π¨ CVE-2024-47866
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
π@cveNotify
Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no known patched versions exist.
π@cveNotify
GitHub
RGW DoS attack with empty HTTP header in S3 object copy
**Reported-by**: ηη <wangying2023@ict.ac.cn>
It was found that using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon...
It was found that using the argument `x-amz-copy-source` to put an object and specifying an empty string as its content leads to the RGW daemon...
π¨ CVE-2025-56385
A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to authentication bypass, data leakage, or full system compromise of backend database contents.
π@cveNotify
A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to authentication bypass, data leakage, or full system compromise of backend database contents.
π@cveNotify
π¨ CVE-2025-57310
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.
π@cveNotify
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code.
π@cveNotify
Gist
CSRF Leading to Stored XSS in Simple-Faucet-Script ( 1.07 ) - CVE-2025-57310
CSRF Leading to Stored XSS in Simple-Faucet-Script ( 1.07 ) - CVE-2025-57310 - readme.md
π¨ CVE-2025-63353
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.
π@cveNotify
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. The device generates default passwords using a deterministic algorithm that derives the router passphrase from the SSID, enabling an attacker who can observe the SSID to predict the default password without authentication or user interaction.
π@cveNotify
GitHub
GitHub - hanianis/CVE-2025-63353: A vulnerability in fiberhome GPON ONU HG6145F1 RP4423 allows the device's factory default Wiβ¦
A vulnerability in fiberhome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID - hanianis/CVE-2025-63353
π¨ CVE-2025-64280
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
π@cveNotify
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field.
π@cveNotify
CentralSquare
Public Sector Safety & Administration Software
Technologies to make the delivery of public services less costly & more efficient. Learn how our software solutions can build smarter, safer communities today!
π¨ CVE-2025-64281
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
π@cveNotify
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials.
π@cveNotify
CentralSquare
Public Sector Safety & Administration Software
Technologies to make the delivery of public services less costly & more efficient. Learn how our software solutions can build smarter, safer communities today!
π¨ CVE-2025-52331
Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation in the HTML report, which allows potentially malicious HTML tags to be injected into the report. User interaction is required. User must use the "generate report" functionality and open the report.
π@cveNotify
Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report directory, and IP address. The generate report command includes archived file names without validation in the HTML report, which allows potentially malicious HTML tags to be injected into the report. User interaction is required. User must use the "generate report" functionality and open the report.
π@cveNotify
Gist
Rarlab WinRAR 7.11 Cross-site scripting (XSS) vulnerability
Rarlab WinRAR 7.11 Cross-site scripting (XSS) vulnerability - vuln_description.txt
π¨ CVE-2025-59491
Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields.
π@cveNotify
Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields.
π@cveNotify
CentralSquare
Public Sector Safety & Administration Software
Technologies to make the delivery of public services less costly & more efficient. Learn how our software solutions can build smarter, safer communities today!
π¨ CVE-2025-63419
Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.
π@cveNotify
Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. The Web-Based Server has a feature where users can share files, the feature reflects the filename to an emailbody field with no sanitations leading to HTML Injection.
π@cveNotify
Gist
Users with "Rename" Permissions can trigger an Unintentional HTML Injection on other users via the shares functionality in CrushFTPβ¦
Users with "Rename" Permissions can trigger an Unintentional HTML Injection on other users via the shares functionality in CrushFTP Version 11.3.6_48 due to the lack of sanitazati...
π¨ CVE-2025-30774
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker allows SQL Injection. This issue affects Quiz Maker: from n/a through 6.6.8.7.
π@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ays Pro Quiz Maker allows SQL Injection. This issue affects Quiz Maker: from n/a through 6.6.8.7.
π@cveNotify
Patchstack
SQL Injection in WordPress Quiz Maker Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
π¨ CVE-2025-46814
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially inject arbitrary IP addresses into the request. This vulnerability can allow attackers to bypass IP-based access controls, mislead logging systems, and impersonate trusted clients. It is especially impactful when the application relies on the X-Forwarded-For header for IP-based authorization or authentication. Users should upgrade to FastAPI Guard version 2.0.0 to receive a fix.
π@cveNotify
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. An HTTP header injection vulnerability has been identified in versions prior to 2.0.0. By manipulating the X-Forwarded-For header, an attacker can potentially inject arbitrary IP addresses into the request. This vulnerability can allow attackers to bypass IP-based access controls, mislead logging systems, and impersonate trusted clients. It is especially impactful when the application relies on the X-Forwarded-For header for IP-based authorization or authentication. Users should upgrade to FastAPI Guard version 2.0.0 to receive a fix.
π@cveNotify
GitHub
Added necessary fixes for CVE-2025-46814, documentation, tests, etc (β¦ Β· rennf93/fastapi-guard@0b003fd
β¦#43)
π¨ CVE-2025-6266
A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 1.49.16 addresses this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
π@cveNotify
A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 1.49.16 addresses this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
π@cveNotify
GitHub
CVE/FLIR-AX8/Unauthority_file_upload_vulnerabililty.md at main Β· YZS17/CVE
CVE of XU17. Contribute to YZS17/CVE development by creating an account on GitHub.
π¨ CVE-2025-53539
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely inefficient and can cause polynomial complexity backtracks when handling specially crafted inputs. This vulnerability is fixed in 3.0.1.
π@cveNotify
FastAPI Guard is a security library for FastAPI that provides middleware to control IPs, log requests, and detect penetration attempts. fastapi-guard's penetration attempts detection uses regex to scan incoming requests. However, some of the regex patterns used in detection are extremely inefficient and can cause polynomial complexity backtracks when handling specially crafted inputs. This vulnerability is fixed in 3.0.1.
π@cveNotify
GitHub
Merge commit from fork Β· rennf93/fastapi-guard@d9d50e8
* Replaced unbounded quantifiers with bounded quantifiers to prevent catastrophic backtracking (patterns)
* Further optimizations + Replaced re with re2 + minor unrelated optimization
* Revert fr...
* Further optimizations + Replaced re with re2 + minor unrelated optimization
* Revert fr...
π¨ CVE-2025-9415
A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. The manipulation of the argument upload[] leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
A vulnerability was identified in GreenCMS up to 2.3.0603. This affects an unknown part of the file /index.php?m=admin&c=media&a=fileconnect. The manipulation of the argument upload[] leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
π@cveNotify
GitHub
# Projectworlds GreenCMS Project V2.3 /index.php?m=admin&c=media&a=fileconnect File unrestricted upload Β· Issue #10 Β· lan041221/cvec
Projectworlds GreenCMS Project V2.3 /index.php?m=admin&c=media&a=fileconnect File unrestricted upload NAME OF AFFECTED PRODUCT(S) GreenCMS Vendor Homepage github.com AFFECTED AND/OR FIXED V...
π¨ CVE-2023-53938
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim's browser.
π@cveNotify
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim's browser.
π@cveNotify
GitHub
GitHub - iwind/rockmongo: RockMongo is a MongoDB administration tool, written in PHP 5.
RockMongo is a MongoDB administration tool, written in PHP 5. - iwind/rockmongo
π¨ CVE-2025-64519
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulnerability by supplying a malicious `topic_id` (`t`) parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to the potential disclosure, modification, or deletion of any data in the database. Although it requires moderator privileges, it is still severe. A malicious or compromised moderator account can leverage this vulnerability to read, modify, or delete data. A patch is available at commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80.
π@cveNotify
TorrentPier is an open source BitTorrent Public/Private tracker engine, written in php. In versions up to and including 2.8.8, an authenticated SQL injection vulnerability exists in the moderator control panel (`modcp.php`). Users with moderator permissions can exploit this vulnerability by supplying a malicious `topic_id` (`t`) parameter. This allows an authenticated moderator to execute arbitrary SQL queries, leading to the potential disclosure, modification, or deletion of any data in the database. Although it requires moderator privileges, it is still severe. A malicious or compromised moderator account can leverage this vulnerability to read, modify, or delete data. A patch is available at commit 6a0f6499d89fa5d6e2afa8ee53802a1ad11ece80.
π@cveNotify
GitHub
fix(security): prevent SQL injection in moderator panel topic_id para⦠· torrentpier/torrentpier@6a0f649
β¦meter (#2216)
π¨ CVE-2025-64522
Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1 fixes the vulnerability.
π@cveNotify
Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private networks, and cloud metadata endpoints. Version 0.11.1 fixes the vulnerability.
π@cveNotify
GitHub
Merge commit from fork Β· charmbracelet/soft-serve@bb73b9a
closes GHSA-vwq2-jx9q-9h9f
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
Signed-off-by: Carlos Alexandro Becker <caarlos0@users.noreply.github.com>
π¨ CVE-2023-53943
GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.
π@cveNotify
GLPI 9.5.7 contains a username enumeration vulnerability in the lost password recovery mechanism that allows attackers to validate email addresses. Attackers can systematically test email addresses by submitting requests to the password reset endpoint and analyzing response differences to identify valid user accounts.
π@cveNotify
www.glpi-project.org
Smart IT Service Management, Helpdesk & Asset Tracking | GLPI
Streamline your operations with GLPI. Our open source ITSM solution centralizes requests, assets, workflows, and support in one powerful platform.
π¨ CVE-2025-34449
Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-service condition. This vulnerability may allow further exploitation on the host system.
π@cveNotify
Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result in memory corruption or a denial-of-service condition. This vulnerability may allow further exploitation on the host system.
π@cveNotify
GitHub
Fix UHID_OUTPUT message parsing Β· Genymobile/scrcpy@3e40b24
The bounds check was incorrect.
Fixes #6415 <https://github.com/Genymobile/scrcpy/issues/6415>
Fixes #6415 <https://github.com/Genymobile/scrcpy/issues/6415>
π¨ CVE-2025-34450
merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.
π@cveNotify
merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input data, the application may write beyond the bounds of a stack buffer, resulting in memory corruption or a crash. This vulnerability can be exploited to cause a denial of service and, under certain conditions, may be leveraged for further exploitation depending on the execution environment and available mitigations.
π@cveNotify
GitHub
Fix overflow in rfraw test data parsing (closes #3375) Β· dd32/rtl_433@25e47f8
Application using librtlsdr to decode the temperature from a wireless temperature sensor (433.92MHz) - Fix overflow in rfraw test data parsing (closes #3375) Β· dd32/rtl_433@25e47f8
π¨ CVE-2025-34451
rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.
π@cveNotify
rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.
π@cveNotify
GitHub
fix potential buffer overflow in config file parsing Β· httpsgithu/proxychains-ng@cc005b7
could be triggered by using username or password exceeding 255
bytes for http type proxies.
closes #606
bytes for http type proxies.
closes #606