🚨 CVE-2025-15190
A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
🎖@cveNotify
A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
🎖@cveNotify
GitHub
vuls/d-link/dwr-m920/formFilter.md at main · panda666-888/vuls
Contribute to panda666-888/vuls development by creating an account on GitHub.
🚨 CVE-2025-15191
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
GitHub
vuls/d-link/dwr-m920/formLtefotaUpgradeFibocom.md at main · panda666-888/vuls
Contribute to panda666-888/vuls development by creating an account on GitHub.
🚨 CVE-2025-57460
File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.
🎖@cveNotify
File upload vulnerability in machsol machpanel 8.0.32 allows attacker to gain a webshell.
🎖@cveNotify
GitHub
CVE-2025-57460/README.md at main · aljoharasubaie/CVE-2025-57460
File upload vulnerability in machsol machpanel 8 allows attacker gain a webshell. - aljoharasubaie/CVE-2025-57460
🔥1
🚨 CVE-2025-50433
An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts.
🎖@cveNotify
An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts.
🎖@cveNotify
🚨 CVE-2025-64507
Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed.
🎖@cveNotify
Incus is a system container and virtual machine manager. An issue in versions prior to 6.0.6 and 6.19.0 affects any Incus user in an environment where an unprivileged user may have root access to a container with an attached custom storage volume that has the `security.shifted` property set to `true` as well as access to the host as an unprivileged user. The most common case for this would be systems using `incus-user` with the less privileged `incus` group to provide unprivileged users with an isolated restricted access to Incus. Such users may be able to create a custom storage volume with the necessary property (depending on kernel and filesystem support) and can then write a setuid binary from within the container which can be executed as an unprivileged user on the host to gain root privileges. A patch for this issue is expected in versions 6.0.6 and 6.19.0. As a workaround, permissions can be manually restricted until a patched version of Incus is deployed.
🎖@cveNotify
GitHub
Local privilege escalation: a local unprivileged user in a restricted project may obtain host root privileges under certain conditions.…
Is there an existing issue for this? There is no existing issue for this bug Is this happening on an up to date version of Incus? This is happening on a supported version of Incus Incus system deta...
🚨 CVE-2024-7625
In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability.
🎖@cveNotify
In HashiCorp Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2, the archive unpacking process is vulnerable to writes outside the allocation directory during migration of allocation directories when multiple archive headers target the same file. This vulnerability, CVE-2024-7625, is fixed in Nomad 1.6.14, 1.7.11, and 1.8.3. Access or compromise of the Nomad client agent at the source allocation first is a prerequisite for leveraging this vulnerability.
🎖@cveNotify
HashiCorp Discuss
HCSEC-2024-17 - Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
Bulletin ID: HCSEC-2024-17 Affected Products / Versions: Nomad and Nomad Enterprise from 0.6.1 up to 1.6.13, 1.7.10, and 1.8.2; fixed in Nomad Enterprise 1.6.14, 1.7.11, 1.8.3. Publication Date: August 14, 2024 Summary In HashiCorp Nomad and Nomad Enterprise…
🚨 CVE-2024-10975
Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15.
🎖@cveNotify
Nomad Community and Nomad Enterprise ("Nomad") volume specification is vulnerable to arbitrary cross-namespace volume creation through unauthorized Container Storage Interface (CSI) volume writes. This vulnerability, identified as CVE-2024-10975, is fixed in Nomad Community Edition 1.9.2 and Nomad Enterprise 1.9.2, 1.8.7, and 1.7.15.
🎖@cveNotify
HashiCorp Discuss
HCSEC-2024-27 - Nomad Vulnerable To Cross-Namespace Volume Creation Abusing CSI Write Permission
Bulletin ID: HCSEC-2024-27 Affected Products / Versions: Nomad Community Edition from 1.3.0 up to 1.9.1, fixed in 1.9.2. Nomad Enterprise from 1.3.0 up to 1.9.1, 1.8.6, 1.7.14, fixed in 1.9.2, 1.8.7, and 1.7.15. Publication Date: November 7, 2024 Summary…
🚨 CVE-2024-12289
Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.
This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.
🎖@cveNotify
Boundary Community Edition and Boundary Enterprise (“Boundary”) incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process.
This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2.
🎖@cveNotify
HashiCorp Discuss
HCSEC-2024-28 - Boundary Controller Incorrectly Handles HTTP Requests On Initialization Which May Lead to a Denial of Service
Bulletin ID: HCSEC-2024-28 Affected Products / Versions: Boundary Community Edition and Boundary Enterprise 0.8.0 up to 0.18.1; fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2. Publication Date: December 12, 2024 Summary…
🚨 CVE-2025-50952
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.
🎖@cveNotify
openjpeg v 2.5.0 was discovered to contain a NULL pointer dereference via the component /openjp2/dwt.c.
🎖@cveNotify
GitHub
Exist a null pointer dereference issue in file src/lib/openjp2/dwt.c:2124 · Issue #1505 · uclouvain/openjpeg
Expected behavior and actual behavior. Hi, I found a runtime error: applying zero offset to null pointer in current master, and I also reproduced it on latest released version 2.5.0. Steps to repro...
🚨 CVE-2025-11621
Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27
🎖@cveNotify
Vault and Vault Enterprise’s (“Vault”) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27
🎖@cveNotify
HashiCorp Discuss
HCSEC-2025-30 - Vault AWS Auth Method Authentication Bypass Through Mishandling of Cache Entries
Bulletin ID: HCSEC-2025-30 Affected Products / Versions: Vault Community Edition 0.6.0 up to 1.20.4, fixed in 1.21.0. Vault Enterprise 0.6.0 up to 1.20.4, 1.19.10, 1.18.15, and 1.16.26. fixed in 1.21.0, 1.20.5, 1.19.11, and 1.16.27. Publication Date: October…
🚨 CVE-2025-26866
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process against object injection attacks.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.
🎖@cveNotify
A remote code execution vulnerability exists where a malicious Raft node can exploit insecure Hessian deserialization within the PD store. The fix enforces IP-based authentication to restrict cluster membership and implements a strict class whitelist to harden the Hessian serialization process against object injection attacks.
Users are recommended to upgrade to version 1.7.0, which fixes the issue.
🎖@cveNotify
GitHub
refactor: adjust the related filters of sofa-bolt by haohao0103 · Pull Request #2735 · apache/incubator-hugegraph
This PR refactors and optimizes the filters used in the sofa-bolt components of the system. The key changes include:
Introducing a new Hessian serializer factory for controlling class whitelist in...
Introducing a new Hessian serializer factory for controlling class whitelist in...
🚨 CVE-2025-36230
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
🎖@cveNotify
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
🎖@cveNotify
Ibm
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14.2
🚨 CVE-2025-64645
IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.
🎖@cveNotify
IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.
🎖@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0
🚨 CVE-2025-12771
IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
🎖@cveNotify
IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
🎖@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0
🚨 CVE-2025-1721
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
🎖@cveNotify
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
🎖@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0
🚨 CVE-2025-36228
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.
🎖@cveNotify
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.
🎖@cveNotify
Ibm
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14.2
🚨 CVE-2025-36229
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.
🎖@cveNotify
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.
🎖@cveNotify
Ibm
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14.2
🚨 CVE-2025-68973
In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
🎖@cveNotify
In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
🎖@cveNotify
GitHub
gnupg/g10/armor.c at ff30683418695f5d2cc9e6cf8c9418e09378ebe4 · gpg/gnupg
The GNU Privacy Guard. NOTE: Maintainers are not tracking this mirror. Do not make pull requests here, nor comment any commits, submit them usual way to bug tracker (https://www.gnupg.org/documenta...
🚨 CVE-2025-15198
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
🎖@cveNotify
🚨 CVE-2025-27600
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0.
🎖@cveNotify
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0.
🎖@cveNotify
GitHub
网页抓取插件 SSRF 攻击
## 影响
小
## 描述
由于网页抓取插件未进行内网Ip校验,攻击者可通过发起内网IP请求,使得系统通过内网进行请求发起,可能获取到内网一些隐私数据。
## 修复版本
V4.9.0
小
## 描述
由于网页抓取插件未进行内网Ip校验,攻击者可通过发起内网IP请求,使得系统通过内网进行请求发起,可能获取到内网一些隐私数据。
## 修复版本
V4.9.0
🚨 CVE-2025-49131
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.
🎖@cveNotify
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.
🎖@cveNotify
GitHub
update python sandbox for safe (#4958) · labring/FastGPT@bb810a4
Co-authored-by: root <root@DESKTOP-778RLJS.localdomain>