π¨ CVE-2025-59043
OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and deserialized memory usage, similar to a zip bomb, with factors reaching approximately 35. This can be used to circumvent the max_request_size configuration parameter which is intended to protect against denial of service attacks. The request body is parsed into a map very early in the request handling chain before authentication, which means an unauthenticated attacker can send a specifically crafted JSON object and cause an out-of-memory crash. Additionally, for requests with large numbers of strings, the audit subsystem can consume large quantities of CPU. The vulnerability is fixed in version 2.4.1.
π@cveNotify
OpenBao is an open source identity-based secrets management system. In OpenBao versions prior to 2.4.1, JSON objects after decoding may use significantly more memory than their serialized version. It is possible to craft a JSON payload to maximize the factor between serialized memory usage and deserialized memory usage, similar to a zip bomb, with factors reaching approximately 35. This can be used to circumvent the max_request_size configuration parameter which is intended to protect against denial of service attacks. The request body is parsed into a map very early in the request handling chain before authentication, which means an unauthenticated attacker can send a specifically crafted JSON object and cause an out-of-memory crash. Additionally, for requests with large numbers of strings, the audit subsystem can consume large quantities of CPU. The vulnerability is fixed in version 2.4.1.
π@cveNotify
GitHub
openbao/http/logical.go at 788536bd3e10818a7b4fb00aac6affc23388e5a9 Β· openbao/openbao
OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. - openbao/openbao
π¨ CVE-2022-4533
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.
π@cveNotify
The Limit Login Attempts Plus plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 1.1.0. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address or country from logging in.
π@cveNotify
π¨ CVE-2025-47819
Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.
π@cveNotify
Flock Safety Gunshot Detection devices before 1.3 have an on-chip debug interface with improper access control.
π@cveNotify
GainSec
Bird Hunting Season - Security Research on Flock Safety's Anti-Crime Systems - GainSec
All research was performed against a unit I owned and we did not and do not have any intention of disrupting any existing infrastructure. All disclosures are intended for research purposes only, on devices the researcher owns. This is a introduction and overviewβ¦
π¨ CVE-2025-47820
Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.
π@cveNotify
Flock Safety Gunshot Detection devices before 1.3 have cleartext storage of code.
π@cveNotify
GainSec
Bird Hunting Season - Security Research on Flock Safety's Anti-Crime Systems - GainSec
All research was performed against a unit I owned and we did not and do not have any intention of disrupting any existing infrastructure. All disclosures are intended for research purposes only, on devices the researcher owns. This is a introduction and overviewβ¦
π¨ CVE-2025-59403
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include but are not limited to: /reboot, /logs, /crashpack, and /adb/enable. This results in multiple impacts including denial of service (DoS) via /reboot, information disclosure via /logs, and remote code execution (RCE) via /adb/enable. The latter specifically results in adb being started over TCP without debugging confirmation, providing an attacker in the LAN/WLAN with shell access.
π@cveNotify
The Flock Safety Android Collins application (aka com.flocksafety.android.collins) 6.35.31 for Android lacks authentication. It is responsible for the camera feed on Falcon, Sparrow, and Bravo devices, but exposes administrative API endpoints on port 8080 without authentication. Endpoints include but are not limited to: /reboot, /logs, /crashpack, and /adb/enable. This results in multiple impacts including denial of service (DoS) via /reboot, information disclosure via /logs, and remote code execution (RCE) via /adb/enable. The latter specifically results in adb being started over TCP without debugging confirmation, providing an attacker in the LAN/WLAN with shell access.
π@cveNotify
GainSec
Fly-By - Device 2: The Falcon/Sparrow - Gated Wireless RCE, Camera Feed, DoS, Information Disclosure and More - GainSec
Covering the next batch of disclosures in regards to my Flock Safety security research.
π¨ CVE-2025-59405
The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover the OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.
π@cveNotify
The Flock Safety Peripheral com.flocksafety.android.peripheral application 7.38.3 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) contains a cleartext DataDog API key within in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover the OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.
π@cveNotify
GainSec
Fly-By - Device 2: The Falcon/Sparrow - Gated Wireless RCE, Camera Feed, DoS, Information Disclosure and More - GainSec
Covering the next batch of disclosures in regards to my Flock Safety security research.
π¨ CVE-2025-59406
The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.
π@cveNotify
The Flock Safety Pisco com.flocksafety.android.pisco application 6.21.11 for Android (installed on Falcon and Sparrow License Plate Readers and Bravo Edge AI Compute Devices) has a cleartext Auth0 client secret in its codebase. Because application binaries can be trivially decompiled or inspected, attackers can recover this OAuth secret without special privileges. This secret is intended to remain confidential and should never be embedded directly in client-side software.
π@cveNotify
GainSec
Fly-By - Device 2: The Falcon/Sparrow - Gated Wireless RCE, Camera Feed, DoS, Information Disclosure and More - GainSec
Covering the next batch of disclosures in regards to my Flock Safety security research.
π₯1
π¨ CVE-2025-2322
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been classified as critical. This affects an unknown part of the file /chatgpt-boot/src/main/java/org/springblade/modules/mjkj/controller/OpenController.java. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2025-2323
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to enforcement of behavioral workflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in 274056675 springboot-openai-chatgpt e84f6f5. It has been declared as problematic. This vulnerability affects the function updateQuestionCou of the file /api/mjkj-chat/chat/mng/update/questionCou of the component Number of Question Handler. The manipulation leads to enforcement of behavioral workflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
π¨ CVE-2024-55604
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a list of datasources in a workspace they're a member of. This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. The attacker needs to have been invited to a workspace as a "viewer", by someone in that workspace with access to invite. The attacker then needs to be able to signup/login to that Appsmith instance. The issue is patched in version 1.51. No known workarounds are available.
π@cveNotify
Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a list of datasources in a workspace they're a member of. This information disclosure does NOT expose sensitive data in the datasources, such as database passwords and API Keys. The attacker needs to have been invited to a workspace as a "viewer", by someone in that workspace with access to invite. The attacker then needs to be able to signup/login to that Appsmith instance. The issue is patched in version 1.51. No known workarounds are available.
π@cveNotify
GitHub
Broken Access Control Allows Viewer Role User to Query Datasources
Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet app viewers are able to get a list of ...
π¨ CVE-2025-31332
Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause service downtime hence leading to a high impact on integrity and availability. However, this vulnerability does not disclose any sensitive data.
π@cveNotify
Due to insecure file permissions in SAP BusinessObjects Business Intelligence Platform, an attacker who has local access to the system could modify files potentially disrupting operations or cause service downtime hence leading to a high impact on integrity and availability. However, this vulnerability does not disclose any sensitive data.
π@cveNotify
π¨ CVE-2025-47818
Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.
π@cveNotify
Flock Safety Gunshot Detection devices before 1.3 have a hard-coded password for a connection.
π@cveNotify
GainSec
Bird Hunting Season - Security Research on Flock Safety's Anti-Crime Systems - GainSec
All research was performed against a unit I owned and we did not and do not have any intention of disrupting any existing infrastructure. All disclosures are intended for research purposes only, on devices the researcher owns. This is a introduction and overviewβ¦
π¨ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
π¨ CVE-2025-60548
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.
π@cveNotify
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formLanSetupRouterSettings.
π@cveNotify
GitHub
DLINK-DIR600LAx-Vulnerability/01-buffer overflow-formLanSetupRouterSettings.md at main Β· luckysmallbird/DLINK-DIR600LAx-Vulnerability
Contribute to luckysmallbird/DLINK-DIR600LAx-Vulnerability development by creating an account on GitHub.
π¨ CVE-2025-60553
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.
π@cveNotify
D-Link DIR600L Ax FW116WWb01 was discovered to contain a buffer overflow via the curTime parameter in the function formSetWAN_Wizard52.
π@cveNotify
GitHub
DLINK-DIR600LAx-Vulnerability/03-buffer overflow-formSetWAN_Wizard52.md at main Β· luckysmallbird/DLINK-DIR600LAx-Vulnerability
Contribute to luckysmallbird/DLINK-DIR600LAx-Vulnerability development by creating an account on GitHub.
π¨ CVE-2025-60803
Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register.
π@cveNotify
Antabot White-Jotter up to commit 9bcadc was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the component /api/aaa;/../register.
π@cveNotify
GitHub
There is an Unauthenticated Remote Command Execution in White-Jotter Β· Issue #162 Β· Antabot/White-Jotter
[Suggested description] White-Jotter contains an unauthenticated remote command execution vulnerability caused by improper access control in Shiro configuration combined with unsafe log4j. [Vulnera...
π¨ CVE-2025-60729
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function
π@cveNotify
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function
π@cveNotify
π¨ CVE-2025-60730
PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function
π@cveNotify
PerfreeBlog v4.0.11 has an arbitrary file deletion vulnerability in the unInstallTheme function
π@cveNotify
π¨ CVE-2025-60731
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function
π@cveNotify
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installTheme function
π@cveNotify
π¨ CVE-2025-60735
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function
π@cveNotify
PerfreeBlog v4.0.11 has a File Upload vulnerability in the installPlugin function
π@cveNotify
π₯1
π¨ CVE-2022-49724
In the Linux kernel, the following vulnerability has been resolved:
tty: goldfish: Fix free_irq() on remove
Pass the correct dev_id to free_irq() to fix this splat when the driver
is unbound:
WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq
Trying to free already-free IRQ 65
Call Trace:
warn_slowpath_fmt
free_irq
goldfish_tty_remove
platform_remove
device_remove
device_release_driver_internal
device_driver_detach
unbind_store
drv_attr_store
...
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
tty: goldfish: Fix free_irq() on remove
Pass the correct dev_id to free_irq() to fix this splat when the driver
is unbound:
WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq
Trying to free already-free IRQ 65
Call Trace:
warn_slowpath_fmt
free_irq
goldfish_tty_remove
platform_remove
device_remove
device_release_driver_internal
device_driver_detach
unbind_store
drv_attr_store
...
π@cveNotify