π¨ CVE-2025-21465
Information disclosure while processing the hash segment in an MBN file.
π@cveNotify
Information disclosure while processing the hash segment in an MBN file.
π@cveNotify
π¨ CVE-2025-21487
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
π@cveNotify
Information disclosure while decoding RTP packet received by UE from the network, when payload length mentioned is greater than the available buffer length.
π@cveNotify
π¨ CVE-2025-47318
Transient DOS while parsing the EPTM test control message to get the test pattern.
π@cveNotify
Transient DOS while parsing the EPTM test control message to get the test pattern.
π@cveNotify
π¨ CVE-2025-56423
An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages
π@cveNotify
An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages
π@cveNotify
Sec4You-Pentest
OpenAtlas:Schwachstelle User Enumeration CVE-2025-56423
In OpenAtlas < v8.12.0 ist es durch eine Benutzer-Enumeration Schwachstelle mΓΆglich registrierte Benutzer zu evaluieren
π¨ CVE-2025-60914
Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint.
π@cveNotify
Incorrect access control in Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to access sensitive information via sending a crafted GET request to the /display_logo endpoint.
π@cveNotify
Sec4You-Pentest
OpenAtlas:Schwachstelle IDOR display_logo CVE-2025-60914
In OpenAtlas <= v8.12.0 am Endpunkt /display_logo/ liefert Dateien aus dem Upload-βLogo-Verzeichnis ohne erforderliche Autorisierung aus - IDOR
π¨ CVE-2025-60915
An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request.
π@cveNotify
An issue in the size query parameter (/views/file.py) of Austrian Archaeological Institute Openatlas before v8.12.0 allows attackers to execute a path traversal via a crafted request.
π@cveNotify
Sec4You-Pentest
OpenAtlas:Schwachstelle LFI display size CVE-2025-60915
In OpenAtlas <= v8.12.0 der Endpunkt /display/production.py ermΓΆglich Authentifizerte Benutzer Lokale System Dateien zu lesen und zu Exfiltrieren
π¨ CVE-2024-53010
Memory corruption may occur while attaching VM when the HLOS retains access to VM.
π@cveNotify
Memory corruption may occur while attaching VM when the HLOS retains access to VM.
π@cveNotify
π¨ CVE-2024-53015
Memory corruption while processing IOCTL command to handle buffers associated with a session.
π@cveNotify
Memory corruption while processing IOCTL command to handle buffers associated with a session.
π@cveNotify
π¨ CVE-2024-53020
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
π@cveNotify
Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
π@cveNotify
π¨ CVE-2025-41392
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
π@cveNotify
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing AR files. This could lead to an out-of-bounds read. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
π@cveNotify
π¨ CVE-2025-53705
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
π@cveNotify
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing CO files. This could lead to an out-of-bounds write. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
π@cveNotify
π¨ CVE-2025-46269
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
π@cveNotify
In Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions prior to 12.6.1204.204, the affected applications lack proper validation of user-supplied data when parsing VC6 files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process.
π@cveNotify
π¨ CVE-2018-11802
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
π@cveNotify
In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection. However, if a node receives a request for a collection it does not host, it proxies the request to a relevant node and serves the request. Solr bypasses all authorization settings for such requests. This affects all Solr versions prior to 7.7 that use the default authorization mechanism of Solr (RuleBasedAuthorizationPlugin).
π@cveNotify
π¨ CVE-2023-5844
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.
π@cveNotify
Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0.
π@cveNotify
GitHub
[Improvement]: Check if new password is NOT the same as the old one w⦠· pimcore/admin-ui-classic-bundle@498ac77
β¦hen resetting (#285)
* add check that new passoword is different than old one
* refactor empty old password check
* add CHANGELOG
* Update CHANGELOG.md
---------
Co-authored-by: Di...
* add check that new passoword is different than old one
* refactor empty old password check
* add CHANGELOG
* Update CHANGELOG.md
---------
Co-authored-by: Di...
π¨ CVE-2024-23681
Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
π@cveNotify
Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
π@cveNotify
GitHub
GHSA-98hq-4wmw-98w9 - GitHub Advisory Database
Arbitrary code execution in de.tum.in.ase:artemis-java-test-sandbox
π¨ CVE-2024-23682
Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
π@cveNotify
Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
π@cveNotify
GitHub
GHSA-227w-wv4j-67h4 - GitHub Advisory Database
Class Loading Vulnerability in Artemis
π¨ CVE-2024-23683
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
π@cveNotify
Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.
π@cveNotify
GitHub
GHSA-883x-6fch-6wjx - GitHub Advisory Database
Trust Boundary Violation due to Incomplete Blacklist in Test Failure Processing in Ares
π¨ CVE-2018-25120
D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life.
π@cveNotify
D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a command injection vulnerability in the Mail Test functionality. The web maintenance script posts to the internal goForm endpoint '/goform/Mail_Test' and uses several form parameters directly in a call to a system email utility without proper input validation. An unauthenticated remote attacker can supply crafted form data that injects shell commands, resulting in execution as root on the device. NOTE: The DNS-343 product line has been declared end-of-life.
π@cveNotify
GitHub
advisories/[GTSA-00128] D-Link DNS-343 ShareCenter 1.05 Remote Root.txt at master Β· jamesbercegay/advisories
Security Advisories. Contribute to jamesbercegay/advisories development by creating an account on GitHub.
π₯1
π¨ CVE-2025-12969
Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.
π@cveNotify
Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. By bypassing authentication controls, attackers can inject forged log records, flood alerting systems, or manipulate routing decisions, compromising the authenticity and integrity of ingested logs.
π@cveNotify
fluentbit.io
Security Vulnerabilities Addressed in Fluent Bit v4.1 and Backported to v4.0
Summary of security issues reported and remediated in Fluent Bit v4.2, v4.1.1, and v4.0.14, including path traversal, stack buffer overflow, and authentication bypass fixes.
π¨ CVE-2025-12970
The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.
π@cveNotify
The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.
π@cveNotify
fluentbit.io
Security Vulnerabilities Addressed in Fluent Bit v4.1 and Backported to v4.0
Summary of security issues reported and remediated in Fluent Bit v4.2, v4.1.1, and v4.0.14, including path traversal, stack buffer overflow, and authentication bypass fixes.
π¨ CVE-2025-12972
Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.
π@cveNotify
Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.
π@cveNotify
fluentbit.io
Security Vulnerabilities Addressed in Fluent Bit v4.1 and Backported to v4.0
Summary of security issues reported and remediated in Fluent Bit v4.2, v4.1.1, and v4.0.14, including path traversal, stack buffer overflow, and authentication bypass fixes.