π¨ CVE-2025-13769
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
π@cveNotify
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
π@cveNotify
π¨ CVE-2025-12106
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
π@cveNotify
Insufficient argument validation in OpenVPN 2.7_alpha1 through 2.7_rc1 allows an attacker to trigger a heap buffer over-read when parsing IP addresses
π@cveNotify
π¨ CVE-2025-27232
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
π@cveNotify
An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
π@cveNotify
π¨ CVE-2025-46553
@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue.
π@cveNotify
@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue.
π@cveNotify
GitHub
Merge commit from fork Β· misskey-dev/summaly@45153b4
Fix GHSA-7899-w6c4-vqc4
π¨ CVE-2025-64066
Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access Control vulnerability. The endpoint fails to implement any authorization checks, allowing unauthenticated attackers to perform POST requests to register new user accounts in the application's local database. This bypasses the intended security architecture, which relies on an external Identity Provider for initial user registration and assumes that internal user creation is an administrative-only function. This vector can also be chained with other vulnerabilities for privilege escalation and complete compromise of application. This specific request can be used to also enumerate already registered user accounts, aiding in social engineering or further targeted attacks.
π@cveNotify
Primakon Pi Portal 1.0.18 REST /api/v2/user/register endpoint suffers from a Broken Access Control vulnerability. The endpoint fails to implement any authorization checks, allowing unauthenticated attackers to perform POST requests to register new user accounts in the application's local database. This bypasses the intended security architecture, which relies on an external Identity Provider for initial user registration and assumes that internal user creation is an administrative-only function. This vector can also be chained with other vulnerabilities for privilege escalation and complete compromise of application. This specific request can be used to also enumerate already registered user accounts, aiding in social engineering or further targeted attacks.
π@cveNotify
GitHub
Vulnerabilites/Primakon/CVE-2025-64066.md at main Β· n3k7ar91/Vulnerabilites
Contribute to n3k7ar91/Vulnerabilites development by creating an account on GitHub.
π¨ CVE-2025-61167
SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameters.
π@cveNotify
SIGB PMB v8.0.1.14 was discovered to contain multiple SQL injection vulnerabilities in the /opac_css/ajax_selector.php component via the id and datas parameters.
π@cveNotify
π¨ CVE-2025-61168
An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file.
π@cveNotify
An issue in the cms_rest.php component of SIGB PMB v8.0.1.14 allows attackers to execute arbitrary code via unserializing an arbitrary file.
π@cveNotify
π¨ CVE-2025-64063
Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate data outside their assigned scope, including: Unauthorized Account modification, modifying/deleting arbitrary user accounts and changing passwords by sending a direct request to the user management API endpoint; Confidential Data Access, accessing and downloading sensitive organizational documents via a direct request to the document retrieval API; Privilege escalation, This vulnerability can lead to complete compromise of data integrity and confidentiality, and Privilege Escalation by manipulating core system functions.
π@cveNotify
Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate data outside their assigned scope, including: Unauthorized Account modification, modifying/deleting arbitrary user accounts and changing passwords by sending a direct request to the user management API endpoint; Confidential Data Access, accessing and downloading sensitive organizational documents via a direct request to the document retrieval API; Privilege escalation, This vulnerability can lead to complete compromise of data integrity and confidentiality, and Privilege Escalation by manipulating core system functions.
π@cveNotify
GitHub
Vulnerabilites/Primakon/CVE-2025-64063.md at main Β· n3k7ar91/Vulnerabilites
Contribute to n3k7ar91/Vulnerabilites development by creating an account on GitHub.
π¨ CVE-2025-64064
Primakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions before processing a PATCH request to modify the PP_SECURITY_PROFILE_ID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using PP_SECURITY_PROFILE_ID=2 inside body of request and escalate privileges.
π@cveNotify
Primakon Pi Portal 1.0.18 /api/v2/pp_users endpoint fails to adequately check user permissions before processing a PATCH request to modify the PP_SECURITY_PROFILE_ID. Because of weak access controls any low level user can use this API and change their permission to Administrator by using PP_SECURITY_PROFILE_ID=2 inside body of request and escalate privileges.
π@cveNotify
GitHub
Vulnerabilites/Primakon/CVE-2025-64064.md at main Β· n3k7ar91/Vulnerabilites
Contribute to n3k7ar91/Vulnerabilites development by creating an account on GitHub.
π¨ CVE-2025-64065
The Primakon Pi Portal 1.0.18 API /api/V2/pp_udfv_admin endpoint, fails to perform necessary server-side validation. The administrative LoginAs or user impersonation feature is vulnerable to a access control failure. This flaw allows any authenticated low-privileged user to execute a direct PATCH request, enabling them to impersonate any other arbitrary user, including application Administrators. This is due to a Broken Function Level Authorization failure (the function doesn't check the caller's privilege) compounded by an Insecure Design that permits a session switch without requiring the target user's password or an administrative token and only needs email of user.
π@cveNotify
The Primakon Pi Portal 1.0.18 API /api/V2/pp_udfv_admin endpoint, fails to perform necessary server-side validation. The administrative LoginAs or user impersonation feature is vulnerable to a access control failure. This flaw allows any authenticated low-privileged user to execute a direct PATCH request, enabling them to impersonate any other arbitrary user, including application Administrators. This is due to a Broken Function Level Authorization failure (the function doesn't check the caller's privilege) compounded by an Insecure Design that permits a session switch without requiring the target user's password or an administrative token and only needs email of user.
π@cveNotify
GitHub
Vulnerabilites/Primakon/CVE-2025-64065.md at main Β· n3k7ar91/Vulnerabilites
Contribute to n3k7ar91/Vulnerabilites development by creating an account on GitHub.
π¨ CVE-2025-64067
Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data (e.g., user profiles, project records) fail to implement sufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset. This vulnerability can be exploited in two ways: Direct ID manipulation and IDOR, by changing an ID parameter (e.g., user_id, project_id) in the request, an attacker can access the object and data belonging to another user; and filter Omission, by omitting the filtering parameter entirely, an attacker can cause the endpoint to return an entire unfiltered dataset of all stored records for all users. This flaw leads to the unauthorized exposure of sensitive personal and organizational information.
π@cveNotify
Primakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data (e.g., user profiles, project records) fail to implement sufficient server-side validation to confirm that the requesting user is authorized to access the requested object or dataset. This vulnerability can be exploited in two ways: Direct ID manipulation and IDOR, by changing an ID parameter (e.g., user_id, project_id) in the request, an attacker can access the object and data belonging to another user; and filter Omission, by omitting the filtering parameter entirely, an attacker can cause the endpoint to return an entire unfiltered dataset of all stored records for all users. This flaw leads to the unauthorized exposure of sensitive personal and organizational information.
π@cveNotify
GitHub
Vulnerabilites/Primakon/CVE-2025-64067.md at main Β· n3k7ar91/Vulnerabilites
Contribute to n3k7ar91/Vulnerabilites development by creating an account on GitHub.
π¨ CVE-2025-65647
Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter.
π@cveNotify
Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter.
π@cveNotify
GitHub
CVE/CVE-2025-65647 at main Β· SachuuZ/CVE
CVE research archive: exploit PoCs, technical analysis, and mitigation strategies. For educational and responsible security research purposes only. - SachuuZ/CVE
π¨ CVE-2025-13771
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
π@cveNotify
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
π@cveNotify
π¨ CVE-2025-66027
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpoint, even when Pro privacy features are enabled. This bypasses intended privacy controls that should prevent participants from viewing other usersβ personal information. This issue has been patched in version 4.5.6.
π@cveNotify
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpoint, even when Pro privacy features are enabled. This bypasses intended privacy controls that should prevent participants from viewing other usersβ personal information. This issue has been patched in version 4.5.6.
π@cveNotify
GitHub
ποΈ Hide participant data from API (#2039) Β· lukevella/rallly@59738c0
Rallly is an open-source scheduling and collaboration tool designed to make organizing events and meetings easier. - ποΈ Hide participant data from API (#2039) Β· lukevella/rallly@59738c0
π¨ CVE-2025-66034
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.
π@cveNotify
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.
π@cveNotify
GitHub
varLib: only use the basename(vf.filename) Β· fonttools/fonttools@a696d5b
Fontmake already does that since the beginning:
https://github.com/googlefonts/fontmake/blob/35e9e5dbdf2130a04c54688bb1bdbcfdb4b5fc67/Lib/fontmake/font_project.py#L438
it's safer to disall...
https://github.com/googlefonts/fontmake/blob/35e9e5dbdf2130a04c54688bb1bdbcfdb4b5fc67/Lib/fontmake/font_project.py#L438
it's safer to disall...
π¨ CVE-2025-66201
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.
π@cveNotify
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.
π@cveNotify
GitHub
Server-side Request Forgery (SSRF) in Actions Capability
### Summary
LibreChat looks vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. ...
LibreChat looks vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. ...
π¨ CVE-2025-66216
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a heap buffer overflow vulnerability has been identified in the AIS::Message class of AIS-catcher. This vulnerability allows an attacker to write approximately 1KB of arbitrary data into a 128-byte buffer. This issue has been patched in version 0.64.
π@cveNotify
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a heap buffer overflow vulnerability has been identified in the AIS::Message class of AIS-catcher. This vulnerability allows an attacker to write approximately 1KB of arbitrary data into a 128-byte buffer. This issue has been patched in version 0.64.
π@cveNotify
GitHub
CRITICAL: Fix heap buffer overflow in Message.cpp (CVE-class RCE) Β· jvde-github/AIS-catcher@3de0ef7
Fixed critical heap buffer overflow vulnerability in setUint() and setText()
functions that allowed Remote Code Execution.
Root cause: Incorrect comparison of bits vs bytes in bounds checking.
- B...
functions that allowed Remote Code Execution.
Root cause: Incorrect comparison of bits vs bytes in bounds checking.
- B...
π¨ CVE-2025-66217
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Length field. This leads to an immediate Denial of Service (DoS) and, when used as a library, severe Memory Corruption that can be leveraged for Remote Code Execution (RCE). This issue has been patched in version 0.64.
π@cveNotify
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Length field. This leads to an immediate Denial of Service (DoS) and, when used as a library, severe Memory Corruption that can be leveraged for Remote Code Execution (RCE). This issue has been patched in version 0.64.
π@cveNotify
GitHub
Security fixes: prevent integer underflow and null pointer vulnerabil⦠· jvde-github/AIS-catcher@e0f7242
β¦ities
- MQTT: Add bounds validation for topic_len in PUBLISH packets to prevent
integer underflow leading to heap buffer overflow (CVE-worthy)
- MQTT: Add length validation for PUBREC packets b...
- MQTT: Add bounds validation for topic_len in PUBLISH packets to prevent
integer underflow leading to heap buffer overflow (CVE-worthy)
- MQTT: Add length validation for PUBREC packets b...
π¨ CVE-2025-8045
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r53p0 through r54p1; Arm 5th Gen GPU Architecture Kernel Driver: from r53p0 through r54p1.
π@cveNotify
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r53p0 through r54p1; Arm 5th Gen GPU Architecture Kernel Driver: from r53p0 through r54p1.
π@cveNotify
π¨ CVE-2025-49642
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
π@cveNotify
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
π@cveNotify
π¨ CVE-2025-49643
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
π@cveNotify
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
π@cveNotify