๐จ CVE-2025-62294
SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time.
This issue was fixed in version 1.55.
๐@cveNotify
SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time.
This issue was fixed in version 1.55.
๐@cveNotify
cert.pl
Vulnerabilities in SOPlanning software
CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-62293 to 62297 and from 2025-62729 to CVE-2025-62731) found in SOPlanning software.
๐จ CVE-2025-62295
SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor.
This issue was fixed in version 1.55.
๐@cveNotify
SOPlanning is vulnerable to Stored XSS in /groupe_form endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor.
This issue was fixed in version 1.55.
๐@cveNotify
cert.pl
Vulnerabilities in SOPlanning software
CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-62293 to 62297 and from 2025-62729 to CVE-2025-62731) found in SOPlanning software.
๐จ CVE-2025-62296
SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor.
This issue was fixed in version 1.55.
๐@cveNotify
SOPlanning is vulnerable to Stored XSS in /taches endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening editor.
This issue was fixed in version 1.55.
๐@cveNotify
cert.pl
Vulnerabilities in SOPlanning software
CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-62293 to 62297 and from 2025-62729 to CVE-2025-62731) found in SOPlanning software.
๐จ CVE-2025-62297
SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page.
This issue was fixed in version 1.55.
๐@cveNotify
SOPlanning is vulnerable to Stored XSS in /projets endpoint. Malicious attacker with medium privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when opening edited page.
This issue was fixed in version 1.55.
๐@cveNotify
cert.pl
Vulnerabilities in SOPlanning software
CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-62293 to 62297 and from 2025-62729 to CVE-2025-62731) found in SOPlanning software.
๐จ CVE-2025-62729
SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages.
This issue was fixed in version 1.55.
๐@cveNotify
SOPlanning is vulnerable to Stored XSS in /status endpoint. Malicious attacker with an account can inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages.
This issue was fixed in version 1.55.
๐@cveNotify
cert.pl
Vulnerabilities in SOPlanning software
CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-62293 to 62297 and from 2025-62729 to CVE-2025-62731) found in SOPlanning software.
๐จ CVE-2025-62730
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this role to escalate to admin privileges. This issue affects both Bulk Update functionality and regular edition of user's right and privileges.
This issue was fixed in version 1.55.
๐@cveNotify
SOPlanning is vulnerable to Privilege Escalation in user management tab. Users with user_manage_team role are allowed to modify permissions of users. However, they are able to assign administrative permissions to any user including themselves. This allow a malicious authenticated attacker with this role to escalate to admin privileges. This issue affects both Bulk Update functionality and regular edition of user's right and privileges.
This issue was fixed in version 1.55.
๐@cveNotify
cert.pl
Vulnerabilities in SOPlanning software
CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-62293 to 62297 and from 2025-62729 to CVE-2025-62731) found in SOPlanning software.
๐จ CVE-2025-62731
SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is able to inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. By default only administrators and users with special privileges are able to access this endpoint.
This issue was fixed in version 1.55.
๐@cveNotify
SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is able to inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. By default only administrators and users with special privileges are able to access this endpoint.
This issue was fixed in version 1.55.
๐@cveNotify
cert.pl
Vulnerabilities in SOPlanning software
CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-62293 to 62297 and from 2025-62729 to CVE-2025-62731) found in SOPlanning software.
๐จ CVE-2025-44893
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function.
๐@cveNotify
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function.
๐@cveNotify
GitHub
GitHub - xyqer1/Planet-web_acl_mgmt_Rules_Apply_post-ruleName-StackOverflow
Contribute to xyqer1/Planet-web_acl_mgmt_Rules_Apply_post-ruleName-StackOverflow development by creating an account on GitHub.
๐จ CVE-2025-13177
A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
Cross-Site Request Forgery (CSRF) in Sales ERP Software leading to Account Takeover ยท Issue #1 ยท 4m3rr0r/PoCVulDb
[Cross-Site Request Forgery (CSRF)] in [Sales ERP Software] leading to Account Takeover ๐จโ๐ป BUG Author: 4m3rr0r ๐ฆ Product Information: Vendor Homepage: https://www.bdtask.com Software Link: https:/...
๐จ CVE-2025-13178
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
GitHub
Stored HTML Injection in Sales ERP Software leading to Phishing Risk ยท Issue #2 ยท 4m3rr0r/PoCVulDb
[Stored HTML Injection] in [Sales ERP Software] leading to Phishing Risk ๐จโ๐ป BUG Author: 4m3rr0r ๐ฆ Product Information: Vendor Homepage: https://www.bdtask.com Software Link: https://codecanyon.net...
๐จ CVE-2025-58122
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
๐@cveNotify
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
๐@cveNotify
Checkmk
Werk #18982: Fix permissions for notification parameter REST API endpoints
Before this fix the REST API endpoints to configure notification parameters, i.e. check_mk/api/1.0/objects/configuration_entity/*, lacked proper validation of user permis
๐จ CVE-2025-64996
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data.
๐@cveNotify
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data.
๐@cveNotify
Checkmk
Werk #18570: Inotify: do not override permissions in agent plugin
By overriding the umask value in the agent plugin, the permissions for the files
written out to /var/lib/check_mk_agent/mk_inotify.* were too permissive
(-rw-rw-rw), givi
written out to /var/lib/check_mk_agent/mk_inotify.* were too permissive
(-rw-rw-rw), givi
๐จ CVE-2025-63828
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
๐@cveNotify
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
๐@cveNotify
GitHub
GitHub - mertdurum06/BackdropCms-1.32.1: Host Header Injection
Host Header Injection. Contribute to mertdurum06/BackdropCms-1.32.1 development by creating an account on GitHub.
๐จ CVE-2025-64428
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.
๐@cveNotify
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.
๐@cveNotify
GitHub
fix: ใๆผๆดใDataEase DB2 JNDI Vulnerability ยท dataease/dataease@b7e585c
๐ฅ ไบบไบบๅฏ็จ็ๅผๆบ BI ๅทฅๅ
ท๏ผๆฐๆฎๅฏ่งๅ็ฅๅจใAn open-source BI tool alternative to Tableau. - fix: ใๆผๆดใDataEase DB2 JNDI Vulnerability ยท dataease/dataease@b7e585c
๐จ CVE-2025-65493
NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.
๐@cveNotify
NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.
๐@cveNotify
GitHub
Missing BIO_get_data() return value check ยท Issue #1743 ยท obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
๐จ CVE-2025-65494
NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
๐@cveNotify
NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
๐@cveNotify
GitHub
Missing sk_GENERAL_NAME_value() return value check ยท Issue #1745 ยท obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
๐จ CVE-2025-65495
Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
๐@cveNotify
Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
๐@cveNotify
GitHub
Missing i2d_X509() return value check ยท Issue #1744 ยท obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
๐จ CVE-2025-65496
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
๐@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
๐@cveNotify
GitHub
Missing sk_GENERAL_NAME_value() return value check ยท Issue #1745 ยท obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
๐จ CVE-2025-65497
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
๐@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
๐@cveNotify
GitHub
Missing sk_GENERAL_NAME_value() return value check ยท Issue #1745 ยท obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
๐จ CVE-2025-65498
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
๐@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
๐@cveNotify
GitHub
Missing SSL_get_SSL_CTX() return value check ยท Issue #1746 ยท obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
๐จ CVE-2025-65499
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
๐@cveNotify
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
๐@cveNotify
GitHub
Missing SSL_get_ex_data_X509_STORE_CTX_idx() return value check ยท Issue #1747 ยท obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...