π¨ CVE-2025-13265
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.
π@cveNotify
A weakness has been identified in lsfusion platform up to 6.1. This vulnerability affects the function unpackFile of the file server/src/main/java/lsfusion/server/physics/dev/integration/external/to/file/ZipUtils.java. This manipulation causes path traversal. It is possible to initiate the attack remotely.
π@cveNotify
GitHub
Vulnerability: Arbitrary File Overwrite and Deletion are possible during zip decompression in lsFusion β€ 6.1 Β· Issue #1545 Β· lβ¦
BUG_Author: R1ckyZ Affected Version: lsFusion β€ 6.1 Vendor: lsfusion GitHub Repository Software: lsfusion Vulnerability Files: server/src/main/java/lsfusion/server/physics/dev/integration/external/...
π¨ CVE-2025-36150
IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
π@cveNotify
IBM Concert 1.0.0 through 2.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
π@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Multiple vulnerabilities were addressed in IBM Concert Software version 2.1.0
π¨ CVE-2025-64761
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: an operator in the root namespace has access to identity/groups endpoints and an operator does not have policy access. Otherwise, an operator with policy access could create or modify an existing policy to grant root-equivalent permissions through the sudo capability. This issue has been patched in version 2.4.4.
π@cveNotify
OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: an operator in the root namespace has access to identity/groups endpoints and an operator does not have policy access. Otherwise, an operator with policy access could create or modify an existing policy to grant root-equivalent permissions through the sudo capability. This issue has been patched in version 2.4.4.
π@cveNotify
GitHub
Correctly lowercase policies in identity groups (#2143) Β· openbao/openbao@16bb0cc
Confusingly, while strutil.RemoveDuplicates and
strutil.RemoveDuplicatesStable both take a second parameter to perform
case-insensitive comparison, the latter (as originally used by the group
subsy...
strutil.RemoveDuplicatesStable both take a second parameter to perform
case-insensitive comparison, the latter (as originally used by the group
subsy...
π¨ CVE-2025-62497
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed.
π@cveNotify
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed.
π@cveNotify
jvn.jp
JVN#75140384: Multiple vulnerabilities in SNC-CX600W
Japan Vulnerability Notes
π¨ CVE-2025-64730
Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product.
π@cveNotify
Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product.
π@cveNotify
jvn.jp
JVN#75140384: Multiple vulnerabilities in SNC-CX600W
Japan Vulnerability Notes
π¨ CVE-2025-13595
The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.
π@cveNotify
The CIBELES AI plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.10.8. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.
π@cveNotify
GitHub
GitHub - d0n601/CVE-2025-13595: CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload
CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload - d0n601/CVE-2025-13595
π¨ CVE-2025-13597
The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.
π@cveNotify
The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.
π@cveNotify
GitHub
GitHub - d0n601/CVE-2025-13597: AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload
AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload - d0n601/CVE-2025-13597
π¨ CVE-2025-64704
WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4.
π@cveNotify
WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, WAMR is susceptible to a segmentation fault in v128.store instruction. This issue has been patched in version 2.4.4.
π@cveNotify
GitHub
Release WAMR-2.4.4 Β· bytecodealliance/wasm-micro-runtime
Breaking Changes
New Features
Bug Fixes
CVE-2025-64704. Allow the classic interpreter to exit gracefully when encountering SIMD opcodes due to the per-instance running mode.
CVE-2025-64713. Fix an...
New Features
Bug Fixes
CVE-2025-64704. Allow the classic interpreter to exit gracefully when encountering SIMD opcodes due to the per-instance running mode.
CVE-2025-64713. Fix an...
π¨ CVE-2025-64713
WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When frame_ref_bottom and frame_offset_bottom arrays are at capacity and a GET_GLOBAL(I32) opcode is encountered, frame_ref_bottom is expanded but frame_offset_bottom may not be. If this is immediately followed by an if opcode that triggers preserve_local_for_block, the function traverses arrays using stack_cell_num as the upper bound, causing out-of-bounds access to frame_offset_bottom since it wasn't expanded to match the increased stack_cell_num. This issue has been patched in version 2.4.4.
π@cveNotify
WebAssembly Micro Runtime (WAMR) is a lightweight standalone WebAssembly (Wasm) runtime. Prior to version 2.4.4, an out-of-bounds array access issue exists in WAMR's fast interpreter mode during WASM bytecode loading. When frame_ref_bottom and frame_offset_bottom arrays are at capacity and a GET_GLOBAL(I32) opcode is encountered, frame_ref_bottom is expanded but frame_offset_bottom may not be. If this is immediately followed by an if opcode that triggers preserve_local_for_block, the function traverses arrays using stack_cell_num as the upper bound, causing out-of-bounds access to frame_offset_bottom since it wasn't expanded to match the increased stack_cell_num. This issue has been patched in version 2.4.4.
π@cveNotify
GitHub
Release WAMR-2.4.4 Β· bytecodealliance/wasm-micro-runtime
Breaking Changes
New Features
Bug Fixes
CVE-2025-64704. Allow the classic interpreter to exit gracefully when encountering SIMD opcodes due to the per-instance running mode.
CVE-2025-64713. Fix an...
New Features
Bug Fixes
CVE-2025-64704. Allow the classic interpreter to exit gracefully when encountering SIMD opcodes due to the per-instance running mode.
CVE-2025-64713. Fix an...
π¨ CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
π@cveNotify
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
π@cveNotify
π¨ CVE-2025-45778
A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in The Language Sloth Web Application v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Description text field.
π@cveNotify
π¨ CVE-2025-63601
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.
π@cveNotify
Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authenticated attacker to upload a malicious backup file containing arbitrary files and execute system commands.
π@cveNotify
Substack
Snipe-IT: CVE-2025-63601 - Post-Authenticated Remote Command Execution via Backup Restore Feature
I identified a Remote code execution vulnerability (CVE-2025-63601) in Snipe-ITβs backup restore feature, rooted in unsafe file extraction logic.
π¨ CVE-2025-63994
An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file.
π@cveNotify
An arbitrary file upload vulnerability in the /php/UploadHandler.php component of RichFilemanager v2.7.6 allows attackers to execute arbitrary code via uploading a crafted file.
π@cveNotify
GitHub
Unauthenticated arbitrary file upload in bundled demo endpoint leads to code execution in common deployments Β· Issue #412 Β· psβ¦
Component/Path: libs/jQuery-File-Upload/server/php/index.php (demo endpoint that instantiates UploadHandler) Upload directory: libs/jQuery-File-Upload/server/php/files/ Upload policy source: libs/j...
π¨ CVE-2025-37157
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
π@cveNotify
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
π@cveNotify
π¨ CVE-2025-37163
A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.
π@cveNotify
A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.
π@cveNotify
π¨ CVE-2025-65497
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
π@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
π@cveNotify
GitHub
Missing sk_GENERAL_NAME_value() return value check Β· Issue #1745 Β· obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
π¨ CVE-2025-65498
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
π@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
π@cveNotify
GitHub
Missing SSL_get_SSL_CTX() return value check Β· Issue #1746 Β· obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
π¨ CVE-2025-65499
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
π@cveNotify
Array index error in tls_verify_call_back() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_ex_data_X509_STORE_CTX_idx() to return -1.
π@cveNotify
GitHub
Missing SSL_get_ex_data_X509_STORE_CTX_idx() return value check Β· Issue #1747 Β· obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
π¨ CVE-2025-65500
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
π@cveNotify
NULL pointer dereference in coap_dtls_generate_cookie() in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSL_get_SSL_CTX() to return NULL.
π@cveNotify
GitHub
Missing SSL_get_SSL_CTX() return value check Β· Issue #1746 Β· obgm/libcoap
Environment Build System: [Make] Operating System: [Linux] Operating System Version: [Ubuntu 20.04] Hosted Environment: [None] libcoap Configuration Summary Last ./configure build libcoap package v...
π¨ CVE-2024-35215
NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process.
π@cveNotify
NULL pointer dereference in IP socket options processing of the Networking Stack in QNX Software Development Platform (SDP) version(s) 7.1 and 7.0 could allow an attacker with local access to cause a denial-of-service condition in the context of the Networking Stack process.
π@cveNotify
π¨ CVE-2024-51723
A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's session.
π@cveNotify
A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's session.
π@cveNotify