๐จ CVE-2024-25182
givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.
๐@cveNotify
givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php.
๐@cveNotify
Gist
CVE-2024-25182
CVE-2024-25182. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2024-25183
givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.
๐@cveNotify
givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php.
๐@cveNotify
Gist
CVE-2024-25183
CVE-2024-25183. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2025-15209
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
A weakness has been identified in code-projects Refugee Food Management System 1.0. This affects an unknown part of the file /home/editfood.php. This manipulation of the argument a/b/c/d causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
๐@cveNotify
๐จ CVE-2025-15243
A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
๐@cveNotify
A flaw has been found in code-projects Simple Stock System 1.0. This affects an unknown function of the file /market/login.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
๐@cveNotify
๐จ CVE-2025-15353
A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function edit_admin_query of the file /admin/edit_admin_query.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
๐@cveNotify
A vulnerability was detected in itsourcecode Society Management System 1.0. Impacted is the function edit_admin_query of the file /admin/edit_admin_query.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
๐@cveNotify
GitHub
itsourcecode Society Management System Project V1.0 /admin/edit_admin_query.php SQL injection ยท Issue #4 ยท BUPT2025201/CVE
itsourcecode Society Management System Project V1.0 /admin/edit_admin_query.php SQL injection NAME OF AFFECTED PRODUCT(S) Society Management System Vendor Homepage https://itsourcecode.com/free-pro...
๐จ CVE-2026-0565
A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
๐@cveNotify
A weakness has been identified in code-projects Content Management System 1.0. This issue affects some unknown processing of the file /admin/delete.php. Executing manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
๐@cveNotify
๐จ CVE-2019-17667
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field.
๐@cveNotify
Comtech H8 Heights Remote Gateway 2.5.1 devices allow XSS and HTML injection via the Site Name (aka SiteName) field.
๐@cveNotify
๐จ CVE-2020-5179
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
๐@cveNotify
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
๐@cveNotify
๐จ CVE-2020-7242
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
๐@cveNotify
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Diagnostics Trace Route page and entering shell metacharacters in the Target IP address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
๐@cveNotify
๐จ CVE-2020-7243
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
๐@cveNotify
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Fetch URL page and entering shell metacharacters in the URL field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
๐@cveNotify
๐จ CVE-2020-7244
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
๐@cveNotify
Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote code execution by navigating to the Poll Routes page and entering shell metacharacters in the Router IP Address field. (In some cases, authentication can be achieved with the comtech password for the comtech account.)
๐@cveNotify
๐จ CVE-2024-27916
Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. Version 0.0.33 contains a patch for this issue.
๐@cveNotify
Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. Version 0.0.33 contains a patch for this issue.
๐@cveNotify
GitHub
minder/internal/controlplane/handlers_repositories.go at a115c8524fbd582b2b277eaadce024bebbded508 ยท mindersec/minder
Software Supply Chain Security Platform. Contribute to mindersec/minder development by creating an account on GitHub.
๐จ CVE-2025-50399
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter password.
๐@cveNotify
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter password.
๐@cveNotify
GitHub
IOT-vul/FAST/FAC1200R/1 at main ยท sezangel/IOT-vul
Contribute to sezangel/IOT-vul development by creating an account on GitHub.
๐จ CVE-2025-50402
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password.
๐@cveNotify
FAST FAC1200R F400_FAC1200R_Q is vulnerable to Buffer Overflow in the function sub_80435780 via the parameter string fac_password.
๐@cveNotify
GitHub
IOT-vul/FAST/FAC1200R/2 at main ยท sezangel/IOT-vul
Contribute to sezangel/IOT-vul development by creating an account on GitHub.
๐จ CVE-2025-52493
PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from "password" to "text" using browser developer tools. This vulnerability is exploitable by administrative users who have access to the configuration page.
๐@cveNotify
PagerDuty Runbook through 2025-06-12 exposes stored secrets directly in the webpage DOM at the configuration page. Although these secrets appear masked as password fields, the actual secret values are present in the page source and can be revealed by simply modifying the input field type from "password" to "text" using browser developer tools. This vulnerability is exploitable by administrative users who have access to the configuration page.
๐@cveNotify
GitHub
Vulnerability-Research/CVE-2025-52493 at main ยท carterross2/Vulnerability-Research
This repository contains informations on the CVEs I've identified - carterross2/Vulnerability-Research
๐จ CVE-2025-51962
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of add_project_comment function.
๐@cveNotify
A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of add_project_comment function.
๐@cveNotify
GitHub
vulnerability-research/CVE-2025-51962/CVE-2025-51962.md at main ยท Sunnyshineshow/vulnerability-research
This repository is used to publish CVEs and research related to cybersecurity - Sunnyshineshow/vulnerability-research
๐จ CVE-2025-52196
Server-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x (8.1.1417.24) allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe.
๐@cveNotify
Server-Side Request Forgery (SSRF) vulnerability in Ctera Portal 8.1.x (8.1.1417.24) allows remote attackers to induce the server to make arbitrary HTTP requests via a crafted HTML file containing an iframe.
๐@cveNotify
Gist
CVE-2025-52196
CVE-2025-52196. GitHub Gist: instantly share code, notes, and snippets.
๐ฅ1
๐จ CVE-2025-53618
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `grayscale_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data
๐@cveNotify
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `grayscale_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data
๐@cveNotify
๐จ CVE-2025-53619
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `null_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data
๐@cveNotify
An out-of-bounds read vulnerability exists in the JPEGBITSCodec::InternalCode functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.The function `null_convert` is called based of the value of the malicious DICOM file specifying the intended interpretation of the image pixel data
๐@cveNotify
๐จ CVE-2025-53398
The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions,
๐@cveNotify
The Portrait Dell Color Management application 3.3.8 for Dell monitors has Insecure Permissions,
๐@cveNotify
Portrait Displays
Dell Security CVE Updates
Dell Security Updates The following vulnerabilities have been identified In Portrait software. CVE-2025-53398 Dell Color Management Software, version(s) 3.3.008 and prior, contain(s)...Read More...