🚨 CVE-2025-9225
Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser
🎖@cveNotify
Stored cross-site scripting (XSS) in the web interface of MiR software versions prior to 3.0.0 on MiR Robots and MiR Fleet allows execution of arbitrary JavaScript code in a victim’s browser
🎖@cveNotify
Mobile-Industrial-Robots
Cross-site scripting
MiR software versions prior to version 3.0.0 are affected by a stored cross-site scripting (XSS) vulnerability. If triggered by a logged in user, it could allow execution of arbitrary JavaScript code on a victim browser.
🚨 CVE-2025-9228
MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes,
allowing low-privilege users to create notes which are intended only for administrative users.
🎖@cveNotify
MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes,
allowing low-privilege users to create notes which are intended only for administrative users.
🎖@cveNotify
Mobile-Industrial-Robots
Insufficient authorization when creating notes
MiR software versions prior to version 3.0.0 have insufficient authorization controls when creating text notes, allowing low-privilege users to create notes which are intended only for administrative users.
🚨 CVE-2025-9229
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.
🎖@cveNotify
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.
🎖@cveNotify
Mobile-Industrial-Robots
MSA-17: Information Disclosure
MiR software versions prior to version 3.0.0 are affected by an information disclosure vulnerability. An unauthenticated attacker is able to view error pages which include unnecessarily detailed error information, such as file paths and other data. Such unnecessarily…
🚨 CVE-2025-12616
A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used.
🎖@cveNotify
A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used.
🎖@cveNotify
GitHub
News-Portal-Python-Django-Project/Information Disclosure via Debug Mode.md at main · NishantKumar-CSE/News-Portal-Python-Django…
Contribute to NishantKumar-CSE/News-Portal-Python-Django-Project development by creating an account on GitHub.
🚨 CVE-2025-12617
A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/login_crud.php. Executing manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
🎖@cveNotify
A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/login_crud.php. Executing manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
🎖@cveNotify
Itsourcecode.com
A Website of Free Source Code, online compiler, references, easy to learn Tutorials in various programming languages like Java, PHP, Python, VB.Net, C, C++, etc.
🚨 CVE-2025-5318
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
🎖@cveNotify
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
🎖@cveNotify
🚨 CVE-2025-48703
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
🎖@cveNotify
CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1205 allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known.
🎖@cveNotify
Fenrisk
Remote code execution in CentOS Web Panel - CVE-2025-48703
Security experts
🚨 CVE-2025-12618
A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
Baidu
百度网盘 请输入提取码
百度网盘为您提供文件的网络备份、同步和分享服务。空间大、速度快、安全稳固,支持教育网加速,支持手机端。注册使用百度网盘即可享受免费存储空间
🚨 CVE-2025-12619
A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
🎖@cveNotify
A vulnerability was found in Tenda A15 15.13.07.13. Affected is the function fromSetWirelessRepeat of the file /goform/openNetworkGateway. The manipulation of the argument wpapsk_crypto2_4g results in buffer overflow. The attack can be launched remotely. The exploit has been made public and could be used.
🎖@cveNotify
Baidu
百度网盘 请输入提取码
百度网盘为您提供文件的网络备份、同步和分享服务。空间大、速度快、安全稳固,支持教育网加速,支持手机端。注册使用百度网盘即可享受免费存储空间
🚨 CVE-2025-11371
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.
This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
🎖@cveNotify
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild.
This issue impacts Gladinet CentreStack and Triofox: All versions prior to and including 16.7.10368.56560
🎖@cveNotify
Huntress
Active Exploitation of Gladinet CentreStack and Triofox | Huntress
Huntress has observed in-the-wild exploitation of a Local File Inclusion vulnerability in Gladinet CentreStack and Triofox products.
🚨 CVE-2025-62232
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access.
It has been fixed in the following commit: https://github.com/apache/apisix/pull/12629
Users are recommended to upgrade to version 3.14, which fixes this issue.
🎖@cveNotify
Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords written to error logs and forwarded to log sinks when log level is INFO/DEBUG. This creates a high risk of credential compromise through log access.
It has been fixed in the following commit: https://github.com/apache/apisix/pull/12629
Users are recommended to upgrade to version 3.14, which fixes this issue.
🎖@cveNotify
🚨 CVE-2025-12622
A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
Baidu
百度网盘 请输入提取码
百度网盘为您提供文件的网络备份、同步和分享服务。空间大、速度快、安全稳固,支持教育网加速,支持手机端。注册使用百度网盘即可享受免费存储空间
🚨 CVE-2025-36091
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.
🎖@cveNotify
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment.
🎖@cveNotify
Ibm
Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for October 2025.
Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF005 and 25.0.0-IF002. These vulnerabilities have been also addressed in 24.0.1-IF005.
🚨 CVE-2025-43335
The issue was addressed by adding additional logic. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.
🎖@cveNotify
The issue was addressed by adding additional logic. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app may be able to access user-sensitive data.
🎖@cveNotify
Apple Support
About the security content of macOS Sequoia 15.7.2 - Apple Support
This document describes the security content of macOS Sequoia 15.7.2.
🚨 CVE-2025-43336
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app with root privileges may be able to access private information.
🎖@cveNotify
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8.2, macOS Sequoia 15.7.2. An app with root privileges may be able to access private information.
🎖@cveNotify
Apple Support
About the security content of macOS Sequoia 15.7.2 - Apple Support
This document describes the security content of macOS Sequoia 15.7.2.
🚨 CVE-2024-25567
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
🎖@cveNotify
Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten.
🎖@cveNotify
🚨 CVE-2024-28045
Improper neutralization of input within the affected product could lead to cross-site scripting.
🎖@cveNotify
Improper neutralization of input within the affected product could lead to cross-site scripting.
🎖@cveNotify
👍1