π¨ CVE-2025-69286
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth) token generation process allows these tokens to be mutually derivable. Specifically, both tokens are generated using the same `URLSafeTimedSerializer` with predictable inputs, enabling an unauthorized user who obtains the shared assistant/agent URL to derive the personal API key. This grants them full control over the assistant/agent owner's account. Version 0.22.0 fixes the issue.
π@cveNotify
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth) token generation process allows these tokens to be mutually derivable. Specifically, both tokens are generated using the same `URLSafeTimedSerializer` with predictable inputs, enabling an unauthorized user who obtains the shared assistant/agent URL to derive the personal API key. This grants them full control over the assistant/agent owner's account. Version 0.22.0 fixes the issue.
π@cveNotify
GitHub
ragflow/api/apps/system_app.py at v0.20.5 Β· infiniflow/ragflow
RAGFlow is a leading open-source Retrieval-Augmented Generation (RAG) engine that fuses cutting-edge RAG with Agent capabilities to create a superior context layer for LLMs - infiniflow/ragflow
π¨ CVE-2025-69288
Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version 0.99.49 fixes the issue.
π@cveNotify
Titra is open source project time tracking software. Prior to version 0.99.49, Titra allows any authenticated Admin user to modify the timeEntryRule in the database. The value is then passed to a NodeVM value to execute as code. Without sanitization, it leads to a Remote Code Execution. Version 0.99.49 fixes the issue.
π@cveNotify
GitHub
π prevent malicious JavaScript code execution in NodeVM (thanks for rβ¦ Β· kromitgmbh/titra@2e2ac5c
β¦eporting this @alakinnn !)
β¬οΈ updated package dependencies
π³ lower docker user privileges to adhere to container security best practices (also thanks to @alakinnn !)
β¬οΈ updated package dependencies
π³ lower docker user privileges to adhere to container security best practices (also thanks to @alakinnn !)
π¨ CVE-2025-67703
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
π¨ CVE-2025-67704
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
π¨ CVE-2025-67705
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
π¨ CVE-2025-67164
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.
π@cveNotify
An authenticated arbitrary file upload vulnerability in the /storage/poc.php component of Pagekit CMS v1.0.18 allows attackers to execute arbitrary code via uploading a crafted PHP file.
π@cveNotify
GitHub
vulnerability-research/CVE-2025-67164 at main Β· mbiesiad/vulnerability-research
This repository contains information about the public CVEs I found. - mbiesiad/vulnerability-research
π¨ CVE-2025-67165
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.
π@cveNotify
An Insecure Direct Object Reference (IDOR) in Pagekit CMS v1.0.18 allows attackers to escalate privileges.
π@cveNotify
GitHub
vulnerability-research/CVE-2025-67165 at main Β· mbiesiad/vulnerability-research
This repository contains information about the public CVEs I found. - mbiesiad/vulnerability-research
π¨ CVE-2025-67285
A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate cleaning or validation.
π@cveNotify
A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate cleaning or validation.
π@cveNotify
GitHub
itsourcecode COVID Tracking System V1.0 "/cts/admin/?page=zone" SQL injection Β· Issue #1 Β· bardminx/Lonlydance
itsourcecode COVID Tracking System V1.0 "/cts/admin/?page=zone" SQL injection NAME OF AFFECTED PRODUCT(S) COVID Tracking System Vendor Homepage https://itsourcecode.com/free-projects/php-...
π¨ CVE-2025-67289
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.
π@cveNotify
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.
π@cveNotify
frappe.io
Open Source Cloud ERP Software | ERPNext
ERPNext is the world's best 100% open source ERP software which supports manufacturing, distribution, retail, trading, services, education & more. Contact us!
π¨ CVE-2025-67288
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself.
π@cveNotify
An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation (as shown in the documentation) belongs to the system administrator who is implementing Umbraco CMS in their environment, not to Umbraco CMS itself.
π@cveNotify
Umbraco
Umbraco - the flexible open-source .NET CMS
Umbraco is the leading open-source ASP.NET Core CMS | More than 700,000 websites worldwide are powered by our flexible and editor-friendly CMS
π¨ CVE-2025-67290
A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field.
π@cveNotify
π¨ CVE-2025-68645
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
π@cveNotify
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory.
π@cveNotify
π¨ CVE-2025-68614
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0.
π@cveNotify
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring tool. Prior to version 25.12.0, the Alert Rule API is vulnerable to stored cross-site scripting. Alert rules can be created or updated via LibreNMS API. The alert rule name is not properly sanitized, and can be used to inject HTML code. This issue has been patched in version 25.12.0.
π@cveNotify
GitHub
Strip html tags from alert rule name and notes for alert rule api (#1β¦ Β· librenms/librenms@ebe6c79
β¦8646)
* Strip html tags from alert rule name and notes for alert rule api
* Updated disaply to not show tags
* Strip html tags from alert rule name and notes for alert rule api
* Updated disaply to not show tags
π¨ CVE-2025-68914
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.
π@cveNotify
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table.
π@cveNotify
GitHub
GitHub - gerico-lab/riello-multiple-vulnerabilities-2025: Riello UPS Multiple Vulnerabilities - 2025
Riello UPS Multiple Vulnerabilities - 2025. Contribute to gerico-lab/riello-multiple-vulnerabilities-2025 development by creating an account on GitHub.
π¨ CVE-2025-68915
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.
π@cveNotify
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/loginbanner_w.cgi XSS via a crafted banner.
π@cveNotify
GitHub
GitHub - gerico-lab/riello-multiple-vulnerabilities-2025: Riello UPS Multiple Vulnerabilities - 2025
Riello UPS Multiple Vulnerabilities - 2025. Contribute to gerico-lab/riello-multiple-vulnerabilities-2025 development by creating an account on GitHub.
π¨ CVE-2025-66866
An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
π@cveNotify
An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file.
π@cveNotify
GitHub
CRGF-Vul/cxxfilt/crash6.md at main Β· caozhzh/CRGF-Vul
Reproduction of crashes generated in several fuzzing experiments by CRGF method - caozhzh/CRGF-Vul
π¨ CVE-2025-61557
nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal.
π@cveNotify
nixseparatedebuginfod before v0.4.1 is vulnerable to Directory Traversal.
π@cveNotify
GitHub
GitHub - symphorien/nixseparatedebuginfod: Downloads and provides debug symbols and source code for nix derivations to gdb andβ¦
Downloads and provides debug symbols and source code for nix derivations to gdb and other debuginfod-capable debuggers as needed. - symphorien/nixseparatedebuginfod
π¨ CVE-2025-67634
The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would execute in the context of the user's browser when the user submits the page (clicks 'Next').
π@cveNotify
The CISA Software Acquisition Guide Supplier Response Web Tool before 2025-12-11 was vulnerable to cross-site scripting via text fields. If an attacker could convince a user to import a specially-crafted JSON file, the Tool would load JavaScript from the file into the page. The JavaScript would execute in the context of the user's browser when the user submits the page (clicks 'Next').
π@cveNotify
π¨ CVE-2025-67735
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue.
π@cveNotify
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.129.Final and 4.2.8.Final, the `io.netty.handler.codec.http.HttpRequestEncoder` has a CRLF injection with the request URI when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the URI. Any application / framework using `HttpRequestEncoder` can be subject to be abused to perform request smuggling using CRLF injection. Versions 4.1.129.Final and 4.2.8.Final fix the issue.
π@cveNotify
GitHub
CRLF injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
### Summary
The `io.netty.handler.codec.http.HttpRequestEncoder` CRLF injection with the request uri when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is use...
The `io.netty.handler.codec.http.HttpRequestEncoder` CRLF injection with the request uri when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is use...
π¨ CVE-2025-67744
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer to the DOM, this Cross-Site Scripting (XSS) flaw escalates to full Remote Code Execution (RCE), allowing an attacker to execute arbitrary system commands. Two concurrent issues, unsafe Mermaid configuration and an exposed IPC interface, cause this issue. Version 0.5.3 contains a patch.
π@cveNotify
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer to the DOM, this Cross-Site Scripting (XSS) flaw escalates to full Remote Code Execution (RCE), allowing an attacker to execute arbitrary system commands. Two concurrent issues, unsafe Mermaid configuration and an exposed IPC interface, cause this issue. Version 0.5.3 contains a patch.
π@cveNotify
GitHub
Merge commit from fork Β· ThinkInAIXYZ/deepchat@b179d97
π¬DeepChat - A smart assistant that connects powerful AI to your personal world - Merge commit from fork Β· ThinkInAIXYZ/deepchat@b179d97
π¨ CVE-2025-67873
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.
π@cveNotify
Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make cs_disasm/cs_disasm_iter memcpy more than 24 bytes into cs_insn.bytes, causing a heap buffer overflow in the disassembly path. Commit cbef767ab33b82166d263895f24084b75b316df3 fixes the issue.
π@cveNotify
GitHub
Merge commit from fork Β· capstone-engine/capstone@cbef767
The overflow was reported by Github user Finder16