🚨 CVE-2025-13770
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
🎖@cveNotify
WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
🎖@cveNotify
🚨 CVE-2018-1109
A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
🎖@cveNotify
A vulnerability was found in Braces versions 2.2.0 and above, prior to 2.3.1. Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) attacks.
🎖@cveNotify
🚨 CVE-2021-26829
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
🎖@cveNotify
OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm.
🎖@cveNotify
ScadaBR
[REPORT] Falhas de segurança em versões do ScadaBR
Boa noite, Sou pesquisador de segurança da informação e estou abrindo esse tópico com intuito de obter um contato para que eu possa reportar falhas de segurança crítica em versões distinta do ScadaBR. Busquei o contato dos responsáveis/desenvolvedores do…
🚨 CVE-2024-26928
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_debug_files_proc_show()
Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.
🎖@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
smb: client: fix potential UAF in cifs_debug_files_proc_show()
Skip sessions that are being teared down (status == SES_EXITING) to
avoid UAF.
🎖@cveNotify
🚨 CVE-2025-13261
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
🎖@cveNotify
A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
🎖@cveNotify
GitHub
Vulnerability: Unauthorized Arbitrary File Read in lsFusion ≤ 6.1 · Issue #1543 · lsfusion/platform
BUG_Author: R1ckyZ Affected Version: lsFusion ≤ 6.1 Vendor: lsfusion GitHub Repository Software: lsfusion Vulnerability Files: web-client/src/main/java/lsfusion/http/controller/file/DownloadFileReq...
🚨 CVE-2025-13262
A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to path traversal. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
GitHub
Vulnerability: Arbitrary file upload in lsFusion ≤ 6.1 · Issue #1544 · lsfusion/platform
BUG_Author: R1ckyZ Affected Version: lsFusion ≤ 6.1 Vendor: lsfusion GitHub Repository Software: lsfusion Vulnerability Files: platform/web-client/src/main/java/lsfusion/http/controller/file/Upload...
🚨 CVE-2025-13265
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.
🎖@cveNotify
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.
🎖@cveNotify
GitHub
Vulnerability: Arbitrary File Overwrite and Deletion are possible during zip decompression in lsFusion ≤ 6.1 · Issue #1545 · l…
BUG_Author: R1ckyZ Affected Version: lsFusion ≤ 6.1 Vendor: lsfusion GitHub Repository Software: lsfusion Vulnerability Files: server/src/main/java/lsfusion/server/physics/dev/integration/external/...
🚨 CVE-2025-36150
IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
🎖@cveNotify
IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
🎖@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0
🚨 CVE-2025-64761
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: an operator in the root namespace has access to identity/groups endpoints and an operator does not have policy access. Otherwise, an operator with policy access could create or modify an existing policy to grant root-equivalent permissions through the sudo capability. This issue has been patched in version 2.4.4.
🎖@cveNotify
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: an operator in the root namespace has access to identity/groups endpoints and an operator does not have policy access. Otherwise, an operator with policy access could create or modify an existing policy to grant root-equivalent permissions through the sudo capability. This issue has been patched in version 2.4.4.
🎖@cveNotify
GitHub
Correctly lowercase policies in identity groups (#2143) · openbao/openbao@16bb0cc
Confusingly, while strutil.RemoveDuplicates and
strutil.RemoveDuplicatesStable both take a second parameter to perform
case-insensitive comparison, the latter (as originally used by the group
subsy...
strutil.RemoveDuplicatesStable both take a second parameter to perform
case-insensitive comparison, the latter (as originally used by the group
subsy...
🚨 CVE-2025-62497
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed.
🎖@cveNotify
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed.
🎖@cveNotify
jvn.jp
JVN#75140384: Multiple vulnerabilities in SNC-CX600W
Japan Vulnerability Notes
🚨 CVE-2025-64730
Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product.
🎖@cveNotify
Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product.
🎖@cveNotify
jvn.jp
JVN#75140384: Multiple vulnerabilities in SNC-CX600W
Japan Vulnerability Notes
🚨 CVE-2025-13595
The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.
🎖@cveNotify
The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.
🎖@cveNotify
GitHub
GitHub - d0n601/CVE-2025-13595: CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload
CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload - d0n601/CVE-2025-13595
🚨 CVE-2025-13597
The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.
🎖@cveNotify
The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.
🎖@cveNotify
GitHub
GitHub - d0n601/CVE-2025-13597: AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload
AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload - d0n601/CVE-2025-13597
🚨 CVE-2025-64704
WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4.
🎖@cveNotify
WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4.
🎖@cveNotify
GitHub
Release WAMR-2.4.4 · bytecodealliance/wasm-micro-runtime
Breaking Changes
New Features
Bug Fixes
CVE-2025-64704. Allow the classic interpreter to exit gracefully when encountering SIMD opcodes due to the per-instance running mode.
CVE-2025-64713. Fix an...
New Features
Bug Fixes
CVE-2025-64704. Allow the classic interpreter to exit gracefully when encountering SIMD opcodes due to the per-instance running mode.
CVE-2025-64713. Fix an...
🚨 CVE-2025-64713
WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When frame_ref_bottom and frame_offset_bottom arrays are at capacity and a GET_GLOBAL(I32) opcode is encountered, frame_ref_bottom is expanded but frame_offset_bottom may not be. If this is immediately followed by an if opcode that triggers preserve_local_for_block, the function traverses arrays using stack_cell_num as the upper bound, causing out-of-bounds access to frame_offset_bottom since it wasn't expanded to match the increased stack_cell_num. This issue has been patched in version 2.4.4.
🎖@cveNotify
WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When frame_ref_bottom and frame_offset_bottom arrays are at capacity and a GET_GLOBAL(I32) opcode is encountered, frame_ref_bottom is expanded but frame_offset_bottom may not be. If this is immediately followed by an if opcode that triggers preserve_local_for_block, the function traverses arrays using stack_cell_num as the upper bound, causing out-of-bounds access to frame_offset_bottom since it wasn't expanded to match the increased stack_cell_num. This issue has been patched in version 2.4.4.
🎖@cveNotify
GitHub
Release WAMR-2.4.4 · bytecodealliance/wasm-micro-runtime
Breaking Changes
New Features
Bug Fixes
CVE-2025-64704. Allow the classic interpreter to exit gracefully when encountering SIMD opcodes due to the per-instance running mode.
CVE-2025-64713. Fix an...
New Features
Bug Fixes
CVE-2025-64704. Allow the classic interpreter to exit gracefully when encountering SIMD opcodes due to the per-instance running mode.
CVE-2025-64713. Fix an...
🚨 CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
🎖@cveNotify
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
🎖@cveNotify
🚨 CVE-2025-45778
A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field.
🎖@cveNotify
A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field.
🎖@cveNotify
🚨 CVE-2025-63601
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.
🎖@cveNotify
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.
🎖@cveNotify
Substack
Snipe-IT: CVE-2025-63601 - Post-Authenticated Remote Command Execution via Backup Restore Feature
I identified a Remote code execution vulnerability (CVE-2025-63601) in Snipe-IT’s backup restore feature, rooted in unsafe file extraction logic.
🚨 CVE-2025-63994
An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file.
🎖@cveNotify
An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file.
🎖@cveNotify
GitHub
Unauthenticated arbitrary file upload in bundled demo endpoint leads to code execution in common deployments · Issue #412 · ps…
Component/Path: libs/jQuery-File-Upload/server/php/index.php (demo endpoint that instantiates UploadHandler) Upload directory: libs/jQuery-File-Upload/server/php/files/ Upload policy source: libs/j...
🚨 CVE-2025-37157
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
🎖@cveNotify
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
🎖@cveNotify
🚨 CVE-2025-37163
A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.
🎖@cveNotify
A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.
🎖@cveNotify