π¨ CVE-2025-14255
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
π@cveNotify
Vitals ESP developed by Galaxy Software Services has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
π@cveNotify
π¨ CVE-2025-66320
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2025-66321
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2025-12956
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
π@cveNotify
A reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
π@cveNotify
Dassault Systèmes
CVE-2025-12956 - Dassault Systèmes
Reflected Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x
β€1
π¨ CVE-2025-14224
A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was found in Yottamaster DM2, DM3 and DM200 up to 1.2.23/1.9.12. Affected by this issue is some unknown functionality of the component File Upload. Performing manipulation results in path traversal. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
β€1
π¨ CVE-2025-26487
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows Server Side Request Forgery.
π@cveNotify
Server-Side Request Forgery (SSRF) vulnerability in Infinera MTC-9 version allows Server Side Request Forgery.
π@cveNotify
www.cvcn.gov.it
CVCN
Bootstrap Italia
π¨ CVE-2025-26488
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a
reboot of the appliance, thus causing a DoS condition, via crafted XML
payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
π@cveNotify
Improper Input Validation vulnerability in Infinera MTC-9 allows remote unauthenticated users to crash the service and cause a
reboot of the appliance, thus causing a DoS condition, via crafted XML
payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
π@cveNotify
www.cvcn.gov.it
CVCN
Bootstrap Italia
π¨ CVE-2025-26489
Improper Input Validation vulnerability in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the
appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
π@cveNotify
Improper Input Validation vulnerability in Infinera MTC-9 allows remote authenticated users to crash the service and reboot the
appliance, thus causing a DoS condition, via crafted XML payloads.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
π@cveNotify
π¨ CVE-2025-58279
Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Permission control vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2025-66325
Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2025-66327
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2025-66328
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2025-66329
Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
Permission control vulnerability in the window management module. Impact: Successful exploitation of this vulnerability may affect availability.
π@cveNotify
π¨ CVE-2025-66330
App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
App lock verification bypass vulnerability in the file management app. Impact: Successful exploitation of this vulnerability may affect service confidentiality.
π@cveNotify
π¨ CVE-2025-14225
A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
A vulnerability was determined in D-Link DCS-930L 1.15.04. This affects an unknown part of the file /setSystemAdmin of the component alphapd. Executing manipulation of the argument AdminID can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
GitHub
MY_VULN_2/D-Link/vuln-1/D-Link Vulnerability.md at main Β· Madgeaaaaa/MY_VULN_2
Contribute to Madgeaaaaa/MY_VULN_2 development by creating an account on GitHub.
π¨ CVE-2025-14226
A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Other parameters might be affected as well.
π@cveNotify
A vulnerability was identified in itsourcecode Student Management System 1.0. This vulnerability affects unknown code of the file /edit_user.php. The manipulation of the argument fname leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. Other parameters might be affected as well.
π@cveNotify
GitHub
itsourcecode Student Management System V1.0 SQL Injection Vulnerability Β· Issue #17 Β· ltranquility/CVE
itsourcecode Student Management System V1.0 SQL Injection Vulnerability NAME OF AFFECTED PRODUCT(S) Student Managemen System Vendor Homepage https://itsourcecode.com/free-projects/php-project/stude...
π¨ CVE-2025-14227
A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security flaw has been discovered in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. This issue affects some unknown processing of the file /edit.php. The manipulation results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
Philipinho's Simple-PHP-Blogεε¨sql注ε
₯ζΌζ΄ Β· Issue #1 Β· woshinenbaba/CVE-
δΌεη°θΏδΈͺidεζ°εΉΆζͺε θΏζ»€εεΌΊεΆη±»ε转εε ζ€ε―δ»₯θΏθ‘sql注ε
₯ pocοΌ POST /edit.php HTTP/1.1 Host: xxxxxx Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) ...
π¨ CVE-2025-14262
A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions.
There is no workaround.
π@cveNotify
A wrong permission check in KNIME Business Hub before version 1.17.0 allowed an authenticated user to save jobs of other users as if there were saved by the job owner. The attacker must have permissions to access the jobs but then they were saved into the catalog service using the wrong owner permissions. Therefore it may have been possible to save into spaces where the attacker does not have write permissions.
There is no workaround.
π@cveNotify
KNIME
Security Advisories | KNIME
This page summarizes all security advisories for KNIME Software products and services, including KNIME Analytics Platform, KNIME Server, and KNIME Hub.
π¨ CVE-2025-27019
Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows
an attacker to utilize password-less user accounts and obtain
system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
π@cveNotify
Remote shell service (RSH) in Infinera MTC-9 version R22.1.1.0275 allows
an attacker to utilize password-less user accounts and obtain
system access by activating a reverse shell.This issue affects MTC-9: from R22.1.1.0275 before R23.0.
π@cveNotify
www.cvcn.gov.it
CVCN
Bootstrap Italia
π¨ CVE-2025-27020
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system
.
This issue affects MTC-9: from R22.1.1.0275 before R23.0.
π@cveNotify
Improper configuration of the SSH service in Infinera MTC-9 allows an unauthenticated attacker to execute arbitrary commands and access data on file system
.
This issue affects MTC-9: from R22.1.1.0275 before R23.0.
π@cveNotify
www.cvcn.gov.it
CVCN
Bootstrap Italia
π¨ CVE-2025-66461
FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed.
π@cveNotify
FULLBACK Manager Pro provided by GS Yuasa International Ltd. registers two Windows services with unquoted file paths. A user may execute arbitrary code with SYSTEM privilege if he/she has the write permission on the path to the directory where the affected product is installed.
π@cveNotify
jvn.jp
JVN#59242986: GS Yuasa FULLBACK Manager Pro registers Windows services with unquoted file paths
Japan Vulnerability Notes