π¨ CVE-2025-65497
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
π@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
π@cveNotify
GitHub
Missing sk_GENERAL_NAME_value() return value check Β· Issue #1745 Β· obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
π¨ CVE-2025-65498
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
π@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
π@cveNotify
GitHub
Missing SSL_get_SSL_CTX() return value check Β· Issue #1746 Β· obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
π¨ CVE-2025-65499
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
π@cveNotify
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
π@cveNotify
GitHub
Missing SSL_get_ex_data_X509_STORE_CTX_idx() return value check Β· Issue #1747 Β· obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
π¨ CVE-2025-65500
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
π@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
π@cveNotify
GitHub
Missing SSL_get_SSL_CTX() return value check Β· Issue #1746 Β· obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
π¨ CVE-2025-65501
Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.
π@cveNotify
Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.
π@cveNotify
GitHub
Missing SSL_get_app_data() return value check Β· Issue #1748 Β· obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
π¨ CVE-2025-65502
Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.
π@cveNotify
Null pointer dereference in add_ca_certs() in Cesanta Mongoose before 7.2 allows remote attackers to cause a denial of service via TLS initialization where SSL_CTX_get_cert_store() returns NULL.
π@cveNotify
GitHub
Segfault when SSL_CTX_get_cert_store returns NULL Β· Issue #3306 Β· cesanta/mongoose
There appears to be a bug in Mongooseβs OpenSSL TLS integration. My goal is: Use mongoose's TLS functionality with openssl. My actions were: Examined the add_ca_certs() function and its usage o...
β€1
π¨ CVE-2025-65503
Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.
π@cveNotify
Use after free in endpoint destructors in Redboltz async_mqtt 10.2.5 allows local users to cause a denial of service via triggering SSL initialization failure that results in incorrect destruction order between io_context and endpoint objects.
π@cveNotify
GitHub
Heap-use-after-free during broker shutdown Β· Issue #436 Β· redboltz/async_mqtt
Description AddressSanitizer detects a heap-use-after-free error during broker shutdown. The issue involves incorrect destruction order between io_context and endpoint objects that hold timer refer...
π¨ CVE-2025-65998
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option.
When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained access to the internal database content, to reconstruct the original cleartext password values.
This is not affecting encrypted plain attributes, whose values are also stored using AES encryption.
Users are recommended to upgrade to version 3.0.15 / 4.0.3, which fix this issue.
π@cveNotify
Apache Syncope can be configured to store the user password values in the internal database with AES encryption, though this is not the default option.
When AES is configured, the default key value, hard-coded in the source code, is always used. This allows a malicious attacker, once obtained access to the internal database content, to reconstruct the original cleartext password values.
This is not affecting encrypted plain attributes, whose values are also stored using AES encryption.
Users are recommended to upgrade to version 3.0.15 / 4.0.3, which fix this issue.
π@cveNotify
π¨ CVE-2025-58121
Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information
π@cveNotify
Insufficient permission validation on multiple REST API endpoints in Checkmk 2.2.0, 2.3.0, and 2.4.0 before version 2.4.0p16 allows low-privileged users to perform unauthorized actions or obtain sensitive information
π@cveNotify
Checkmk
Werk #18983: Fix permissions on various REST API endpoints
Several REST API endpoints previously lacked proper validation of user permissions.
As a result, any authenticated user could invoke these endpoints, allowing them to per
As a result, any authenticated user could invoke these endpoints, allowing them to per
π¨ CVE-2025-13420
A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in itsourcecode Human Resource Management System 1.0. This issue affects some unknown processing of the file /src/store/EventStore.php. This manipulation of the argument eventSubject causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
GitHub
itsourcecode Human Resource Management System Project V1.0 /src/store/EventStore.php SQL injection Β· Issue #8 Β· f14g-orz/CVE
itsourcecode Human Resource Management System Project V1.0 /src/store/EventStore.php SQL injection NAME OF AFFECTED PRODUCT(S) Human Resource Management System Vendor Homepage https://itsourcecode....
π¨ CVE-2025-13422
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
π@cveNotify
A vulnerability was detected in freeprojectscodes Sports Club Management System 1.0. The affected element is an unknown function of the file /dashboard/admin/change_s_pwd.php. Performing manipulation of the argument login_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
π@cveNotify
GitHub
freeprojectscodes Sports Club Management System Project V1.0 /dashboard/admin/change_s_pwd.php SQL injection Β· Issue #10 Β· f14gβ¦
freeprojectscodes Sports Club Management System Project V1.0 /dashboard/admin/change_s_pwd.php SQL injection NAME OF AFFECTED PRODUCT(S) Sports Club Management System Vendor Homepage https://repo.f...
π¨ CVE-2025-36161
IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
π@cveNotify
IBM Concert 1.0.0 through 2.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict-Transport-Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques.
π@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0
π¨ CVE-2025-64027
Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress_message value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the POST /livewire/update request to inject arbitrary HTML or JavaScript into the progress_message. Because the server accepts the modified input without sanitization and reflects it back to the user, arbitrary JavaScript executes in the browser of any authenticated admin who views the import page.
π@cveNotify
Snipe-IT v8.3.4 (build 20218) contains a reflected cross-site scripting (XSS) vulnerability in the CSV Import workflow. When an invalid CSV file is uploaded, the application returns a progress_message value that is rendered as raw HTML in the admin interface. An attacker can intercept and modify the POST /livewire/update request to inject arbitrary HTML or JavaScript into the progress_message. Because the server accepts the modified input without sanitization and reflects it back to the user, arbitrary JavaScript executes in the browser of any authenticated admin who views the import page.
π@cveNotify
GitHub
GitHub - cybercrewinc/CVE-2025-64027: Reflected Cross-Site Scripting in Snipe-IT CSV Import Workflow
Reflected Cross-Site Scripting in Snipe-IT CSV Import Workflow - cybercrewinc/CVE-2025-64027
π¨ CVE-2025-33110
IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
π@cveNotify
IBM OpenPages 9.1, and 9.0 with Watson is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
π@cveNotify
Ibm
Security Bulletin: IBM OpenPages Vulnerable to HTML Injection (CVE-2025-33110)
Application API's vulnerable to HTML injection in IBM OpenPages has been addressed in the latest IBM OpenPages fix pack for 9.0 and 9.1 versions.
π¨ CVE-2025-7633
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.
π@cveNotify
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report.
π@cveNotify
Manageengine
CVE-2025-7633 - Stored XSS vulnerability in Exchange Reporter Plus
This page provides details about the CVE-2025-7633 vulnerability in Exchange Reporter Plus and outlines the incident response plan if your system is affected.
π¨ CVE-2025-60684
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication.
π@cveNotify
A stack buffer overflow vulnerability exists in the ToToLink LR1200GB (V9.1.0u.6619_B20230130) and NR1800X (V9.1.0u.6681_B20230703) Router firmware within the cstecgi.cgi binary (sub_42F32C function). The web interface reads the "lang" parameter and constructs Help URL strings using sprintf() into fixed-size stack buffers without proper length validation. Maliciously crafted input can overflow these buffers, potentially leading to arbitrary code execution or memory corruption, without requiring authentication.
π@cveNotify
π¨ CVE-2025-55055
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
π@cveNotify
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
π@cveNotify
π¨ CVE-2025-55056
Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
π@cveNotify
Multiple CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
π@cveNotify
π¨ CVE-2025-32353
Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file.
π@cveNotify
Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials (for privileged access) stored in the collector.txt configuration file.
π@cveNotify
Codykretsinger
Cody Kretsinger
Speaker. Hacker. Former LulzSec member. The home of Cody Kretsinger.
π¨ CVE-2025-32874
An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encrypt(byte[] clearData) derives both the encryption key and the IV from a fixed, hardcoded input by using a static salt value. As a result, identical plaintext inputs always produce identical ciphertext outputs. This is true for both FIPS and non-FIPS generated passwords. In other words, there is a cryptographic implementation flaw in the password encryption mechanism. Although there are multiple encryption methods grouped under FIPS and non-FIPS classifications, the logic consistently results in predictable and reversible encrypted outputs due to the lack of per-operation randomness and encryption authentication.
π@cveNotify
An issue was discovered in Kaseya Rapid Fire Tools Network Detective through 2.0.16.0. A vulnerability exists in the EncryptionUtil class because symmetric encryption is implemented in a deterministic and non-randomized fashion. The method Encrypt(byte[] clearData) derives both the encryption key and the IV from a fixed, hardcoded input by using a static salt value. As a result, identical plaintext inputs always produce identical ciphertext outputs. This is true for both FIPS and non-FIPS generated passwords. In other words, there is a cryptographic implementation flaw in the password encryption mechanism. Although there are multiple encryption methods grouped under FIPS and non-FIPS classifications, the logic consistently results in predictable and reversible encrypted outputs due to the lack of per-operation randomness and encryption authentication.
π@cveNotify
Codykretsinger
Cody Kretsinger
Speaker. Hacker. Former LulzSec member. The home of Cody Kretsinger.