๐จ CVE-2025-56499
Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file.
๐@cveNotify
Incorrect access control in mihomo v1.19.11 allows authenticated attackers with low-level privileges to read arbitrary files with elevated privileges via obtaining the external control key from the config file.
๐@cveNotify
GitHub
GitHub - Cherrling/CVE-2025-56499
Contribute to Cherrling/CVE-2025-56499 development by creating an account on GitHub.
๐จ CVE-2025-60455
Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code.
๐@cveNotify
Unsafe Deserialization vulnerability in Modular Max Serve before 25.6, specifically when the "--experimental-enable-kvcache-agent" feature is used allowing attackers to execute arbitrary code.
๐@cveNotify
๐จ CVE-2025-61661
A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.
๐@cveNotify
A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.
๐@cveNotify
๐จ CVE-2025-45236
A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.
๐@cveNotify
A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.
๐@cveNotify
๐จ CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password.
๐@cveNotify
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password.
๐@cveNotify
Gist
gist:11cd0cc46f0c806856f375f9f3f410c6
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2025-38369
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using
Running IDXD workloads in a container with the /dev directory mounted can
trigger a call trace or even a kernel panic when the parent process of the
container is terminated.
This issue occurs because, under certain configurations, Docker does not
properly propagate the mount replica back to the original mount point.
In this case, when the user driver detaches, the WQ is destroyed but it
still calls destroy_workqueue() attempting to completes all pending work.
It's necessary to check wq->wq and skip the drain if it no longer exists.
๐@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using
Running IDXD workloads in a container with the /dev directory mounted can
trigger a call trace or even a kernel panic when the parent process of the
container is terminated.
This issue occurs because, under certain configurations, Docker does not
properly propagate the mount replica back to the original mount point.
In this case, when the user driver detaches, the WQ is destroyed but it
still calls destroy_workqueue() attempting to completes all pending work.
It's necessary to check wq->wq and skip the drain if it no longer exists.
๐@cveNotify
๐จ CVE-2021-25779
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.
๐@cveNotify
Baby Care System v1.0 is vulnerable to SQL injection via the 'id' parameter on the contentsectionpage.php page.
๐@cveNotify
GitHub
Baby-Care-System/README.md at main ยท TCSWT/Baby-Care-System
Baby Care System in PHP/MySQLi with Full Source Code The Baby Care System is a web based system that is made up of PHP, JavaScript, CSS and MySQL for the database. - TCSWT/Baby-Care-System
๐จ CVE-2021-25780
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.
๐@cveNotify
An arbitrary file upload vulnerability has been identified in posts.php in Baby Care System 1.0. The vulnerability could be exploited by an remote attacker to upload content to the server, including PHP files, which could result in command execution and obtaining a shell.
๐@cveNotify
GitHub
Baby-Care-System/README.md at main ยท TCSWT/Baby-Care-System
Baby Care System in PHP/MySQLi with Full Source Code The Baby Care System is a web based system that is made up of PHP, JavaScript, CSS and MySQL for the database. - TCSWT/Baby-Care-System
๐จ CVE-2020-35752
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
๐@cveNotify
Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulnerability in the Edit Page tab through the Post title parameter.
๐@cveNotify
Exploit Database
Baby Care System 1.0 - 'Post title' Stored XSS
Baby Care System 1.0 - 'Post title' Stored XSS.. webapps exploit for PHP platform
๐จ CVE-2022-28420
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=.
๐@cveNotify
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via BabyCare/admin.php?id=theme&setid=.
๐@cveNotify
GitHub
bug_report/vendors/janobe/baby-care-system/SQLi-1.md at main ยท k0xx11/bug_report
Contribute to k0xx11/bug_report development by creating an account on GitHub.
๐จ CVE-2022-28421
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=posts&action=display&value=1&postid=.
๐@cveNotify
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=posts&action=display&value=1&postid=.
๐@cveNotify
GitHub
bug_report/vendors/janobe/baby-care-system/SQLi-2.md at main ยท k0xx11/bug_report
Contribute to k0xx11/bug_report development by creating an account on GitHub.
๐จ CVE-2022-28422
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=edit.
๐@cveNotify
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=edit.
๐@cveNotify
GitHub
bug_report/vendors/janobe/baby-care-system/SQLi-3.md at main ยท k0xx11/bug_report
Contribute to k0xx11/bug_report development by creating an account on GitHub.
๐จ CVE-2022-28423
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete.
๐@cveNotify
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&action=delete.
๐@cveNotify
GitHub
bug_report/vendors/janobe/baby-care-system/SQLi-4.md at main ยท k0xx11/bug_report
Contribute to k0xx11/bug_report development by creating an account on GitHub.
๐จ CVE-2022-28424
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=.
๐@cveNotify
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/posts.php&find=.
๐@cveNotify
GitHub
bug_report/vendors/janobe/baby-care-system/SQLi-5.md at main ยท k0xx11/bug_report
Contribute to k0xx11/bug_report development by creating an account on GitHub.
๐จ CVE-2022-28425
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=display&value=1&roleid=.
๐@cveNotify
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=display&value=1&roleid=.
๐@cveNotify
GitHub
bug_report/vendors/janobe/baby-care-system/SQLi-6.md at main ยท k0xx11/bug_report
Contribute to k0xx11/bug_report development by creating an account on GitHub.
๐จ CVE-2022-28426
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=edit&roleid=.
๐@cveNotify
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/pagerole.php&action=edit&roleid=.
๐@cveNotify
GitHub
bug_report/vendors/janobe/baby-care-system/SQLi-7.md at main ยท k0xx11/bug_report
Contribute to k0xx11/bug_report development by creating an account on GitHub.
๐จ CVE-2022-28427
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=read&msgid=.
๐@cveNotify
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=read&msgid=.
๐@cveNotify
GitHub
bug_report/vendors/janobe/baby-care-system/SQLi-9.md at main ยท k0xx11/bug_report
Contribute to k0xx11/bug_report development by creating an account on GitHub.
๐จ CVE-2022-28429
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=.
๐@cveNotify
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/inbox.php&action=delete&msgid=.
๐@cveNotify
GitHub
bug_report/vendors/janobe/baby-care-system/SQLi-10.md at main ยท k0xx11/bug_report
Contribute to k0xx11/bug_report development by creating an account on GitHub.
๐จ CVE-2022-28431
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2.
๐@cveNotify
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/siteoptions.php&social=remove&sid=2.
๐@cveNotify
GitHub
bug_report/vendors/janobe/baby-care-system/SQLi-12.md at main ยท k0xx11/bug_report
Contribute to k0xx11/bug_report development by creating an account on GitHub.
๐จ CVE-2022-28432
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2.
๐@cveNotify
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin.php?id=siteoptions&social=display&value=0&sid=2.
๐@cveNotify
GitHub
bug_report/vendors/janobe/baby-care-system/SQLi-13.md at main ยท k0xx11/bug_report
Contribute to k0xx11/bug_report development by creating an account on GitHub.
๐จ CVE-2022-28433
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=.
๐@cveNotify
Baby Care System v1.0 was discovered to contain a SQL injection vulnerability via /admin/uesrs.php&action=display&value=Show&userid=.
๐@cveNotify
GitHub
bug_report/vendors/janobe/baby-care-system/SQLi-16.md at main ยท k0xx11/bug_report
Contribute to k0xx11/bug_report development by creating an account on GitHub.