🚨 CVE-2025-59277
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Improper validation of specified type of input in Windows Authentication Methods allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2025-62707
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in pypdf version 6.1.3.
🎖@cveNotify
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in pypdf version 6.1.3.
🎖@cveNotify
GitHub
SEC: Avoid infinite loop when reading broken DCT-based inline images … · py-pdf/pypdf@f2864d6
…(#3501)
🚨 CVE-2025-62708
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3.
🎖@cveNotify
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3.
🎖@cveNotify
GitHub
SEC: Allow limiting size of LZWDecode streams (#3502) · py-pdf/pypdf@e51d078
A pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files - SEC: Allow limiting size of LZWDecode streams (#3502) · py-pdf/pypdf@e51d078
🚨 CVE-2025-50949
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
🎖@cveNotify
FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.
🎖@cveNotify
GitHub
fix memleak in function DlgCreate8 by xiaoxiaoafeifei · Pull Request #5491 · fontforge/fontforge
Bug fix
A memory leak issue exist in function DlgCreate8
LeakSanitizer result:
==340050==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7...
A memory leak issue exist in function DlgCreate8
LeakSanitizer result:
==340050==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7...
🚨 CVE-2025-50951
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.
🎖@cveNotify
FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.
🎖@cveNotify
GitHub
fix memleak in function utf7toutf8_copy by xiaoxiaoafeifei · Pull Request #5495 · fontforge/fontforge
Bug fix
A memory leak issue exist in function utf7toutf8_copy
LeakSanitizer result:
==821283==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 140 byte(s) in 4 object(s) allocated from:
...
A memory leak issue exist in function utf7toutf8_copy
LeakSanitizer result:
==821283==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 140 byte(s) in 4 object(s) allocated from:
...
🚨 CVE-2025-61755
Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
🎖@cveNotify
Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
🎖@cveNotify
🚨 CVE-2025-11957
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests.
🎖@cveNotify
Improper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to self-approve or approve the temporary access requests of other users and gain unauthorized access to vaults and entries via crafted API requests.
🎖@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
🚨 CVE-2025-11958
An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticated user to cause a denial of service to the Security Dashboard via a crafted request.
🎖@cveNotify
An improper input validation in the Security Dashboard ignored-tasks API of Devolutions Server 2025.2.15.0 and earlier allows an authenticated user to cause a denial of service to the Security Dashboard via a crafted request.
🎖@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
🚨 CVE-2025-62513
OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted (HMAC'd). This impacts those using the ACME functionality of PKI, resulting in short-lived ACME verification challenge codes being leaked in the audit logs. Additionally, this impacts those using the OIDC issuer functionality of the identity subsystem, auth and token response codes along with claims could be leaked in the audit logs. ACME verification codes are not usable after verification or challenge expiry so are of limited long-term use. This issue has been patched in OpenBao 2.4.2.
🎖@cveNotify
OpenBao is an open source identity-based secrets management system. In versions 2.2.0 to 2.4.1, OpenBao's audit log experienced a regression wherein raw HTTP bodies used by few endpoints were not correctly redacted (HMAC'd). This impacts those using the ACME functionality of PKI, resulting in short-lived ACME verification challenge codes being leaked in the audit logs. Additionally, this impacts those using the OIDC issuer functionality of the identity subsystem, auth and token response codes along with claims could be leaked in the audit logs. ACME verification codes are not usable after verification or challenge expiry so are of limited long-term use. This issue has been patched in OpenBao 2.4.2.
🎖@cveNotify
GitHub
Refactor audit log formatting due to copy (#2002) · openbao/openbao@cc2c476
* Refactor audit log formatting due to copy
When cloning the to be logged structure, the audit subsystem attempted
to walk the original copy, modifying values in the cloned. This resulted
in a few...
When cloning the to be logged structure, the audit subsystem attempted
to walk the original copy, modifying values in the cloned. This resulted
in a few...
🚨 CVE-2025-62705
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2.
🎖@cveNotify
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.2, OpenBao's audit log did not appropriately redact fields when relevant subsystems sent []byte response parameters rather than strings. This includes, but is not limited to sys/raw with use of encoding=base64, all data would be emitted unredacted to the audit log, and Transit, when performing a signing operation with a derived Ed25519 key, would emit public keys to the audit log. This issue has been patched in OpenBao 2.4.2.
🎖@cveNotify
GitHub
Refactor audit log formatting due to copy (#2002) · openbao/openbao@cc2c476
* Refactor audit log formatting due to copy
When cloning the to be logged structure, the audit subsystem attempted
to walk the original copy, modifying values in the cloned. This resulted
in a few...
When cloning the to be logged structure, the audit subsystem attempted
to walk the original copy, modifying values in the cloned. This resulted
in a few...
🚨 CVE-2025-12210
A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
🎖@cveNotify
A vulnerability was identified in Tenda O3 1.0.0.10(2478). Affected by this vulnerability is the function SetValue/GetValue of the file /goform/AdvSetLanip. The manipulation of the argument lanIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
🎖@cveNotify
GitHub
IoT-vulnerable/Tenda/O3v2.0/AdvSetLanip.md at main · noahze01/IoT-vulnerable
Contribute to noahze01/IoT-vulnerable development by creating an account on GitHub.
🔥1
🚨 CVE-2024-52963
A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.
🎖@cveNotify
A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets.
🎖@cveNotify
FortiGuard Labs
PSIRT | FortiGuard Labs
None
🚨 CVE-2025-30950
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham All Currencies for WooCommerce woocommerce-all-currencies allows Stored XSS.This issue affects All Currencies for WooCommerce: from n/a through 2.4.3.
🎖@cveNotify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Wham All Currencies for WooCommerce woocommerce-all-currencies allows Stored XSS.This issue affects All Currencies for WooCommerce: from n/a through 2.4.3.
🎖@cveNotify
🚨 CVE-2025-34132
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allowing remote attackers to inject and execute arbitrary commands as root by supplying specially crafted XML data to the DVRPOST interface.
🎖@cveNotify
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allowing remote attackers to inject and execute arbitrary commands as root by supplying specially crafted XML data to the DVRPOST interface.
🎖@cveNotify
360 Netlab Blog - Network Security Research Lab at 360
LILIN DVR 在野0-day 漏洞分析报告
本文作者:马延龙,涂凌鸣,叶根深,刘宏达
当我们研究Botnet时,我们一般看到的是攻击者通过N-day漏洞植入Bot程序。但慢慢的,我们看到一个新的趋势,一些攻击者开始更多地利用0-day漏洞发起攻击,利用手段也越发成熟。我们希望安全社区关注到这一现象,积极合作共同应对0-day漏洞攻击威胁。
背景介绍
从2019年8月30号开始,360Netlab未知威胁检测系统持续监测到多个攻击团伙使用LILIN DVR 0-day漏洞传播Chalubo[1],FBot[2],Moobot[3]僵尸网络。…
当我们研究Botnet时,我们一般看到的是攻击者通过N-day漏洞植入Bot程序。但慢慢的,我们看到一个新的趋势,一些攻击者开始更多地利用0-day漏洞发起攻击,利用手段也越发成熟。我们希望安全社区关注到这一现象,积极合作共同应对0-day漏洞攻击威胁。
背景介绍
从2019年8月30号开始,360Netlab未知威胁检测系统持续监测到多个攻击团伙使用LILIN DVR 0-day漏洞传播Chalubo[1],FBot[2],Moobot[3]僵尸网络。…
🚨 CVE-2025-27222
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file that is accessible by the TRUfusion user and can also be used to leak cleartext passwords of TRUfusion Enterprise itself.
🎖@cveNotify
TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file that is accessible by the TRUfusion user and can also be used to leak cleartext passwords of TRUfusion Enterprise itself.
🎖@cveNotify
GitHub
advisories/CVEs/CVE-2025-27222.txt at master · MrTuxracer/advisories
Security Advisories. Contribute to MrTuxracer/advisories development by creating an account on GitHub.
🚨 CVE-2025-12316
A vulnerability was identified in code-projects Courier Management System 1.0. This impacts an unknown function of the file /courier/edit-courier.php. The manipulation of the argument OfficeName leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
🎖@cveNotify
A vulnerability was identified in code-projects Courier Management System 1.0. This impacts an unknown function of the file /courier/edit-courier.php. The manipulation of the argument OfficeName leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
🎖@cveNotify
🚨 CVE-2025-12322
A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
🎖@cveNotify
A flaw has been found in Tenda CH22 1.0.0.1. Affected by this issue is the function fromNatStaticSetting of the file /goform/NatStaticSetting. Executing manipulation of the argument page can lead to buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be used.
🎖@cveNotify
GitHub
Shenzhen Jixiang Tengda Technology Co., Ltd. Router CH22 V1.0.0.1 /goform/NatStaticSetting Buffer Overflow Vulnerability · Issue…
NAME OF AFFECTED PRODUCT(S) Tenda Router CH22 V1.0.0.1 - Buffer Overflow in /goform/NatStaticSetting Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technology Co., Ltd. Pro...
🚨 CVE-2025-12328
A vulnerability was identified in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. Impacted is an unknown function of the file /contestproblem.php. Such manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was identified in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. Impacted is an unknown function of the file /contestproblem.php. Such manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
🚨 CVE-2025-12329
A security flaw has been discovered in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. The affected element is an unknown function of the file /details.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A security flaw has been discovered in shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5. The affected element is an unknown function of the file /details.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
🚨 CVE-2025-12330
A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
🎖@cveNotify
A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
🎖@cveNotify
GitHub
Possible Stored XSS in Willow CMS v1.4.0 - exploitable by users with admin privileges · Issue #131 · matthewdeaves/willow
Possible Stored XSS in Willow CMS v1.4.0. Admin users can store malicious content that is rendered on the homepage, causing script execution in every visitor’s/browser’s context. Impact: Remote scr...
🚨 CVE-2025-12331
A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
GitHub
Possible PHP webshell upload → Remote Code Execution in Willow CMS v1.4.0 (requires admin privileges) · Issue #132 · matthewdeaves/willow
Possible file upload vulnerability in Willow CMS v1.4.0 that allows an admin user to upload a PHP webshell, leading to remote code execution (RCE) on the server. Impact: Remote code execution on th...