🚨 CVE-2025-62731
SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is able to inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. By default only administrators and users with special privileges are able to access this endpoint.
This issue was fixed in version 1.55.
🎖@cveNotify
SOPlanning is vulnerable to Stored XSS in /feries endpoint. Malicious attacker with access to public holidays feature is able to inject arbitrary HTML and JS into website, which will be rendered/executed when opening multiple pages. By default only administrators and users with special privileges are able to access this endpoint.
This issue was fixed in version 1.55.
🎖@cveNotify
cert.pl
Vulnerabilities in SOPlanning software
CERT Polska has received a report about 8 vulnerabilities (from CVE-2025-62293 to 62297 and from 2025-62729 to CVE-2025-62731) found in SOPlanning software.
🚨 CVE-2025-44893
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function.
🎖@cveNotify
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the ruleNamekey parameter in the web_acl_mgmt_Rules_Apply_post function.
🎖@cveNotify
GitHub
GitHub - xyqer1/Planet-web_acl_mgmt_Rules_Apply_post-ruleName-StackOverflow
Contribute to xyqer1/Planet-web_acl_mgmt_Rules_Apply_post-ruleName-StackOverflow development by creating an account on GitHub.
🚨 CVE-2025-13177
A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Cross-Site Request Forgery (CSRF) in Sales ERP Software leading to Account Takeover · Issue #1 · 4m3rr0r/PoCVulDb
[Cross-Site Request Forgery (CSRF)] in [Sales ERP Software] leading to Account Takeover 👨💻 BUG Author: 4m3rr0r 📦 Product Information: Vendor Homepage: https://www.bdtask.com Software Link: https:/...
🚨 CVE-2025-13178
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Stored HTML Injection in Sales ERP Software leading to Phishing Risk · Issue #2 · 4m3rr0r/PoCVulDb
[Stored HTML Injection] in [Sales ERP Software] leading to Phishing Risk 👨💻 BUG Author: 4m3rr0r 📦 Product Information: Vendor Homepage: https://www.bdtask.com Software Link: https://codecanyon.net...
🚨 CVE-2025-58122
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
🎖@cveNotify
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
🎖@cveNotify
Checkmk
Werk #18982: Fix permissions for notification parameter REST API endpoints
Before this fix the REST API endpoints to configure notification parameters, i.e. check_mk/api/1.0/objects/configuration_entity/*, lacked proper validation of user permis
🚨 CVE-2025-64996
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data.
🎖@cveNotify
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data.
🎖@cveNotify
Checkmk
Werk #18570: Inotify: do not override permissions in agent plugin
By overriding the umask value in the agent plugin, the permissions for the files
written out to /var/lib/check_mk_agent/mk_inotify.* were too permissive
(-rw-rw-rw), givi
written out to /var/lib/check_mk_agent/mk_inotify.* were too permissive
(-rw-rw-rw), givi
🚨 CVE-2025-63828
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
🎖@cveNotify
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
🎖@cveNotify
GitHub
GitHub - mertdurum06/BackdropCms-1.32.1: Host Header Injection
Host Header Injection. Contribute to mertdurum06/BackdropCms-1.32.1 development by creating an account on GitHub.
🚨 CVE-2025-64428
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.
🎖@cveNotify
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.
🎖@cveNotify
GitHub
fix: 【漏洞】DataEase DB2 JNDI Vulnerability · dataease/dataease@b7e585c
🔥 人人可用的开源 BI 工具,数据可视化神器。An open-source BI tool alternative to Tableau. - fix: 【漏洞】DataEase DB2 JNDI Vulnerability · dataease/dataease@b7e585c
🚨 CVE-2025-65493
NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.
🎖@cveNotify
NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.
🎖@cveNotify
GitHub
Missing BIO_get_data() return value check · Issue #1743 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65494
NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
🎖@cveNotify
NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
🎖@cveNotify
GitHub
Missing sk_GENERAL_NAME_value() return value check · Issue #1745 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65495
Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
🎖@cveNotify
Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
🎖@cveNotify
GitHub
Missing i2d_X509() return value check · Issue #1744 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65496
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
GitHub
Missing sk_GENERAL_NAME_value() return value check · Issue #1745 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65497
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
GitHub
Missing sk_GENERAL_NAME_value() return value check · Issue #1745 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65498
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
GitHub
Missing SSL_get_SSL_CTX() return value check · Issue #1746 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65499
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
🎖@cveNotify
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
🎖@cveNotify
GitHub
Missing SSL_get_ex_data_X509_STORE_CTX_idx() return value check · Issue #1747 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65500
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
GitHub
Missing SSL_get_SSL_CTX() return value check · Issue #1746 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65501
Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.
🎖@cveNotify
Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.
🎖@cveNotify
GitHub
Missing SSL_get_app_data() return value check · Issue #1748 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65502
Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.
🎖@cveNotify
Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.
🎖@cveNotify
GitHub
Segfault when SSL_CTX_get_cert_store returns NULL · Issue #3306 · cesanta/mongoose
There appears to be a bug in Mongoose’s OpenSSL TLS integration. My goal is: Use mongoose's TLS functionality with openssl. My actions were: Examined the add_ca_certs() function and its usage o...
❤1
🚨 CVE-2025-65503
Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.
🎖@cveNotify
Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.
🎖@cveNotify
GitHub
Heap-use-after-free during broker shutdown · Issue #436 · redboltz/async_mqtt
Description AddressSanitizer detects a heap-use-after-free error during broker shutdown. The issue involves incorrect destruction order between io_context and endpoint objects that hold timer refer...
🚨 CVE-2025-65998
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option.
When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained access to the internal database content, to reconstruct the original cleartext password values.
This is not affecting encrypted plain attributes, whose values are also stored using AES encryption.
Users are recommended to upgrade to version 3.0.15 / 4.0.3, which fix this issue.
🎖@cveNotify
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option.
When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained access to the internal database content, to reconstruct the original cleartext password values.
This is not affecting encrypted plain attributes, whose values are also stored using AES encryption.
Users are recommended to upgrade to version 3.0.15 / 4.0.3, which fix this issue.
🎖@cveNotify
🚨 CVE-2025-58121
Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information
🎖@cveNotify
Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information
🎖@cveNotify
Checkmk
Werk #18983: Fix permissions on various REST API endpoints
Several REST API endpoints previously lacked proper validation of user permissions.
As a result, any authenticated user could invoke these endpoints, allowing them to per
As a result, any authenticated user could invoke these endpoints, allowing them to per