π¨ CVE-2025-55129
HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne users, such as itz_hari_ and khoof.
π@cveNotify
HackerOne community member Kassem S.(kassem_s94) has reported that username handling in Revive Adserver was still vulnerable to impersonation attacks after the fix for CVE-2025-52672, via several alternate techniques. Homoglyphs based impersonation has been independently reported by other HackerOne users, such as itz_hari_ and khoof.
π@cveNotify
HackerOne
Revive Adserver disclosed on HackerOne: Username Validation Bypass
Cricetinae
## Executive Summary
The security patch in commit `d239a0845e4f64fbacd25fff2854426734d43aa2` is **INSUFFICIENT**.
Testing confirms that **3 out of 4 exploit vectors still bypass...
## Executive Summary
The security patch in commit `d239a0845e4f64fbacd25fff2854426734d43aa2` is **INSUFFICIENT**.
Testing confirms that **3 out of 4 exploit vectors still bypass...
π¨ CVE-2025-65278
An issue was discovered in file users.json in GroceryMart commit 21934e6 (2020-10-23) allowing unauthenticated attackers to gain sensitive information including plaintext usernames and passwords.
π@cveNotify
An issue was discovered in file users.json in GroceryMart commit 21934e6 (2020-10-23) allowing unauthenticated attackers to gain sensitive information including plaintext usernames and passwords.
π@cveNotify
Gist
Sensitive Information Disclosure via Publicly Accessible JSON File
Sensitive Information Disclosure via Publicly Accessible JSON File - gist:7e8d15c85221e3f708b7b480e04ab6ca
π¨ CVE-2025-40934
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.
An attacker can remove the signature from the XML document to make it pass the verification check.
XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should return an error message. The affected versions return true when attempting to validate an XML file that contains no signatures.
π@cveNotify
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.
An attacker can remove the signature from the XML document to make it pass the verification check.
XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should return an error message. The affected versions return true when attempting to validate an XML file that contains no signatures.
π@cveNotify
GitHub
An unsigned XML should fail verification Β· Issue #63 Β· perl-net-saml2/perl-XML-Sig
An unsigned XML should fail verification However, running the code below prints "Signature valid.". use XML::Sig; my $cert_text = '-----BEGIN CERTIFICATE----- MIIC4jCCAcoCCQC33wnybT5Q...
π¨ CVE-2025-12758
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.
π@cveNotify
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.
π@cveNotify
Gist
JS validator isLength bug
JS validator isLength bug. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2025-13836
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
π@cveNotify
When reading an HTTP response from a server, if no read amount is specified, the default behavior will be to use Content-Length. This allows a malicious server to cause the client to read large amounts of data into memory, potentially causing OOM or other DoS.
π@cveNotify
GitHub
[3.12] gh-119451: Fix a potential denial of service in http.client (G⦠· python/cpython@14b1fdb
β¦H-119454) (#142140)
gh-119451: Fix a potential denial of service in http.client (GH-119454)
Reading the whole body of the HTTP response could cause OOM if
the Content-Length value is too large e...
gh-119451: Fix a potential denial of service in http.client (GH-119454)
Reading the whole body of the HTTP response could cause OOM if
the Content-Length value is too large e...
π¨ CVE-2025-57462
Stored cross-site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file.
π@cveNotify
Stored cross-site scripting (xss) in machsol machpanel 8.0.32 allows attackers to execute arbitrary web scripts or HTML via a crafted PDF file.
π@cveNotify
GitHub
CVE-2025-57462/README.md at main Β· aljoharasubaie/CVE-2025-57462
Unauthenticated Access to Uploaded Files . Contribute to aljoharasubaie/CVE-2025-57462 development by creating an account on GitHub.
π¨ CVE-2025-26155
NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.
π@cveNotify
NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.
π@cveNotify
π¨ CVE-2025-65681
An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks.
π@cveNotify
An issue was discovered in Overhang.IO (tutor-open-edx) (overhangio/tutor) 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks.
π@cveNotify
π¨ CVE-2025-65276
An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 (2021-07-02). Due to missing authentication checks on /admin_index.php, an attacker can directly access the admin dashboard without valid credentials. This allows full administrative control including viewing/modifying user accounts, managing orders, changing payments, and editing product listings. Successful exploitation can lead to information disclosure, data manipulation, and privilege escalation.
π@cveNotify
An unauthenticated administrative access vulnerability exists in the open-source HashTech project (https://github.com/henzljw/hashtech) 1.0 thru commit 5919decaff2681dc250e934814fc3a35f6093ee5 (2021-07-02). Due to missing authentication checks on /admin_index.php, an attacker can directly access the admin dashboard without valid credentials. This allows full administrative control including viewing/modifying user accounts, managing orders, changing payments, and editing product listings. Successful exploitation can lead to information disclosure, data manipulation, and privilege escalation.
π@cveNotify
Gist
gist:c3bfcd1adf96d80952edbd03d0310836
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2025-13742
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML in the resulting email. This way, a user could inject links or other formatted text through a maliciously formatted name. Since pretix applies a strict allow list approach to allowed HTML tags, this could not be abused for XSS or similarly dangerous attack chains. However, it can be used to manipulate emails in a way that makes user-provided content appear in a trustworthy and credible way, which can be abused for phishing.
π@cveNotify
Emails sent by pretix can utilize placeholders that will be filled with customer data. For example, when {name} is used in an email template, it will be replaced with the buyer's name for the final email. If the name of the attendee contained HTML or Markdown formatting, this was rendered as HTML in the resulting email. This way, a user could inject links or other formatted text through a maliciously formatted name. Since pretix applies a strict allow list approach to allowed HTML tags, this could not be abused for XSS or similarly dangerous attack chains. However, it can be used to manipulate emails in a way that makes user-provided content appear in a trustworthy and credible way, which can be abused for phishing.
π@cveNotify
π¨ CVE-2024-6060
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.
π@cveNotify
An information disclosure vulnerability in Phloc Webscopes 7.0.0 allows local attackers with access to the log files to view logged HTTP requests that contain user passwords or other sensitive information.
π@cveNotify
Sonatype
CVE-2024-6060 | Sonatype Security Advisory
Sonatype Research team disclosed CVE-2024-6060. Explore how Phloc Webscopes 7.0.0 allows local attackers to access sensitive data in log files.
π¨ CVE-2025-65239
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.
π@cveNotify
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.
π@cveNotify
eslam3kl.gitbook.io
Welcome! | Eslam Ali Akl @eslam3kl
β οΈ Caution: This blog is mine alone. Everything posted here reflects my personal views only. Nothing I say represents my employer or any other organization Iβm affiliated with. Donβt confuse the two.
π¨ CVE-2025-66516
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF.
This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways.
First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.
Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.
π@cveNotify
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF.
This CVE covers the same vulnerability as in CVE-2025-54988. However, this CVE expands the scope of affected packages in two ways.
First, while the entrypoint for the vulnerability was the tika-parser-pdf-module as reported in CVE-2025-54988, the vulnerability and its fix were in tika-core. Users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable.
Second, the original report failed to mention that in the 1.x Tika releases, the PDFParser was in the "org.apache.tika:tika-parsers" module.
π@cveNotify
π¨ CVE-2025-43402
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.1. An app may be able to cause unexpected system termination or corrupt process memory.
π@cveNotify
The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26.1. An app may be able to cause unexpected system termination or corrupt process memory.
π@cveNotify
Apple Support
About the security content of macOS Tahoe 26.1 - Apple Support
This document describes the security content of macOS Tahoe 26.1.
π¨ CVE-2025-43530
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access sensitive user data.
π@cveNotify
This issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.2, macOS Sonoma 14.8.3, macOS Sequoia 15.7.3, iOS 18.7.3 and iPadOS 18.7.3. An app may be able to access sensitive user data.
π@cveNotify
Apple Support
About the security content of iOS 18.7.3 and iPadOS 18.7.3 - Apple Support
This document describes the security content of iOS 18.7.3 and iPadOS 18.7.3.
π¨ CVE-2025-15197
A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
π@cveNotify
GitHub
Code-projects Content Management System V1.0 editposts.php Arbitrary file upload vulnerability Β· Issue #7 Β· Limingqian123/CVE
Code-projects Content Management System V1.0 editposts.php Arbitrary file upload vulnerability NAME OF AFFECTED PRODUCT(S) Content Management System Vendor Homepage https://code-projects.org/conten...
π¨ CVE-2025-66862
A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
π@cveNotify
A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
π@cveNotify
GitHub
CRGF-Vul/cxxfilt/crash3.md at main Β· caozhzh/CRGF-Vul
Reproduction of crashes generated in several fuzzing experiments by CRGF method - caozhzh/CRGF-Vul
π¨ CVE-2025-66863
An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
π@cveNotify
An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
π@cveNotify
GitHub
CRGF-Vul/cxxfilt/crash2.md at main Β· caozhzh/CRGF-Vul
Reproduction of crashes generated in several fuzzing experiments by CRGF method - caozhzh/CRGF-Vul
π¨ CVE-2025-66865
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
π@cveNotify
An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
π@cveNotify
GitHub
CRGF-Vul/cxxfilt/crash4.md at main Β· caozhzh/CRGF-Vul
Reproduction of crashes generated in several fuzzing experiments by CRGF method - caozhzh/CRGF-Vul
π¨ CVE-2025-66869
Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8.
π@cveNotify
Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8.
π@cveNotify
GitHub
Multiple Crashes in v0.4.8 of swftophp when fuzzing test Β· Issue #366 Β· libming/libming
Test Environment Ubuntu 20.04.6 LTS libming-v0.4.8(TAG_NAME="ming-0_4_8") Step to reproduce ./autogen.sh ./configure --disable-shared --disable-freetype make ./swftophp "PoC file&quo...
π¨ CVE-2025-66877
Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8.
π@cveNotify
Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8.
π@cveNotify
GitHub
Multiple Crashes in v0.4.8 of swftophp when fuzzing test Β· Issue #367 Β· libming/libming
Test Environment Ubuntu 20.04.6 LTS libming-v0.4.8(TAG_NAME="ming-0_4_8") Step to reproduce ./autogen.sh ./configure --disable-shared --disable-freetype make ./swftophp "PoC file&quo...