🚨 CVE-2025-13771
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
🎖@cveNotify
WebITR developed by Uniong has an Arbitrary File Read vulnerability, allowing authenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
🎖@cveNotify
🚨 CVE-2025-66027
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpoint, even when Pro privacy features are enabled. This bypasses intended privacy controls that should prevent participants from viewing other users’ personal information. This issue has been patched in version 4.5.6.
🎖@cveNotify
Rallly is an open-source scheduling and collaboration tool. Prior to version 4.5.6, an information disclosure vulnerability exposes participant details, including names and email addresses through the /api/trpc/polls.get,polls.participants.list endpoint, even when Pro privacy features are enabled. This bypasses intended privacy controls that should prevent participants from viewing other users’ personal information. This issue has been patched in version 4.5.6.
🎖@cveNotify
GitHub
🔒️ Hide participant data from API (#2039) · lukevella/rallly@59738c0
Rallly is an open-source scheduling and collaboration tool designed to make organizing events and meetings easier. - 🔒️ Hide participant data from API (#2039) · lukevella/rallly@59738c0
🚨 CVE-2025-66034
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.
🎖@cveNotify
fontTools is a library for manipulating fonts, written in Python. In versions from 4.33.0 to before 4.60.2, the fonttools varLib (or python3 -m fontTools.varLib) script has an arbitrary file write vulnerability that leads to remote code execution when a malicious .designspace file is processed. The vulnerability affects the main() code path of fontTools.varLib, used by the fonttools varLib CLI and any code that invokes fontTools.varLib.main(). This issue has been patched in version 4.60.2.
🎖@cveNotify
GitHub
varLib: only use the basename(vf.filename) · fonttools/fonttools@a696d5b
Fontmake already does that since the beginning:
https://github.com/googlefonts/fontmake/blob/35e9e5dbdf2130a04c54688bb1bdbcfdb4b5fc67/Lib/fontmake/font_project.py#L438
it's safer to disall...
https://github.com/googlefonts/fontmake/blob/35e9e5dbdf2130a04c54688bb1bdbcfdb4b5fc67/Lib/fontmake/font_project.py#L438
it's safer to disall...
🚨 CVE-2025-66201
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.
🎖@cveNotify
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.
🎖@cveNotify
GitHub
Server-side Request Forgery (SSRF) in Actions Capability
### Summary
LibreChat looks vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. ...
LibreChat looks vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. ...
🚨 CVE-2025-66216
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a heap buffer overflow vulnerability has been identified in the AIS::Message class of AIS-catcher. This vulnerability allows an attacker to write approximately 1KB of arbitrary data into a 128-byte buffer. This issue has been patched in version 0.64.
🎖@cveNotify
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a heap buffer overflow vulnerability has been identified in the AIS::Message class of AIS-catcher. This vulnerability allows an attacker to write approximately 1KB of arbitrary data into a 128-byte buffer. This issue has been patched in version 0.64.
🎖@cveNotify
GitHub
CRITICAL: Fix heap buffer overflow in Message.cpp (CVE-class RCE) · jvde-github/AIS-catcher@3de0ef7
Fixed critical heap buffer overflow vulnerability in setUint() and setText()
functions that allowed Remote Code Execution.
Root cause: Incorrect comparison of bits vs bytes in bounds checking.
- B...
functions that allowed Remote Code Execution.
Root cause: Incorrect comparison of bits vs bytes in bounds checking.
- B...
🚨 CVE-2025-66217
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Length field. This leads to an immediate Denial of Service (DoS) and, when used as a library, severe Memory Corruption that can be leveraged for Remote Code Execution (RCE). This issue has been patched in version 0.64.
🎖@cveNotify
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Length field. This leads to an immediate Denial of Service (DoS) and, when used as a library, severe Memory Corruption that can be leveraged for Remote Code Execution (RCE). This issue has been patched in version 0.64.
🎖@cveNotify
GitHub
Security fixes: prevent integer underflow and null pointer vulnerabil… · jvde-github/AIS-catcher@e0f7242
…ities
- MQTT: Add bounds validation for topic_len in PUBLISH packets to prevent
integer underflow leading to heap buffer overflow (CVE-worthy)
- MQTT: Add length validation for PUBREC packets b...
- MQTT: Add bounds validation for topic_len in PUBLISH packets to prevent
integer underflow leading to heap buffer overflow (CVE-worthy)
- MQTT: Add length validation for PUBREC packets b...
🚨 CVE-2025-8045
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r53p0 through r54p1; Arm 5th Gen GPU Architecture Kernel Driver: from r53p0 through r54p1.
🎖@cveNotify
Use After Free vulnerability in Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform improper GPU processing operations to gain access to already freed memory.This issue affects Valhall GPU Kernel Driver: from r53p0 through r54p1; Arm 5th Gen GPU Architecture Kernel Driver: from r53p0 through r54p1.
🎖@cveNotify
🚨 CVE-2025-49642
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
🎖@cveNotify
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
🎖@cveNotify
🚨 CVE-2025-49643
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
🎖@cveNotify
An authenticated Zabbix user (including Guest) is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service.
🎖@cveNotify
🚨 CVE-2025-64061
Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level (including standard or low-privileged users), can make a GET request to this endpoint and retrieve a complete, unfiltered list of all registered application users. Crucially, the API response body for this endpoint includes password hashes.
🎖@cveNotify
Primakon Pi Portal 1.0.18 /api/v2/users endpoint is vulnerable to unauthorized data exposure due to deficient access control mechanisms. Any authenticated user, regardless of their privilege level (including standard or low-privileged users), can make a GET request to this endpoint and retrieve a complete, unfiltered list of all registered application users. Crucially, the API response body for this endpoint includes password hashes.
🎖@cveNotify
GitHub
Vulnerabilites/Primakon/CVE-2025-64061.md at main · n3k7ar91/Vulnerabilites
Contribute to n3k7ar91/Vulnerabilites development by creating an account on GitHub.
🚨 CVE-2025-13768
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.
🎖@cveNotify
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to exploit this vulnerability.
🎖@cveNotify
🚨 CVE-2025-13770
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
🎖@cveNotify
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
🎖@cveNotify
🚨 CVE-2018-1109
A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
🎖@cveNotify
A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
🎖@cveNotify
🚨 CVE-2021-26829
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
🎖@cveNotify
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
🎖@cveNotify
ScadaBR
[REPORT] Falhas de segurança em versões do ScadaBR
Boa noite, Sou pesquisador de segurança da informação e estou abrindo esse tópico com intuito de obter um contato para que eu possa reportar falhas de segurança crítica em versões distinta do ScadaBR. Busquei o contato dos responsáveis/desenvolvedores do…
🚨 CVE-2024-26928
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_debug_files_proc_show()
Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.
🎖@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_debug_files_proc_show()
Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.
🎖@cveNotify
🚨 CVE-2025-13261
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
🎖@cveNotify
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
🎖@cveNotify
GitHub
Vulnerability: Unauthorized Arbitrary File Read in lsFusion ≤ 6.1 · Issue #1543 · lsfusion/platform
BUG_Author: R1ckyZ Affected Version: lsFusion ≤ 6.1 Vendor: lsfusion GitHub Repository Software: lsfusion Vulnerability Files: web-client/src/main/java/lsfusion/http/controller/file/DownloadFileReq...
🚨 CVE-2025-13262
A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
GitHub
Vulnerability: Arbitrary file upload in lsFusion ≤ 6.1 · Issue #1544 · lsfusion/platform
BUG_Author: R1ckyZ Affected Version: lsFusion ≤ 6.1 Vendor: lsfusion GitHub Repository Software: lsfusion Vulnerability Files: platform/web-client/src/main/java/lsfusion/http/controller/file/Upload...
🚨 CVE-2025-13265
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.
🎖@cveNotify
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.
🎖@cveNotify
GitHub
Vulnerability: Arbitrary File Overwrite and Deletion are possible during zip decompression in lsFusion ≤ 6.1 · Issue #1545 · l…
BUG_Author: R1ckyZ Affected Version: lsFusion ≤ 6.1 Vendor: lsfusion GitHub Repository Software: lsfusion Vulnerability Files: server/src/main/java/lsfusion/server/physics/dev/integration/external/...
🚨 CVE-2025-36150
IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
🎖@cveNotify
IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
🎖@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0
🚨 CVE-2025-64761
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: an operator in the root namespace has access to identity/groups endpoints and an operator does not have policy access. Otherwise, an operator with policy access could create or modify an existing policy to grant root-equivalent permissions through the sudo capability. This issue has been patched in version 2.4.4.
🎖@cveNotify
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: an operator in the root namespace has access to identity/groups endpoints and an operator does not have policy access. Otherwise, an operator with policy access could create or modify an existing policy to grant root-equivalent permissions through the sudo capability. This issue has been patched in version 2.4.4.
🎖@cveNotify
GitHub
Correctly lowercase policies in identity groups (#2143) · openbao/openbao@16bb0cc
Confusingly, while strutil.RemoveDuplicates and
strutil.RemoveDuplicatesStable both take a second parameter to perform
case-insensitive comparison, the latter (as originally used by the group
subsy...
strutil.RemoveDuplicatesStable both take a second parameter to perform
case-insensitive comparison, the latter (as originally used by the group
subsy...
🚨 CVE-2025-62497
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed.
🎖@cveNotify
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed.
🎖@cveNotify
jvn.jp
JVN#75140384: Multiple vulnerabilities in SNC-CX600W
Japan Vulnerability Notes