๐จ CVE-2025-40934
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.
An attacker can remove the signature from the XML document to make it pass the verification check.
XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should return an error message. The affected versions return true when attempting to validate an XML file that contains no signatures.
๐@cveNotify
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.
An attacker can remove the signature from the XML document to make it pass the verification check.
XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should return an error message. The affected versions return true when attempting to validate an XML file that contains no signatures.
๐@cveNotify
GitHub
An unsigned XML should fail verification ยท Issue #63 ยท perl-net-saml2/perl-XML-Sig
An unsigned XML should fail verification However, running the code below prints "Signature valid.". use XML::Sig; my $cert_text = '-----BEGIN CERTIFICATE----- MIIC4jCCAcoCCQC33wnybT5Q...
๐จ CVE-2025-13683
Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.
๐@cveNotify
Exposure of credentials in unintended requests in Devolutions Server, Remote Desktop Manager on Windows.This issue affects Devolutions Server: through 2025.3.8.0; Remote Desktop Manager: through 2025.3.23.0.
๐@cveNotify
Devolutions
advisories
Stay informed with Devolutions' latest security advisories on vulnerabilities, threats, and incident responses to enhance your cybersecurity posture.
๐จ CVE-2024-11831
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
๐@cveNotify
A flaw was found in npm-serialize-javascript. The vulnerability occurs because the serialize-javascript module does not properly sanitize certain inputs, such as regex or other JavaScript object types, allowing an attacker to inject malicious code. This code could be executed when deserialized by a web browser, causing Cross-site scripting (XSS) attacks. This issue is critical in environments where serialized data is sent to web clients, potentially compromising the security of the website or web application using this package.
๐@cveNotify
๐จ CVE-2021-4461
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a session to arbitrary user IDs. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-30 at 00:30:40.855917 UTC.
๐@cveNotify
Seeyon Zhiyuan OA Web Application System versions up to and including 7.0 SP1 improperly decode and parse the `enc` parameter in thirdpartyController.do. The decoded map values can influence session attributes without sufficient authentication/authorization checks, enabling attackers to assign a session to arbitrary user IDs. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-30 at 00:30:40.855917 UTC.
๐@cveNotify
GitHub
xray/pocs/seeyon-oa-cookie-leak.yml at f90cf321bc4d294bbf6625a9c4853f3bfdf0a384 ยท chaitin/xray
ไธๆฌพ้ฟไบญ่ช็ ็ๅฎๅ็ๅฎๅ
จ่ฏไผฐๅทฅๅ
ท๏ผๆฏๆๅธธ่ง web ๅฎๅ
จ้ฎ้ขๆซๆๅ่ชๅฎไน poc | ไฝฟ็จไนๅๅกๅฟ
ๅ
้
่ฏปๆๆกฃ - chaitin/xray
๐จ CVE-2025-45311
Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because the action for a triggered rule can legitimately be an arbitrary operation as root. Thus, the software is behaving in accordance with its intended privilege model.
๐@cveNotify
Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because the action for a triggered rule can legitimately be an arbitrary operation as root. Thus, the software is behaving in accordance with its intended privilege model.
๐@cveNotify
Gist
CVEโ2025โ45311 Command Execution / Privilege Escalation in Fail2Ban 0.11.2
CVEโ2025โ45311 Command Execution / Privilege Escalation in Fail2Ban 0.11.2 - gist:1c707a08f9c7f9a91d9d84b5010aaed2
๐จ CVE-2025-55471
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.
๐@cveNotify
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.
๐@cveNotify
Gist
Detailed description for CVE-2025-55471
Detailed description for CVE-2025-55471. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-21907
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
๐@cveNotify
Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.
๐@cveNotify
Alephsecurity
It takes only one StackOverflowException to bring down an Application deployed on IIS
๐จ CVE-2024-21909
PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of
service vulnerability. An attacker may trigger the denial of service
condition by providing crafted data to the DecodeFromBytes or other
decoding mechanisms in PeterO.Cbor. Depending on the usage of the
library, an unauthenticated and remote attacker may be able to cause the
denial of service condition.
๐@cveNotify
PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of
service vulnerability. An attacker may trigger the denial of service
condition by providing crafted data to the DecodeFromBytes or other
decoding mechanisms in PeterO.Cbor. Depending on the usage of the
library, an unauthenticated and remote attacker may be able to cause the
denial of service condition.
๐@cveNotify
GitHub
CVE-2024-21909 - GitHub Advisory Database
Denial of service in CBOR library
๐จ CVE-2024-22047
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.
๐@cveNotify
A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user.
๐@cveNotify
GitHub
CVE-2024-22047 - GitHub Advisory Database
Race Condition leading to logging errors
๐จ CVE-2024-0758
MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.
๐@cveNotify
MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.
๐@cveNotify
GitHub
GHSA-2pwh-52h7-7j84 - GitHub Advisory Database
JavaScript execution via malicious molfiles (XSS)
๐จ CVE-2025-66250
Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary file upload via /var/tdf/status_contents.php.
๐@cveNotify
Unauthenticated Arbitrary File Upload (status_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Allows unauthenticated arbitrary file upload via /var/tdf/status_contents.php.
๐@cveNotify
Abduls Blog
14 Vulnerabilities in broadcasting system used by The United Nations, BBC Radio and others
Quick Intro
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
๐จ CVE-2025-66251
Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows path traversal deletion of arbitrary .tgz files.
๐@cveNotify
Unauthenticated Path Traversal with Arbitrary File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletehidden parameter allows path traversal deletion of arbitrary .tgz files.
๐@cveNotify
Abduls Blog
14 Vulnerabilities in broadcasting system used by The United Nations, BBC Radio and others
Quick Intro
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
๐จ CVE-2025-66252
Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a loop.
๐@cveNotify
Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink() fails in status_contents.php causing DoS. Due to the fact that the unlink operation is done in a while loop; if an immutable file is specified or otherwise a file in which the process has no permissions to delete; it would repeatedly attempt to do in a loop.
๐@cveNotify
Abduls Blog
14 Vulnerabilities in broadcasting system used by The United Nations, BBC Radio and others
Quick Intro
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
๐จ CVE-2025-66253
Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec() allows remote code execution via start_upgrade.php. The `/var/tdf/start_upgrade.php` endpoint passes user-controlled `$_GET["filename"]` directly into `exec()` without sanitization or shell escaping. Attackers can inject arbitrary shell commands using metacharacters (`;`, `|`, etc.) to achieve remote code execution as the web server user (likely root).
๐@cveNotify
Unauthenticated OS Command Injection (start_upgrade.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform User input passed directly to exec() allows remote code execution via start_upgrade.php. The `/var/tdf/start_upgrade.php` endpoint passes user-controlled `$_GET["filename"]` directly into `exec()` without sanitization or shell escaping. Attackers can inject arbitrary shell commands using metacharacters (`;`, `|`, etc.) to achieve remote code execution as the web server user (likely root).
๐@cveNotify
Abduls Blog
14 Vulnerabilities in broadcasting system used by The United Nations, BBC Radio and others
Quick Intro
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
๐จ CVE-2025-66254
Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary files.
The `deleteupgrade` parameter in `/var/www/upgrade_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/upload/` without any extension restriction or path sanitization, enabling attackers to remove critical system files.
๐@cveNotify
Unauthenticated Arbitrary File Deletion (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary files.
The `deleteupgrade` parameter in `/var/www/upgrade_contents.php` allows unauthenticated deletion of arbitrary files in `/var/www/upload/` without any extension restriction or path sanitization, enabling attackers to remove critical system files.
๐@cveNotify
Abduls Blog
14 Vulnerabilities in broadcasting system used by The United Nations, BBC Radio and others
Quick Intro
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
๐จ CVE-2025-66255
Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages.
The firmware upgrade endpoint in `upgrade_contents.php` accepts arbitrary file uploads without validating file headers, cryptographic signatures, or enforcing .tgz format requirements, allowing malicious firmware injection. This endpoint also subsequently provides ways for arbitrary file uploads and subsequent remote code execution
๐@cveNotify
Unauthenticated Arbitrary File Upload (upgrade_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages.
The firmware upgrade endpoint in `upgrade_contents.php` accepts arbitrary file uploads without validating file headers, cryptographic signatures, or enforcing .tgz format requirements, allowing malicious firmware injection. This endpoint also subsequently provides ways for arbitrary file uploads and subsequent remote code execution
๐@cveNotify
Abduls Blog
14 Vulnerabilities in broadcasting system used by The United Nations, BBC Radio and others
Quick Intro
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
๐จ CVE-2025-66256
Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patch_contents.php allows uploading malicious files.
The `/var/tdf/patch_contents.php` endpoint allows unauthenticated arbitrary file uploads without file type validation, MIME checking, or size restrictions beyond 16MB, enabling attackers to upload malicious files.
๐@cveNotify
Unauthenticated Arbitrary File Upload (patch_contents.php) in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Unrestricted file upload in patch_contents.php allows uploading malicious files.
The `/var/tdf/patch_contents.php` endpoint allows unauthenticated arbitrary file uploads without file type validation, MIME checking, or size restrictions beyond 16MB, enabling attackers to upload malicious files.
๐@cveNotify
Abduls Blog
14 Vulnerabilities in broadcasting system used by The United Nations, BBC Radio and others
Quick Intro
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
As an electrical engineer with a passion for electronics, I have recently been reverse engineering and researching commonly deployed edge and IoT devices found in critical use environments. This research focuses on the Mozart FM Transmitter (webโฆ
๐จ CVE-2025-6021
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
๐@cveNotify
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
๐@cveNotify
๐จ CVE-2025-6032
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
๐@cveNotify
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
๐@cveNotify
๐จ CVE-2025-64715
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset section of the derived policy is not generated, which means outbound traffic may be permitted to more destinations than originally intended. This issue has been patched in versions 1.16.17, 1.17.10, and 1.18.4. There are no workarounds for this issue.
๐@cveNotify
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network interface may unintentionally allow broader outbound access than intended by the policy authors. In such cases, the toCIDRset section of the derived policy is not generated, which means outbound traffic may be permitted to more destinations than originally intended. This issue has been patched in versions 1.16.17, 1.17.10, and 1.18.4. There are no workarounds for this issue.
๐@cveNotify
GitHub
policy: fix {to,from}-groups derived policy creation for empty cidr sets ยท cilium/cilium@a385856
This commit fixes a day-0 bug in cilium-operator when processing to-groups
derived policy resolving to an empty set of ip addresses(eg. non existing
security group).
Currently if the to-groups refe...
derived policy resolving to an empty set of ip addresses(eg. non existing
security group).
Currently if the to-groups refe...
๐จ CVE-2025-65112
PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in PubNet allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enables identity spoofing, privilege escalation, and supply chain attacks. This issue has been patched in version 1.1.3.
๐@cveNotify
PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in PubNet allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enables identity spoofing, privilege escalation, and supply chain attacks. This issue has been patched in version 1.1.3.
๐@cveNotify
GitHub
Critical Authentication Bypass Allows Unauthenticated Package Upload and Identity Spoofing
### Summary
The /api/storage/upload endpoint in PubNet allows unauthenticated users to
upload packages as any user by providing arbitrary author-id values. This
enables identity spoofing, priv...
The /api/storage/upload endpoint in PubNet allows unauthenticated users to
upload packages as any user by providing arbitrary author-id values. This
enables identity spoofing, priv...