๐จ CVE-2025-9312
A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificateโbased authentication in certain default configurations, the affected components may permit unauthenticated requests even when mTLS is enabled. This condition occurs when relying on the default mTLS settings for System REST APIs or when the mTLS authenticator is enabled for SOAP services, causing these interfaces to accept requests without enforcing additional authentication.
Successful exploitation allows a malicious actor with network access to the affected endpoints to gain administrative privileges and perform unauthorized operations. The vulnerability is exploitable only when the impacted mTLS flows are enabled and accessible in a given deployment. Other certificate-based authentication mechanisms such as Mutual TLS OAuth client authentication and X.509 login flows are not affected, and APIs served through the API Gateway of WSO2 API Manager remain unaffected.
๐@cveNotify
A missing authentication enforcement vulnerability exists in the mutual TLS (mTLS) implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificateโbased authentication in certain default configurations, the affected components may permit unauthenticated requests even when mTLS is enabled. This condition occurs when relying on the default mTLS settings for System REST APIs or when the mTLS authenticator is enabled for SOAP services, causing these interfaces to accept requests without enforcing additional authentication.
Successful exploitation allows a malicious actor with network access to the affected endpoints to gain administrative privileges and perform unauthorized operations. The vulnerability is exploitable only when the impacted mTLS flows are enabled and accessible in a given deployment. Other certificate-based authentication mechanisms such as Mutual TLS OAuth client authentication and X.509 login flows are not affected, and APIs served through the API Gateway of WSO2 API Manager remain unaffected.
๐@cveNotify
Wso2
Security Advisory WSO2-2025-4494/CVE-2025-9312
Documentation for WSO2 Security and Compliance
๐จ CVE-2025-6966
NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.
๐@cveNotify
NULL pointer dereference in TagSection.keys() in python-apt on APT-based Linux systems allows a local attacker to cause a denial of service (process crash) via a crafted deb822 file with a malformed non-UTF-8 key.
๐@cveNotify
Launchpad
Bug #2091865 โInvalid null-pointer dereference in TagSection.key...โ : Bugs : python-apt package : Ubuntu
[Impact]
deb822 files with non-Unicode keys cause a NULL value to be generated and subsequently passed to PyList_Append() and Py_DECREF(), the latter than trying to dereference it and causing a segmentation fault.
This is causing process-upload to crashโฆ
deb822 files with non-Unicode keys cause a NULL value to be generated and subsequently passed to PyList_Append() and Py_DECREF(), the latter than trying to dereference it and causing a segmentation fault.
This is causing process-upload to crashโฆ
๐จ CVE-2013-5979
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
๐@cveNotify
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
๐@cveNotify
๐จ CVE-2013-4887
SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter.
๐@cveNotify
SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to execute arbitrary SQL commands via the displayid parameter.
๐@cveNotify
๐จ CVE-2013-4888
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.
๐@cveNotify
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.
๐@cveNotify
๐จ CVE-2013-4889
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripting (XSS) attacks, as demonstrated by CVE-2013-4888.
๐@cveNotify
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripting (XSS) attacks, as demonstrated by CVE-2013-4888.
๐@cveNotify
๐จ CVE-2025-62259
Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote users to access and edit content via the API.
๐@cveNotify
Liferay Portal 7.4.0 through 7.4.3.109, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has verified their email address, which allows remote users to access and edit content via the API.
๐@cveNotify
๐จ CVE-2025-12942
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
๐@cveNotify
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
๐@cveNotify
NETGEAR KB
NETGEAR Security Advisories: November 2025
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, weโฆ
๐จ CVE-2025-12943
Improper certificate
validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream
AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band
WiFi 6E Router) allows attackers with the ability to intercept and
tamper traffic destined to the device to execute arbitrary commands on the
device.
Devices
with automatic updates enabled may already have this patch applied. If not,
please check the firmware version and update to the
latest.
Fixed in:
RAX30 firmware
1.0.14.108 or later.
RAXE300 firmware
1.0.9.82 or later
๐@cveNotify
Improper certificate
validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream
AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band
WiFi 6E Router) allows attackers with the ability to intercept and
tamper traffic destined to the device to execute arbitrary commands on the
device.
Devices
with automatic updates enabled may already have this patch applied. If not,
please check the firmware version and update to the
latest.
Fixed in:
RAX30 firmware
1.0.14.108 or later.
RAXE300 firmware
1.0.9.82 or later
๐@cveNotify
NETGEAR KB
NETGEAR Security Advisories: November 2025
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, weโฆ
๐จ CVE-2025-12944
Improper input validation
in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with
direct network access to the device to potentially execute code on the device.
Please check the firmware version and update to the latest.
Fixed
in:
DGN2200v4
firmware 1.0.0.132 or later
๐@cveNotify
Improper input validation
in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with
direct network access to the device to potentially execute code on the device.
Please check the firmware version and update to the latest.
Fixed
in:
DGN2200v4
firmware 1.0.0.132 or later
๐@cveNotify
NETGEAR KB
NETGEAR Security Advisories: November 2025
NETGEAR's Product Security Team has assessed the following product vulnerabilities and provided guidance to address these vulnerabilities in the table below. Because firmware updates contain security fixes, bug fixes, and new features for your products, weโฆ
๐จ CVE-2025-60696
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). The arplookup function parses lines from /proc/net/arp using sscanf("%16s ... %18s ..."), storing results into buffers v6 (12 bytes) and v7 (20 bytes). Since the format specifiers allow up to 16 and 18 bytes respectively, oversized input can overflow the buffers, resulting in stack corruption. Local attackers controlling /proc/net/arp contents can exploit this issue to cause denial of service or potentially execute arbitrary code.
๐@cveNotify
A stack-based buffer overflow vulnerability exists in the makeRequest.cgi binary of Linksys RE7000 routers (Firmware FW_v2.0.15_211230_1012). The arplookup function parses lines from /proc/net/arp using sscanf("%16s ... %18s ..."), storing results into buffers v6 (12 bytes) and v7 (20 bytes). Since the format specifiers allow up to 16 and 18 bytes respectively, oversized input can overflow the buffers, resulting in stack corruption. Local attackers controlling /proc/net/arp contents can exploit this issue to cause denial of service or potentially execute arbitrary code.
๐@cveNotify
Linksys
Linksys | Networking & WiFi Technology
Experience fast, reliable, secure and easy to use WiFi when you level up with connectivity solutions made for home, business, and enterprise from Linksys.
๐จ CVE-2025-13305
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
GitHub
D-Link DWR-M960 B1 V1.01.07 - Buffer Overflow in /boafrm/formTracerouteDiagnosticRun ยท Issue #12 ยท LX-LX88/cve
NAME OF AFFECTED PRODUCT(S) D-link Router DWR-M960 B1 V1.01.07 - Buffer Overflow in /boafrm/formTracerouteDiagnosticRun Vulnerability Details Detail Information Vendor D-Link Product D-link DWR-M96...
๐จ CVE-2025-12760
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6.
๐@cveNotify
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass.This issue affects Email TFA: from 0.0.0 before 2.0.6.
๐@cveNotify
Drupal.org
Email TFA - Moderately critical - Access bypass - SA-CONTRIB-2025-115
The Email TFA module provides additional email-based two-factor authentication for Drupal logins. In certain scenarios, the module does not fully protect all login mechanisms as expected. This issue is mitigated by the fact that an attacker must already haveโฆ
๐จ CVE-2017-1000218
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.
๐@cveNotify
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution.
๐@cveNotify
GitHub
Security - buffer overflow ยท Issue #5 ยท hfiref0x/LightFTP
Hello, I've noticed a buffer overflow in the Unix version of LightFTP v1.1. This append in the "writelogentry" function. With this payload : python -c 'print "USER anonymous\...
๐จ CVE-2023-24042
A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName.
๐@cveNotify
A race condition in LightFTP through 2.2 allows an attacker to achieve path traversal via a malformed FTP request. A handler thread can use an overwritten context->FileName.
๐@cveNotify
GitHub
Race Condition for FTP commands for which a new handler thread is created while using FileName variable ยท Issue #25 ยท hfiref0x/LightFTP
Hi, There exists a race condition for commands which creates a new thread to handle while using context->FileName, examples such as RETR, MLSD. Steps to reproduce: login using a username such as...
๐จ CVE-2025-9809
Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.
๐@cveNotify
Out-of-bounds write in cdfs_open_cue_track in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATH_MAX_LENGTH that is copied using memcpy into a fixed-size buffer.
๐@cveNotify
GitHub
libretro-common/formats/cdfs/cdfs.c at master ยท libretro/libretro-common
Reusable coding blocks useful for libretro core and frontend development, written primarily in C. Permissively licensed. - libretro/libretro-common
๐จ CVE-2025-64746
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This stale reference creates a security gap: if another field is later created using the same name, it inherits the outdated permission entry. This behavior can unintentionally grant roles access to data they should not be able to read or modify. The issue is particularly risky in multi-tenant or production environments, where administrators may reuse field names, assuming old permissions have been fully cleared. Version 11.13.0 fixes the issue.
๐@cveNotify
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 11.13.0, Directus does not properly clean up field-level permissions when a field is deleted. When a field is removed from a collection, its reference in the permissions table remains intact. This stale reference creates a security gap: if another field is later created using the same name, it inherits the outdated permission entry. This behavior can unintentionally grant roles access to data they should not be able to read or modify. The issue is particularly risky in multi-tenant or production environments, where administrators may reuse field names, assuming old permissions have been fully cleared. Version 11.13.0 fixes the issue.
๐@cveNotify
GitHub
Merge from fork (#26110) ยท directus/directus@84d7636
* delete fields from permissions on delete
* fix type
* add changeset
* prettier
* fix oracle querying
* fix identifier quotation
---------
Co-authored-by: daedalus <44623501+Comforta...
* fix type
* add changeset
* prettier
* fix oracle querying
* fix identifier quotation
---------
Co-authored-by: daedalus <44623501+Comforta...
๐จ CVE-2025-64748
Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked (`****`), successful matches can be detected through returned records, enabling enumeration attacks on sensitive data. Version 11.13.0 fixes the issue.
๐@cveNotify
Directus is a real-time API and App dashboard for managing SQL database content. A vulnerability in versions prior to 11.13.0 allows authenticated users to search concealed/sensitive fields when they have read permissions. While actual values remain masked (`****`), successful matches can be detected through returned records, enabling enumeration attacks on sensitive data. Version 11.13.0 fixes the issue.
๐@cveNotify
GitHub
Merge from fork (#26111) ยท directus/directus@7737d56
* do not search concealed fields
* add tests
* add changeset
* reduce filter calls
* Update search.ts
* simplify check
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@u...
* add tests
* add changeset
* reduce filter calls
* Update search.ts
* simplify check
---------
Co-authored-by: daedalus <44623501+ComfortablyCoding@u...
๐จ CVE-2025-64749
Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The `/items/{collection}` API returns different error messages for two cases: when a user tries to access an existing collection which they are not authorized to access, and when user tries to access a non-existing collection. The two differing error messages leak the existence of collections to users which are not authorized to access these collections. Version 11.13.0 fixes the issue.
๐@cveNotify
Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The `/items/{collection}` API returns different error messages for two cases: when a user tries to access an existing collection which they are not authorized to access, and when user tries to access a non-existing collection. The two differing error messages leak the existence of collections to users which are not authorized to access these collections. Version 11.13.0 fixes the issue.
๐@cveNotify
GitHub
Merge from fork (#26109) ยท directus/directus@f99c9b8
* Use the same error for non-existent collections
* unifi error creation
* changeset
* prettier
* updated changeset
* unifi error creation
* changeset
* prettier
* updated changeset
๐จ CVE-2025-13181
A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
๐@cveNotify
A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
๐@cveNotify
GitHub
CVE-md/h3blog/xss4.md at main ยท caigo8/CVE-md
่ฎฐๅฝๅข้็cveๆๆกฃ. Contribute to caigo8/CVE-md development by creating an account on GitHub.
๐จ CVE-2025-13182
A vulnerability was identified in pojoin h3blog 1.0. The impacted element is an unknown function of the file /admin/cms/category/addtitle. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
๐@cveNotify
A vulnerability was identified in pojoin h3blog 1.0. The impacted element is an unknown function of the file /admin/cms/category/addtitle. The manipulation of the argument Title leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
๐@cveNotify
GitHub
CVE-md/h3blog/xss3.md at main ยท caigo8/CVE-md
่ฎฐๅฝๅข้็cveๆๆกฃ. Contribute to caigo8/CVE-md development by creating an account on GitHub.