🚨 CVE-2025-50182
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.
🎖@cveNotify
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0.
🎖@cveNotify
GitHub
Merge commit from fork · urllib3/urllib3@7eb4a2a
urllib3 is a user-friendly HTTP client library for Python - Merge commit from fork · urllib3/urllib3@7eb4a2a
🚨 CVE-2025-5072
Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak Exposure.This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
🎖@cveNotify
Resource leak vulnerability in ASR180x、ASR190x in con_mgr allows Resource Leak Exposure.This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
🎖@cveNotify
Asrmicro
Security Center
ASR Microelectronics Co., Ltd. (ASR, 688220.SH)was established in April 2015 and is headquartered at Zhang Jiang Hi-tech Park, Shanghai. It operates development and support centers in Beijing, Nanjing, Shenzhen, Hefei, Dalian, Chengdu, Xi’an and other mar
🚨 CVE-2025-49489
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (con_mgr
components) allows Resource Leak Exposure. This vulnerability is associated with program files con_mgr/dialer_task.C.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
🎖@cveNotify
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (con_mgr
components) allows Resource Leak Exposure. This vulnerability is associated with program files con_mgr/dialer_task.C.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
🎖@cveNotify
Asrmicro
Security Center
ASR Microelectronics Co., Ltd. (ASR, 688220.SH)was established in April 2015 and is headquartered at Zhang Jiang Hi-tech Park, Shanghai. It operates development and support centers in Beijing, Nanjing, Shenzhen, Hefei, Dalian, Chengdu, Xi’an and other mar
🚨 CVE-2023-53945
BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP and port.
🎖@cveNotify
BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP and port.
🎖@cveNotify
🚨 CVE-2025-14591
In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally identifiable information (PII) unmasked.
🎖@cveNotify
In Delphix Continuous Compliance version 2025.3.0 and later, following a recent bug fix to correctly handle CR+LF (Windows and DOS) End-of-Record (EOR) characters in delimited files, an issue was identified: using an incorrect EOR configuration can cause inaccurate parsing and leave personally identifiable information (PII) unmasked.
🎖@cveNotify
Perforce
TB137 - PII Leak Due to Change in EOR Handling
PII leak can occur as a result of change in EOR handling
🚨 CVE-2025-67826
An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit any registry key, leading to a full compromise as SYSTEM.
🎖@cveNotify
An issue was discovered in K7 Ultimate Security 17.0.2045. A Local Privilege Escalation (LPE) vulnerability in the K7 Ultimate Security antivirus can be exploited by a local unprivileged user on default installations of the product. Insecure access to a named pipe allows unprivileged users to edit any registry key, leading to a full compromise as SYSTEM.
🎖@cveNotify
🚨 CVE-2025-67443
Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.
🎖@cveNotify
Schlix CMS before v2.2.9-5 is vulnerable to Cross Site Scripting (XSS). Due to lack of javascript sanitization in the login form, incorrect login attempts in logs are triggered as XSS in the admin panel.
🎖@cveNotify
Gist
CVE-2025-67443.txt
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2019-10648
Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.
🎖@cveNotify
Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL.
🎖@cveNotify
GitHub
Bug-406: DNS interaction is not blocked by Robocode's security manage… · robo-code/robocode@836c846
…r + test(s) to verify the fix
🚨 CVE-2025-25038
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.
🎖@cveNotify
An OS command injection vulnerability exists in MiniDVBLinux version 5.4 and earlier. The system’s web-based management interface fails to properly sanitize user-supplied input before passing it to operating system commands. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary commands as the root user, potentially compromising the entire device. Exploitation evidence was observed by the Shadowserver Foundation on 2024-04-10 UTC.
🎖@cveNotify
Cxsecurity
MiniDVBLinux 5.4 SVDRP Control - CXSecurity.com
LiquidWorm has realised a new security note MiniDVBLinux 5.4 SVDRP Control
🚨 CVE-2025-49490
Resource leak vulnerability in ASR180x in router allows Resource Leak Exposure.
This vulnerability is associated with program files router/sms/sms.c.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
🎖@cveNotify
Resource leak vulnerability in ASR180x in router allows Resource Leak Exposure.
This vulnerability is associated with program files router/sms/sms.c.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
🎖@cveNotify
Asrmicro
Security Center
ASR Microelectronics Co., Ltd. (ASR, 688220.SH)was established in April 2015 and is headquartered at Zhang Jiang Hi-tech Park, Shanghai. It operates development and support centers in Beijing, Nanjing, Shenzhen, Hefei, Dalian, Chengdu, Xi’an and other mar
🚨 CVE-2025-49488
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router
components
allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pb.c.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
🎖@cveNotify
Improper Resource Shutdown or Release vulnerability in ASR180x 、ASR190x in router
components
allows Resource Leak Exposure. This vulnerability is associated with program files router/phonebook/pb.c.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
🎖@cveNotify
Asrmicro
Security Center
ASR Microelectronics Co., Ltd. (ASR, 688220.SH)was established in April 2015 and is headquartered at Zhang Jiang Hi-tech Park, Shanghai. It operates development and support centers in Beijing, Nanjing, Shenzhen, Hefei, Dalian, Chengdu, Xi’an and other mar
🚨 CVE-2025-49491
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (traffic_stat modules) allows Resource Leak Exposure. This vulnerability is associated with program files traffic_stat/traffic_service/traffic_service.C.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
🎖@cveNotify
Improper Resource Shutdown or Release vulnerability in ASR Falcon_Linux、Kestrel、Lapwing_Linux on Linux (traffic_stat modules) allows Resource Leak Exposure. This vulnerability is associated with program files traffic_stat/traffic_service/traffic_service.C.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
🎖@cveNotify
Asrmicro
Security Center
ASR Microelectronics Co., Ltd. (ASR, 688220.SH)was established in April 2015 and is headquartered at Zhang Jiang Hi-tech Park, Shanghai. It operates development and support centers in Beijing, Nanjing, Shenzhen, Hefei, Dalian, Chengdu, Xi’an and other mar
🚨 CVE-2025-49492
Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun. This vulnerability is associated with program files apps/atcmd_server/src/dev_api.C.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
🎖@cveNotify
Out-of-bounds write in ASR180x in lte-telephony, May cause a buffer underrun. This vulnerability is associated with program files apps/atcmd_server/src/dev_api.C.
This issue affects Falcon_Linux、Kestrel、Lapwing_Linux: before v1536.
🎖@cveNotify
Asrmicro
Security Center
ASR Microelectronics Co., Ltd. (ASR, 688220.SH)was established in April 2015 and is headquartered at Zhang Jiang Hi-tech Park, Shanghai. It operates development and support centers in Beijing, Nanjing, Shenzhen, Hefei, Dalian, Chengdu, Xi’an and other mar
🚨 CVE-2025-49113
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
🎖@cveNotify
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
🎖@cveNotify
fearsoff.org
Roundcube ≤ 1.6.10 Post-Auth RCE via PHP Object Deserialization [CVE-2025-49113]
A deep technical breakdown of CVE-2025-49113, a critical Roundcube vulnerability involving PHP session serialization. Learn how the bug was discovered, exploited, and responsibly disclosed with full PoC and recommendations for defenders and developers. Kirill…
🚨 CVE-2025-12994
Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025.
🎖@cveNotify
Medtronic CareLink Network allows an unauthenticated remote attacker to initiate a request for security questions to an API endpoint that could be used to determine a valid user account. This issue affects CareLink Network: before December 4, 2025.
🎖@cveNotify
Medtronic
CareLink Network vulnerabilities
Medtronic brought a non-production version of our CareLink™ Network to a security conference for external researchers to interact with in a safe environment.
🚨 CVE-2025-12995
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
🎖@cveNotify
Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint that could be used to determine a valid password under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
🎖@cveNotify
Medtronic
CareLink Network vulnerabilities
Medtronic brought a non-production version of our CareLink™ Network to a security conference for external researchers to interact with in a safe environment.
🚨 CVE-2025-12996
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
🎖@cveNotify
Medtronic CareLink Network allows a local attacker with access to log files on an internal API server to view plaintext passwords from errors logged under certain circumstances. This issue affects CareLink Network: before December 4, 2025.
🎖@cveNotify
Medtronic
CareLink Network vulnerabilities
Medtronic brought a non-production version of our CareLink™ Network to a security conference for external researchers to interact with in a safe environment.
🚨 CVE-2025-12997
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025.
🎖@cveNotify
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific device and user information to submit web requests to an API endpoint that would expose sensitive user information. This issue affects CareLink Network: before December 4, 2025.
🎖@cveNotify
Medtronic
CareLink Network vulnerabilities
Medtronic brought a non-production version of our CareLink™ Network to a security conference for external researchers to interact with in a safe environment.
🚨 CVE-2025-14582
A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing manipulation of the argument userphoto results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used.
🎖@cveNotify
A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=user-profile. Performing manipulation of the argument userphoto results in unrestricted upload. The attack can be initiated remotely. The exploit is now public and may be used.
🎖@cveNotify
GitHub
campcodes Online Student Enrollment System Project V1.0 /admin/index.php?page=user-profile Unrestricted Upload · Issue #2 · C…
campcodes Online Student Enrollment System Project V1.0 /admin/index.php?page=user-profile Unrestricted Upload Vulnerability Description A critical file upload vulnerability exists in the /admin/in...
🚨 CVE-2025-14647
A weakness has been identified in code-projects Computer Book Store 1.0. Affected is an unknown function of the file /admin_delete.php. This manipulation of the argument bookisbn causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
A weakness has been identified in code-projects Computer Book Store 1.0. Affected is an unknown function of the file /admin_delete.php. This manipulation of the argument bookisbn causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
🚨 CVE-2025-14648
A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalog_add.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
GitHub
CVE/DedeBIZ代码执行.pdf at main · HOrange147/CVE
Contribute to HOrange147/CVE development by creating an account on GitHub.