are affected by an improper access control vulnerability…
An improper access control vulnerability affects HCL BigFix Modern Client Management (MCM) and BigFix
🚨 CVE-2025-0275
HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.
🎖@cveNotify
HCL BigFix Mobile 3.3 and earlier is affected by improper access control. Unauthorized users can access a small subset of endpoint actions, potentially allowing access to select internal functions.
🎖@cveNotify
Hcl-Software
Security Bulletin: HCL BigFix Modern Client Management and BigFix Mobile are affected by an improper access control vulnerability…
An improper access control vulnerability affects HCL BigFix Modern Client Management (MCM) and BigFix
🚨 CVE-2025-0277
HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.
🎖@cveNotify
HCL BigFix Mobile 3.3 and earlier are vulnerable to certain insecure directives within the Content Security Policy (CSP). An attacker could trick users into performing actions by not properly restricting the sources of scripts and other content.
🎖@cveNotify
Hcl-Software
Security Bulletin: HCL BigFix Modern Client Management (MCM) and BigFix Mobile are affected by an insecure Content Security Policy…
An insecure Content Security Policy (CSP) affects HCL BigFix Modern Client Management (MCM) and BigFix
🚨 CVE-2025-24320
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix for CVE-2024-31156 https://my.f5.com/manage/s/article/K000138636 .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability is due to an incomplete fix for CVE-2024-31156 https://my.f5.com/manage/s/article/K000138636 .
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
F5
BIG-IP Configuration utility vulnerability CVE-2025-24320
Security Advisory Description A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user. This vulnerability…
🚨 CVE-2025-31644
When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command which may allow an authenticated attacker with administrator role privileges to execute arbitrary system commands. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
F5
Appliance mode BIG-IP iControl REST and tmsh vulnerability CVE-2025-31644
Security Advisory Description When running in Appliance mode, a command injection vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with administrator role privileges to execute…
🚨 CVE-2025-36504
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
F5
BIG-IP HTTP/2 vulnerability CVE-2025-36504
Security Advisory Description When a BIG-IP HTTP/2 httprouter profile is configured on a virtual server, undisclosed responses can cause an increase in memory resource utilization. (CVE-2025-36504) Impact System performance can degrade until the Traffic Management…
🚨 CVE-2025-36546
On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH private key.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
On an F5OS system, if the root user had previously configured the system to allow login via SSH key-based authentication, and then enabled Appliance Mode; access via SSH key-based authentication is still allowed. For an attacker to exploit this vulnerability they must obtain the root user's SSH private key.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
🎖@cveNotify
F5
F5OS Appliance Mode vulnerability CVE-2025-36546
Security Advisory Description On an F5OS system, if the root user configures the system to allow login using SSH key-based authentication and later enables appliance mode, the system still allows access using SSH key-based authentication. For an attacker…