๐จ CVE-2025-51682
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.
๐@cveNotify
mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly.
๐@cveNotify
Mjobtime
Field Time Management Software | Mjobtime
All-in-one construction software for labor time tracking, construction equipment tracking, reporting, real-time job-site visibility, and customizations tailored to your workflow.
๐จ CVE-2025-65840
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
๐@cveNotify
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery (CSRF) in the CkEditorAdminController.
๐@cveNotify
GitHub
PublicCMS_Vulns/CSRF_1.md at main ยท Hyperkopite/PublicCMS_Vulns
Contribute to Hyperkopite/PublicCMS_Vulns development by creating an account on GitHub.
๐จ CVE-2025-11778
Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'read_packet()' function of the TACACSPLUS implementation.
๐@cveNotify
Stack-based buffer overflow in Circutor SGE-PLC1000/SGE-PLC50 v0.9.2. This vulnerability allows an attacker to remotely exploit memory corruption through the 'read_packet()' function of the TACACSPLUS implementation.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Circutor products
INCIBE has coordinated the publication of 12 vulnerabilities, 2 critical and 10 high severity, affecti
๐จ CVE-2025-11779
Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection.
๐@cveNotify
Stack-based buffer overflow vulnerability in CircutorSGE-PLC1000/SGE-PLC50 v9.0.2. The 'SetLan' function is invoked when a new configuration is applied. This new configuration function is activated by a management web request, which can be invoked by a user when making changes to the 'index.cgi' web application. The parameters are not being sanitised, which could lead to command injection.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Circutor products
INCIBE has coordinated the publication of 12 vulnerabilities, 2 critical and 10 high severity, affecti
๐จ CVE-2025-11780
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the โmeterโ parameter.
๐@cveNotify
Stack-based buffer overflow vulnerability in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. In the 'showMeterReport()' function, there is an unlimited user input that is copied to a fixed-size buffer via 'sprintf()'. The 'GetParameter(meter)' function retrieves the user input, which is directly incorporated into a buffer without size validation. An attacker can provide an excessively large input for the โmeterโ parameter.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Circutor products
INCIBE has coordinated the publication of 12 vulnerabilities, 2 critical and 10 high severity, affecti
๐จ CVE-2025-11781
Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.
๐@cveNotify
Use of hardcoded cryptographic keys in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2. The affected firmware contains a hardcoded static authentication key. An attacker with local access to the device can extract this key (e.g., by analysing the firmware image or memory dump) and create valid firmware update packages. This bypasses all intended access controls and grants full administrative privileges.
๐@cveNotify
www.incibe.es
Multiple vulnerabilities in Circutor products
INCIBE has coordinated the publication of 12 vulnerabilities, 2 critical and 10 high severity, affecti
โค1
๐จ CVE-2013-4660
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
๐@cveNotify
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation.
๐@cveNotify
๐จ CVE-2025-20770
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4803.
๐@cveNotify
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4803.
๐@cveNotify
MediaTek
December 2025
๐จ CVE-2025-20771
In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4802.
๐@cveNotify
In display, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4802.
๐@cveNotify
MediaTek
December 2025
๐จ CVE-2025-20772
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4801.
๐@cveNotify
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4801.
๐@cveNotify
MediaTek
December 2025
๐จ CVE-2025-20773
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.
๐@cveNotify
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4797.
๐@cveNotify
MediaTek
December 2025
๐จ CVE-2025-20774
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.
๐@cveNotify
In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10196993; Issue ID: MSV-4796.
๐@cveNotify
MediaTek
December 2025
๐จ CVE-2025-20775
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
๐@cveNotify
In display, there is a possible memory corruption due to use after free. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10182914; Issue ID: MSV-4795.
๐@cveNotify
MediaTek
December 2025
๐จ CVE-2025-54063
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on any website. If a victim clicks the exploit link in their browser, the appโs custom URL handler is triggered, leading to remote code execution on the victimโs machine. This issue has been patched in version 1.5.1.
๐@cveNotify
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.4.8 to 1.5.0, there is a one-click remote code execution vulnerability through the custom URL handling. An attacker can exploit this by hosting a malicious website or embedding a specially crafted URL on any website. If a victim clicks the exploit link in their browser, the appโs custom URL handler is triggered, leading to remote code execution on the victimโs machine. This issue has been patched in version 1.5.1.
๐@cveNotify
GitHub
feat: add data parsing functionality in handleProvidersProtocolUrl (#โฆ ยท CherryHQ/cherry-studio@ff72c00
โฆ8218)
* feat: add data parsing functionality in handleProvidersProtocolUrl
- Introduced a new ParseData function to decode and parse base64 encoded data from the URL parameters.
- Added error ha...
* feat: add data parsing functionality in handleProvidersProtocolUrl
- Introduced a new ParseData function to decode and parse base64 encoded data from the URL parameters.
- Added error ha...
๐จ CVE-2025-54074
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth authorization server endpoints and trick victims into connecting it, leading to OS command injection in vulnerable clients. This issue has been patched in version 1.5.2.
๐@cveNotify
Cherry Studio is a desktop client that supports for multiple LLM providers. From versions 1.2.5 to 1.5.1, Cherry Studio is vulnerable to OS Command Injection during a connection with a malicious MCP server in HTTP Streamable mode. Attackers can setup a malicious MCP server with compatible OAuth authorization server endpoints and trick victims into connecting it, leading to OS command injection in vulnerable clients. This issue has been patched in version 1.5.2.
๐@cveNotify
GitHub
refactor: Unified Logger / ็ปไธๆฅๅฟ็ฎก็ (#8207) ยท CherryHQ/cherry-studio@40f9601
* Revert "feat: optimize minapp cache with LRU (#8160)"
This reverts commit f0043b4be5ab57a0a1471544617f346ea757cc98.
* feat: integrate logger service and enhance logging throug...
This reverts commit f0043b4be5ab57a0a1471544617f346ea757cc98.
* feat: integrate logger service and enhance logging throug...
๐จ CVE-2025-13223
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
๐@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 142.0.7444.175/.176 for Windows and 142.0.7444.176 for Mac and 142.0.7444.175 for Linux, which will...
๐จ CVE-2025-51745
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks.
๐@cveNotify
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fastjson deserialization attacks.
๐@cveNotify
๐จ CVE-2025-51746
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks.
๐@cveNotify
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /serialNumber/addSerialNumber endpoint is vulnerable to fastjson deserialization attacks.
๐@cveNotify
๐จ CVE-2025-58360
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.3, and GeoServer 2.27.0.
๐@cveNotify
GeoServer is an open source server that allows users to share and edit geospatial data. From version 2.26.0 to before 2.26.2 and before 2.25.6, an XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap. However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request. This issue has been patched in GeoServer 2.25.6, GeoServer 2.26.3, and GeoServer 2.27.0.
๐@cveNotify
GitHub
Unauthenticated XML External Entities (XXE) via WMS GetMap operation
## Description
An XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint ``/geoserver/wms`` operation ``GetMap``. However, this inp...
An XML External Entity (XXE) vulnerability was identified. The application accepts XML input through a specific endpoint ``/geoserver/wms`` operation ``GetMap``. However, this inp...
๐จ CVE-2025-51742
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject(), introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads.
๐@cveNotify
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList endpoint passes the search query parameter directly to parseObject(), introducing a Fastjson deserialization vulnerability that can lead to RCE via JDBC payloads.
๐@cveNotify
๐จ CVE-2025-9624
A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.
This issue affects all OpenSearch versions below 3.2.0.
๐@cveNotify
A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.
This issue affects all OpenSearch versions below 3.2.0.
๐@cveNotify
Fluidattacks
OpenSearch 3.2.0 - Nested Boolean/Disjunction Asymmetric DoS | Fluid Attacks
CVE-2025-9624: A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS).