🚨 CVE-2025-68972
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.
🎖@cveNotify
In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.
🎖@cveNotify
🚨 CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
🎖@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
🎖@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
🚨 CVE-2025-15116
A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitation is known to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
Gist
OpenCart v4.1.0.3 - Time-of-check Time-of-use.md
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2025-15117
A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
GitHub - Yohane-Mashiro/Sa-Token-cve: Sa-Token的反序列化问题
Sa-Token的反序列化问题. Contribute to Yohane-Mashiro/Sa-Token-cve development by creating an account on GitHub.
🚨 CVE-2025-15118
A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
🎖@cveNotify
GitHub
macrozheng/mall mall-portal Privilege Escalation in POST /member/address/update/{id}: allows lateral overwrite via memberId to…
macrozheng/mall mall-portal Privilege Escalation in POST /member/address/update/{id}: allows lateral overwrite via memberId to transfer address ownership Contributors: Huang Weigang 1. Impact Scope...
🚨 CVE-2025-15119
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
JeecgBoot Tenant Privilege Escalation: GET /sys/sysDepartRole/list Department ID Parameter Bypasses Tenant Validation · Issue #32…
JeecgBoot Tenant Privilege Escalation: GET /sys/sysDepartRole/list Department ID Parameter Bypasses Tenant Validation Contributors: huangweigang 1. Impact Scope JeecgBoot (latest) https://github.co...
🚨 CVE-2025-15120
A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. The exploitability is considered difficult. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
JeecgBoot Tenant Privilege Escalation: GET /sys/sysDepartRole/getDeptRoleList Department Role Query Without Tenant Validation ·…
JeecgBoot Tenant Privilege Escalation: GET /sys/sysDepartRole/getDeptRoleList Department Role Query Without Tenant Validation Contributors: huangweigang 1. Impact Scope JeecgBoot (latest) https://g...
🚨 CVE-2025-15121
A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
JeecgBoot Tenant Privilege Escalation: GET /sys/sysDepartRole/getDeptRoleByUserId User Department Role Query Without Tenant Validation…
JeecgBoot Tenant Privilege Escalation: GET /sys/sysDepartRole/getDeptRoleByUserId User Department Role Query Without Tenant Validation Contributors: huangweigang 1. Impact Scope JeecgBoot (latest) ...
🚨 CVE-2025-15122
A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
JeecgBoot Tenant Privilege Escalation: GET /sys/sysDepartRole/datarule/{permissionId}/{departId}/{roleId} Data Rule Query Without…
JeecgBoot Tenant Privilege Escalation: GET /sys/sysDepartRole/datarule/{permissionId}/{departId}/{roleId} Data Rule Query Without Tenant Validation Contributors: huangweigang 1. Impact Scope JeecgB...
🚨 CVE-2025-15123
A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The exploitability is reported as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
JeecgBoot Tenant Privilege Escalation: GET /sys/sysDepartPermission/datarule/{permissionId}/{departId} Department Permission Data…
JeecgBoot Tenant Privilege Escalation: GET /sys/sysDepartPermission/datarule/{permissionId}/{departId} Department Permission Data Rule Query Without Tenant Validation Contributors: huangweigang 1. ...
🚨 CVE-2025-15124
A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitability is said to be difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
JeecgBoot Tenant Privilege Escalation: GET /sys/sysDepartPermission/list Department Permission List Query Without Tenant Validation…
JeecgBoot Tenant Privilege Escalation: GET /sys/sysDepartPermission/list Department Permission List Query Without Tenant Validation Contributors: huangweigang 1. Impact Scope JeecgBoot (latest) htt...
🚨 CVE-2025-15125
A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is characterized by high complexity. The exploitability is told to be difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
JeecgBoot Tenant Privilege Escalation: GET /sys/permission/queryDepartPermission Department Authorization Menu Query Without Tenant…
JeecgBoot Tenant Privilege Escalation: GET /sys/permission/queryDepartPermission Department Authorization Menu Query Without Tenant Validation Contributors: huangweigang 1. Impact Scope JeecgBoot (...
🚨 CVE-2025-15126
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
JeecgBoot Tenant Privilege Escalation: GET /sys/position/getPositionUserList Position Member Query Without Tenant Validation ·…
JeecgBoot Tenant Privilege Escalation: GET /sys/position/getPositionUserList Position Member Query Without Tenant Validation Contributors: huangweigang 1. Impact Scope JeecgBoot (latest) https://gi...
🚨 CVE-2025-15127
A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. Affected by this issue is some unknown functionality of the file /controller/api/Room.php. Such manipulation of the argument hotelId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
SQL injection vulnerability in the hotelId parameter of Room.php in the Hotels_Server Hotel Management System · Issue #1 · liangmingpku/CVE
SQL Injection Vulnerability in Room.php of Hotels_Server Hotel Management System NAME OF AFFECTED PRODUCT(S) Hotels_Server Hotel Reservation System Vendor Homepage https://github.com/FantasticLBP/H...
🚨 CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing manipulation of the argument backup_encryption_password_decrypt/export_encryption_password_decrypt results in unprotected storage of credentials. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing manipulation of the argument backup_encryption_password_decrypt/export_encryption_password_decrypt results in unprotected storage of credentials. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
🎖@cveNotify
GitHub
GitHub - ionutluca888/IDOR-POC-ZKBio-Time
Contribute to ionutluca888/IDOR-POC-ZKBio-Time development by creating an account on GitHub.
🚨 CVE-2025-15129
A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
🎖@cveNotify
A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
🎖@cveNotify
GitHub
lin-cms-tp5 has a front-end arbitrary file upload vulnerability; submitting a CVE request. · Issue #65 · ChenJinchuang/lin-cms…
The file upload interface (POST /cms/file) provided by the CMS module has insufficient checks on the type/content of uploaded files, allowing anonymous users (frontend) to upload arbitrary files an...
🚨 CVE-2025-14954
A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/ogs_pfcp_urr_find_or_add/ogs_pfcp_qer_find_or_add in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 442369dcd964f03d95429a6a01a57ed21f7779b7. Applying a patch is the recommended action to fix this issue.
🎖@cveNotify
A vulnerability has been found in Open5GS up to 2.7.6. Affected is the function ogs_pfcp_pdr_find_or_add/ogs_pfcp_far_find_or_add/ogs_pfcp_urr_find_or_add/ogs_pfcp_qer_find_or_add in the library lib/pfcp/context.c of the component QER/FAR/URR/PDR. The manipulation leads to reachable assertion. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 442369dcd964f03d95429a6a01a57ed21f7779b7. Applying a patch is the recommended action to fix this issue.
🎖@cveNotify
GitHub
pfcp: Prevent DoS by removing assert-based QER/FAR/URR/PDR allocation… · open5gs/open5gs@442369d
… failures
This patch replaces fatal ogs_assert() calls in PFCP object allocation
(ogs_pfcp_{pdr,far,urr,qer}_find_or_add) with graceful error handling.
Previously, exceeding per-session resource ...
This patch replaces fatal ogs_assert() calls in PFCP object allocation
(ogs_pfcp_{pdr,far,urr,qer}_find_or_add) with graceful error handling.
Previously, exceeding per-session resource ...
🚨 CVE-2025-15130
A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. This product adopts a rolling release strategy to maintain continuous delivery The project was informed of the problem early through an issue report but has not responded yet. This vulnerability only affects products that are no longer supported by the maintainer.
🎖@cveNotify
Gitee
悠悠山雨/SyCms: 山雨内容管理系统基于THINKPHP 3.2版本制作,实现权限管理,接入短信接口,上传驱动切换(本地/七牛),全局动态参数,后台模版页自动生成(FormBuilder),封装富文本UEDITOR/上传WEBUPLOADER插件/弹出层ARTDIALOG等.
🚨 CVE-2025-15131
A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.
🎖@cveNotify
A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation results in command injection. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure.
🎖@cveNotify
GitHub
ZSPACE NAS Z4pro+ <= v1.0.0440024 - Command Injection in /v2/file/safe/status · Issue #1 · LX-66-LX/cve
NAME OF AFFECTED PRODUCT(S) ZSPACE NAS Z4pro+ (Firmware v1.0.0440024) - Command Injection in /v2/file/safe/status Vulnerability Details Detail Information Vendor ZSPACE (北京极空间科技有限公司) Product ZSPACE...
🚨 CVE-2025-15132
A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
🎖@cveNotify
A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function zfilev2_api_open of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
🎖@cveNotify
GitHub
ZSPACE NAS Z4pro+ <= v1.0.0440024 - Command Injection in /v2/file/safe/open · Issue #2 · LX-66-LX/cve
NAME OF AFFECTED PRODUCT(S) ZSPACE NAS Z4pro+ (Firmware v1.0.0440024) - Command Injection in /v2/file/safe/open Vulnerability Details Detail Information Vendor ZSPACE (北京极空间科技有限公司) Product ZSPACE N...
🚨 CVE-2025-15133
A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
🎖@cveNotify
A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function zfilev2_api_CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
🎖@cveNotify
GitHub
ZSPACE NAS Z4pro+ <= v1.0.0440024 - Command Injection in /v2/file/safe/close · Issue #3 · LX-66-LX/cve
NAME OF AFFECTED PRODUCT(S) ZSPACE NAS Z4pro+ (Firmware v1.0.0440024) - Command Injection in /v2/file/safe/close Vulnerability Details 细节 信息 Vendor ZSPACE (北京极空间科技有限公司) Product ZSPACE NAS (Z4pro+) ...