๐จ CVE-2023-7331
A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 25c9965a872c704f3a9475488dc5d3196902199a. It is suggested to install a patch to address this issue.
๐@cveNotify
A vulnerability was detected in PKrystian Full-Stack-Bank up to bf73a0179e3ff07c0d7dc35297cea0be0e5b1317. This vulnerability affects unknown code of the component User Handler. Performing manipulation results in sql injection. It is possible to initiate the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The patch is named 25c9965a872c704f3a9475488dc5d3196902199a. It is suggested to install a patch to address this issue.
๐@cveNotify
GitHub
backend-sql-injection-protection ยท PKrystian/Full-Stack-Bank@25c9965
create_user.php
delete_user.php
edit_user.php
Added sql statement using prepare and bind param
users.php:
Added sql using prepare and bind param
Added account number generator always starting w...
delete_user.php
edit_user.php
Added sql statement using prepare and bind param
users.php:
Added sql using prepare and bind param
Added account number generator always starting w...
๐จ CVE-2023-22699
Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7.
๐@cveNotify
Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7.
๐@cveNotify
Patchstack
Broken Access Control in WordPress MainWP Wordfence Extension Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2023-23985
Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4.
๐@cveNotify
Missing Authorization vulnerability in Quiz Maker team Quiz Maker.This issue affects Quiz Maker: from n/a through 6.3.9.4.
๐@cveNotify
Patchstack
Content Spoofing in WordPress Quiz Maker Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2025-68946
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.
๐@cveNotify
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.
๐@cveNotify
Gitea
Gitea 1.20.1 is released | Gitea Blog
Gitea 1.20.1 is now released including 21 merged PRs.
๐จ CVE-2025-15210
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationality_nid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This vulnerability affects unknown code of the file /home/editrefugee.php. Such manipulation of the argument a/b/c/sex/d/e/nationality_nid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
๐@cveNotify
๐จ CVE-2025-15211
A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationality_nid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
๐@cveNotify
A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationality_nid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
๐@cveNotify
๐จ CVE-2025-15212
A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
๐@cveNotify
A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
๐@cveNotify
๐จ CVE-2025-15245
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
A vulnerability was found in D-Link DCS-850L 1.02.09. Affected is the function uploadfirmware of the component Firmware Update Service. The manipulation of the argument DownloadFile results in path traversal. The attack must originate from the local network. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
๐@cveNotify
tzh00203 on Notion
D-Link DCS850L v1.02.09 Path Traversal Vulnerability in Firmware Update | Notion
Vulnerability Title: Path Traversal and Command Injection Vulnerabilities in Firmware Upload Service of D-Link DCS-850L v1.02.09
๐จ CVE-2025-15354
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
๐@cveNotify
A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/add_admin.php. Executing manipulation of the argument Username can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
๐@cveNotify
GitHub
itsourcecode Society Management System Project V1.0 /admin/add_admin.php SQL injection ยท Issue #2 ยท BUPT2025201/CVE
itsourcecode Society Management System Project V1.0 /admin/add_admin.php SQL injection NAME OF AFFECTED PRODUCT(S) Society Management System Vendor Homepage https://itsourcecode.com/free-projects/p...
๐ฅ1
๐จ CVE-2025-68943
Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.
๐@cveNotify
Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.
๐@cveNotify
Gitea
1.21.8/9/10 are released | Gitea Blog
Gitea 1.21.10 is now released. 1.21.10 includs 8 merged PRs. You are highly recommanded to upgrade to this version ASAP. This is also include the bug fixes in 1.21.8 and 1.21.9 which weren't announcemented. 1.21.8 includes 50 merged PRs and 1.21.9 includesโฆ
๐จ CVE-2025-68944
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
๐@cveNotify
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
๐@cveNotify
Gitea
Gitea 1.22.2 is released | Gitea Blog
We are proud to present the release of Gitea version 1.22.2.
๐จ CVE-2025-68945
In Gitea before 1.21.2, an anonymous user can visit a private user's project.
๐@cveNotify
In Gitea before 1.21.2, an anonymous user can visit a private user's project.
๐@cveNotify
Gitea
Gitea 1.21.2 is released | Gitea Blog
Gitea 1.21.2 are now released. 1.21.2 includs 35 merged PRs and fixes for security vulnerability. You are highly recommanded to upgrade to this version ASAP.
๐จ CVE-2025-15107
A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report and is planning to fix this flaw in an upcoming release.
๐@cveNotify
A security vulnerability has been detected in actiontech sqle up to 4.2511.0. The impacted element is an unknown function of the file sqle/utils/jwt.go of the component JWT Secret Handler. The manipulation of the argument JWTSecretKey leads to use of hard-coded cryptographic key . The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report and is planning to fix this flaw in an upcoming release.
๐@cveNotify
GitHub
[Vulnerability] sqle JWT_SECRET AND Valid credentials HardCoded ยท Issue #3186 ยท actiontech/sqle
็ๆฌไฟกๆฏ๏ผVersion๏ผ โค4.2511.0 ้ฎ้ขๆ่ฟฐ๏ผDescribe๏ผ sqle ๅญๅจ็กฌ็ผ็ ็JWT้ดๆๅฏ้ฅไปฅๅๅๆณๆๆ็JWTๅญ่ฏ sqle contains a hard-coded JWT authentication key and a valid JWT credential. ๆชๅพๆๆฅๅฟ๏ผLog๏ผ https://github.com/actiontech/sqle/blo...
๐จ CVE-2025-67703
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimโs browser.
๐@cveNotify
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimโs browser.
๐@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
๐จ CVE-2025-67704
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimโs browser.
๐@cveNotify
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimโs browser.
๐@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
๐จ CVE-2025-67705
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimโs browser.
๐@cveNotify
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimโs browser.
๐@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
๐จ CVE-2025-67706
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
๐@cveNotify
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
๐@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
๐จ CVE-2025-67707
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
๐@cveNotify
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
๐@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
๐จ CVE-2025-67708
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimโs browser.
๐@cveNotify
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimโs browser.
๐@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
๐จ CVE-2025-69412
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
๐@cveNotify
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
๐@cveNotify
Google for Developers
Overview | Safe Browsing APIs (v4) | Google for Developers
The Safe Browsing APIs allow client applications to check URLs against Google's constantly updated lists of unsafe web resources.
๐จ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88