๐จ CVE-2025-64645
IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.
๐@cveNotify
IBM Concert 1.0.0 through 2.1.0 could allow a local user to escalate their privileges due to a race condition of a symbolic link.
๐@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0
๐จ CVE-2025-12771
IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
๐@cveNotify
IBM Concert 1.0.0 through 2.1.0 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user could overflow the buffer and execute arbitrary code on the system.
๐@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0
๐จ CVE-2025-1721
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
๐@cveNotify
IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory.
๐@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Concert Software.
Multiple vulnerabilities were addressed in IBM Concert Software version 2.2.0
๐จ CVE-2025-36228
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.
๐@cveNotify
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 may allow inconsistent permissions between the user interface and backend API allowed users to access features that appeared disabled, potentially leading to misuse.
๐@cveNotify
Ibm
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14.2
๐จ CVE-2025-36229
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.
๐@cveNotify
IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 could allow authenticated users to enumerate sensitive information of data due by enumerating package identifiers.
๐@cveNotify
Ibm
Security Bulletin: Multiple vulnerabilities in IBM Aspera Faspex
Multiple vulnerabilities were addressed in IBM Aspera Faspex version 5.0.14.2
๐จ CVE-2025-68973
In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
๐@cveNotify
In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
๐@cveNotify
GitHub
gnupg/g10/armor.c at ff30683418695f5d2cc9e6cf8c9418e09378ebe4 ยท gpg/gnupg
The GNU Privacy Guard. NOTE: Maintainers are not tracking this mirror. Do not make pull requests here, nor comment any commits, submit them usual way to bug tracker (https://www.gnupg.org/documenta...
๐จ CVE-2025-15198
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
๐จ CVE-2025-27600
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0.
๐@cveNotify
FastGPT is a knowledge-based platform built on the LLMs. Since the web crawling plug-in does not perform intranet IP verification, an attacker can initiate an intranet IP request, causing the system to initiate a request through the intranet and potentially obtain some private data on the intranet. This issue is fixed in 4.9.0.
๐@cveNotify
GitHub
็ฝ้กตๆๅๆไปถ SSRF ๆปๅป
## ๅฝฑๅ
ๅฐ
## ๆ่ฟฐ
็ฑไบ็ฝ้กตๆๅๆไปถๆช่ฟ่กๅ ็ฝIpๆ ก้ช๏ผๆปๅป่ ๅฏ้่ฟๅ่ตทๅ ็ฝIP่ฏทๆฑ๏ผไฝฟๅพ็ณป็ป้่ฟๅ ็ฝ่ฟ่ก่ฏทๆฑๅ่ตท๏ผๅฏ่ฝ่ทๅๅฐๅ ็ฝไธไบ้็งๆฐๆฎใ
## ไฟฎๅค็ๆฌ
V4.9.0
ๅฐ
## ๆ่ฟฐ
็ฑไบ็ฝ้กตๆๅๆไปถๆช่ฟ่กๅ ็ฝIpๆ ก้ช๏ผๆปๅป่ ๅฏ้่ฟๅ่ตทๅ ็ฝIP่ฏทๆฑ๏ผไฝฟๅพ็ณป็ป้่ฟๅ ็ฝ่ฟ่ก่ฏทๆฑๅ่ตท๏ผๅฏ่ฝ่ทๅๅฐๅ ็ฝไธไบ้็งๆฐๆฎใ
## ไฟฎๅค็ๆฌ
V4.9.0
๐จ CVE-2025-49131
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.
๐@cveNotify
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated code in isolation. The sandbox before version 4.9.11 has insufficient isolation and inadequate restrictions on code execution by allowing overly permissive syscalls, which allows attackers to escape the intended sandbox boundaries. Attackers could exploit this to read and overwrite arbitrary files and bypass Python module import restrictions. This is patched in version 4.9.11 by restricting the allowed system calls to a safer subset and additional descriptive error messaging.
๐@cveNotify
GitHub
update python sandbox for safe (#4958) ยท labring/FastGPT@bb810a4
Co-authored-by: root <root@DESKTOP-778RLJS.localdomain>
๐จ CVE-2025-52552
FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12.
๐@cveNotify
FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to attacker-controlled sites. This issue has been patched in version 4.9.12.
๐@cveNotify
GitHub
V4.9.12 feature (#5022) ยท labring/FastGPT@095b75e
* New chatinput (#4995)
* feat: Change border style
* refactor: Improve layout and styling of ChatInput component
* style: Update ChatInput component styling and mobile layout
* fix: update key...
* feat: Change border style
* refactor: Improve layout and styling of ChatInput component
* style: Update ChatInput component styling and mobile layout
* fix: update key...
๐จ CVE-2025-61924
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
๐@cveNotify
PrestaShop Checkout is the PrestaShop official payment module in partnership with PayPal. In versions prior to 4.4.1 and 5.0.5, the Target PayPal merchant account hijacking from backoffice due to wrong usage of the PHP array_search(). The vulnerability is fixed in versions 4.4.1 and 5.0.5. No known workarounds exist.
๐@cveNotify
GitHub
Target PayPal merchant account hijacking from backoffice
### Impact
Wrong usage of the PHP `array_search()` allows bypass of validation
### Patches
The problem has been patched in versions
- v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1)
- v4.4...
Wrong usage of the PHP `array_search()` allows bypass of validation
### Patches
The problem has been patched in versions
- v4.4.1 for PrestaShop 1.7 (build number: 7.4.4.1)
- v4.4...
๐จ CVE-2025-62612
FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1.
๐@cveNotify
FastGPT is an AI Agent building platform. Prior to version 4.11.1, in the workflow file reading node, the network link is not security-verified, posing a risk of SSRF attacks. This issue has been patched in version 4.11.1.
๐@cveNotify
GitHub
ๆไปถ่ฏปๅ่็น SSRF ๆผๆด
ๅทฅไฝๆตๆไปถ่ฏปๅ่็นไธญ๏ผๅฏน็ฝ็ป้พๆฅๆช่ฟ่กๅฎๅ
จๆ ก้ช๏ผๅญๅจ SSRF ๆปๅป้ฃ้ฉใ
๐จ CVE-2025-68973
In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
๐@cveNotify
In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
๐@cveNotify
GitHub
gnupg/g10/armor.c at ff30683418695f5d2cc9e6cf8c9418e09378ebe4 ยท gpg/gnupg
The GNU Privacy Guard. NOTE: Maintainers are not tracking this mirror. Do not make pull requests here, nor comment any commits, submit them usual way to bug tracker (https://www.gnupg.org/documenta...
๐จ CVE-2025-13592
The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server.
๐@cveNotify
The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server.
๐@cveNotify
๐จ CVE-2025-14280
The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, when the "Meta API logs" setting is enabled (disabled by default). The vulnerability was partially patched in version 11.1.5 and fully patched in version 11.1.5.1.
๐@cveNotify
The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, when the "Meta API logs" setting is enabled (disabled by default). The vulnerability was partially patched in version 11.1.5 and fully patched in version 11.1.5.1.
๐@cveNotify
๐จ CVE-2025-14728
Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to insufficient sanitization of directory names which end with a ".", only encoding the final "." AS "%2E".
Although files can be written to incorrect locations, the containing directory must end with "%2E". This limits the impact of this vulnerability, and prevents it from overwriting critical files.
๐@cveNotify
Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers that allows a rogue client to upload a file which is written outside the datastore directory. Velociraptor is normally only allowed to write in the datastore directory. The issue occurs due to insufficient sanitization of directory names which end with a ".", only encoding the final "." AS "%2E".
Although files can be written to incorrect locations, the containing directory must end with "%2E". This limits the impact of this vulnerability, and prevents it from overwriting critical files.
๐@cveNotify
docs.velociraptor.app
CVE-2025-14728 Velociraptor directory traversal vulnerability :: Velociraptor - Digging deeper!
Velociraptor normally is only allowed to write in the datastore. However,
under some situations it is possible for a rogue client to write files
outside the datastore.
under some situations it is possible for a rogue client to write files
outside the datastore.
๐จ CVE-2025-15199
A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
๐@cveNotify
A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
๐@cveNotify
๐จ CVE-2025-15200
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /client/show/exceptionStatistics/client ยท Issue #372 ยท sohutv/cachecloud
XSS vulnerability on /client/show/exceptionStatistics/client Summary In the latest version (v3.2) of CacheCloud, the endpoint /client/show/exceptionStatistics/client does not encode user-controllab...
๐จ CVE-2025-15201
A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /web/resource/noPower ยท Issue #373 ยท sohutv/cachecloud
XSS vulnerability on /web/resource/noPower Summary In the latest version (v3.2) of CacheCloud, the endpoint /web/resource/noPower does not encode user-controllable parameters when outputting them o...
๐จ CVE-2025-67254
NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.
๐@cveNotify
NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnapshots.php.
๐@cveNotify
๐จ CVE-2025-67255
In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.
๐@cveNotify
In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any authenticated user to exploit a SQL Injection vulnerability.
๐@cveNotify