🚨 CVE-2025-13177
A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was detected in Bdtask/CodeCanyon SalesERP up to 20250728. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Cross-Site Request Forgery (CSRF) in Sales ERP Software leading to Account Takeover · Issue #1 · 4m3rr0r/PoCVulDb
[Cross-Site Request Forgery (CSRF)] in [Sales ERP Software] leading to Account Takeover 👨💻 BUG Author: 4m3rr0r 📦 Product Information: Vendor Homepage: https://www.bdtask.com Software Link: https:/...
🚨 CVE-2025-13178
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /edit_profile of the component User Profile Handler. This manipulation of the argument first_name/last_name causes basic cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
Stored HTML Injection in Sales ERP Software leading to Phishing Risk · Issue #2 · 4m3rr0r/PoCVulDb
[Stored HTML Injection] in [Sales ERP Software] leading to Phishing Risk 👨💻 BUG Author: 4m3rr0r 📦 Product Information: Vendor Homepage: https://www.bdtask.com Software Link: https://codecanyon.net...
🚨 CVE-2025-58122
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
🎖@cveNotify
Insufficient permission validation in Checkmk 2.4.0 before version 2.4.0p16 allows low-privileged users to modify notification parameters via the REST API, which could lead to unauthorized actions or information disclosure.
🎖@cveNotify
Checkmk
Werk #18982: Fix permissions for notification parameter REST API endpoints
Before this fix the REST API endpoints to configure notification parameters, i.e. check_mk/api/1.0/objects/configuration_entity/*, lacked proper validation of user permis
🚨 CVE-2025-64996
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data.
🎖@cveNotify
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mk_inotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification of monitoring data.
🎖@cveNotify
Checkmk
Werk #18570: Inotify: do not override permissions in agent plugin
By overriding the umask value in the agent plugin, the permissions for the files
written out to /var/lib/check_mk_agent/mk_inotify.* were too permissive
(-rw-rw-rw), givi
written out to /var/lib/check_mk_agent/mk_inotify.* were too permissive
(-rw-rw-rw), givi
🚨 CVE-2025-63828
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
🎖@cveNotify
Host Header Injection vulnerability in Backdrop CMS 1.32.1 allows attackers to manipulate the Host header in password reset requests, leading to redirects to malicious domains and potential session hijacking via cookie injection.
🎖@cveNotify
GitHub
GitHub - mertdurum06/BackdropCms-1.32.1: Host Header Injection
Host Header Injection. Contribute to mertdurum06/BackdropCms-1.32.1 development by creating an account on GitHub.
🚨 CVE-2025-64428
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.
🎖@cveNotify
Dataease is an open source data visualization analysis tool. Versions prior to 2.10.17 are vulnerable to JNDI injection. A blacklist was added in the patch for version 2.10.14. However, JNDI injection remains possible via the iiop, corbaname, and iiopname schemes. The vulnerability has been fixed in version 2.10.17.
🎖@cveNotify
GitHub
fix: 【漏洞】DataEase DB2 JNDI Vulnerability · dataease/dataease@b7e585c
🔥 人人可用的开源 BI 工具,数据可视化神器。An open-source BI tool alternative to Tableau. - fix: 【漏洞】DataEase DB2 JNDI Vulnerability · dataease/dataease@b7e585c
🚨 CVE-2025-65493
NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.
🎖@cveNotify
NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.
🎖@cveNotify
GitHub
Missing BIO_get_data() return value check · Issue #1743 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65494
NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
🎖@cveNotify
NULL pointer dereference in get_san_or_cn_from_cert() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted X.509 certificate that causes sk_GENERAL_NAME_value() to return NULL.
🎖@cveNotify
GitHub
Missing sk_GENERAL_NAME_value() return value check · Issue #1745 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65495
Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
🎖@cveNotify
Integer signedness error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted TLS certificate that causes i2d_X509() to return -1 and be misused as a malloc() size parameter.
🎖@cveNotify
GitHub
Missing i2d_X509() return value check · Issue #1744 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65496
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
GitHub
Missing sk_GENERAL_NAME_value() return value check · Issue #1745 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65497
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
GitHub
Missing sk_GENERAL_NAME_value() return value check · Issue #1745 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65498
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
GitHub
Missing SSL_get_SSL_CTX() return value check · Issue #1746 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65499
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
🎖@cveNotify
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
🎖@cveNotify
GitHub
Missing SSL_get_ex_data_X509_STORE_CTX_idx() return value check · Issue #1747 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65500
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
🎖@cveNotify
GitHub
Missing SSL_get_SSL_CTX() return value check · Issue #1746 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65501
Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.
🎖@cveNotify
Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.
🎖@cveNotify
GitHub
Missing SSL_get_app_data() return value check · Issue #1748 · obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
🚨 CVE-2025-65502
Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.
🎖@cveNotify
Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.
🎖@cveNotify
GitHub
Segfault when SSL_CTX_get_cert_store returns NULL · Issue #3306 · cesanta/mongoose
There appears to be a bug in Mongoose’s OpenSSL TLS integration. My goal is: Use mongoose's TLS functionality with openssl. My actions were: Examined the add_ca_certs() function and its usage o...
❤1
🚨 CVE-2025-65503
Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.
🎖@cveNotify
Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.
🎖@cveNotify
GitHub
Heap-use-after-free during broker shutdown · Issue #436 · redboltz/async_mqtt
Description AddressSanitizer detects a heap-use-after-free error during broker shutdown. The issue involves incorrect destruction order between io_context and endpoint objects that hold timer refer...
🚨 CVE-2025-65998
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option.
When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained access to the internal database content, to reconstruct the original cleartext password values.
This is not affecting encrypted plain attributes, whose values are also stored using AES encryption.
Users are recommended to upgrade to version 3.0.15 / 4.0.3, which fix this issue.
🎖@cveNotify
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option.
When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained access to the internal database content, to reconstruct the original cleartext password values.
This is not affecting encrypted plain attributes, whose values are also stored using AES encryption.
Users are recommended to upgrade to version 3.0.15 / 4.0.3, which fix this issue.
🎖@cveNotify
🚨 CVE-2025-58121
Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information
🎖@cveNotify
Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information
🎖@cveNotify
Checkmk
Werk #18983: Fix permissions on various REST API endpoints
Several REST API endpoints previously lacked proper validation of user permissions.
As a result, any authenticated user could invoke these endpoints, allowing them to per
As a result, any authenticated user could invoke these endpoints, allowing them to per
🚨 CVE-2025-13420
A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
GitHub
itsourcecode Human Resource Management System Project V1.0 /src/store/EventStore.php SQL injection · Issue #8 · f14g-orz/CVE
itsourcecode Human Resource Management System Project V1.0 /src/store/EventStore.php SQL injection NAME OF AFFECTED PRODUCT(S) Human Resource Management System Vendor Homepage https://itsourcecode....
🚨 CVE-2025-13422
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
🎖@cveNotify
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
🎖@cveNotify
GitHub
freeprojectscodes Sports Club Management System Project V1.0 /dashboard/admin/change_s_pwd.php SQL injection · Issue #10 · f14g…
freeprojectscodes Sports Club Management System Project V1.0 /dashboard/admin/change_s_pwd.php SQL injection NAME OF AFFECTED PRODUCT(S) Sports Club Management System Vendor Homepage https://repo.f...