π¨ CVE-2026-21431
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` function while publishing an article. As of time of publication, no known patched versions are available.
π@cveNotify
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability in the `Resource media library ` function while publishing an article. As of time of publication, no known patched versions are available.
π@cveNotify
GitHub
stored xss via image name
### Summary
stored xss in `Resource media library ` function while publish article in version pro-2.5.23
<img width="775" height="323" alt="image" src="ht...
stored xss in `Resource media library ` function while publish article in version pro-2.5.23
<img width="775" height="323" alt="image" src="ht...
π¨ CVE-2026-21432
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available.
π@cveNotify
Emlog is an open source website building system. Version 2.5.23 has a stored cross-site scripting vulnerability that can lead to account takeover, including takeover of admin accounts. As of time of publication, no known patched versions are available.
π@cveNotify
GitHub
stored xss lead to admin or another account ATO
### Summary
stored xss in http://localhost/emlong/admin/comment.php from comments in version pro-2.5.23
### Details
### PoC
1. as any user role publish post
2. as attacker do comment with...
stored xss in http://localhost/emlong/admin/comment.php from comments in version pro-2.5.23
### Details
### PoC
1. as any user role publish post
2. as attacker do comment with...
π¨ CVE-2026-21433
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php which contains external resource references. When the server processes/renders the SVG (thumbnailing, preview, or sanitization), it issues an HTTP request to the attacker-controlled host. Impact: server-side SSRF/OOB leading to internal network probing and potential metadata/credential exposure. As of time of publication, no known patched versions are available.
π@cveNotify
Emlog is an open source website building system. Versions up to and including 2.5.19 are vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http[:]//emblog/admin/media[.]php which contains external resource references. When the server processes/renders the SVG (thumbnailing, preview, or sanitization), it issues an HTTP request to the attacker-controlled host. Impact: server-side SSRF/OOB leading to internal network probing and potential metadata/credential exposure. As of time of publication, no known patched versions are available.
π@cveNotify
GitHub
Server-Side Request Forgery (SSRF) in emlog
Description
Summary
Emlog 2.5.19 (media upload) is vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admi...
Summary
Emlog 2.5.19 (media upload) is vulnerable to server-side Out-of-Band (OOB) requests / SSRF via uploaded SVG files. An attacker can upload a crafted SVG to http://emblog/admi...
π¨ CVE-2026-21440
AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.
π@cveNotify
AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.
π@cveNotify
GitHub
fix: always generate a random filename when performing move operation Β· adonisjs/bodyparser@143a16f
BodyParser Middleware For AdonisJS. Contribute to adonisjs/bodyparser development by creating an account on GitHub.
π¨ CVE-2026-21444
libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.
π@cveNotify
libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV (initialization vector) when certain symmetric ciphers were used. Instead of returning the last IV it returned the initial IV to the caller, thus weakening the subsequent encryption and decryption steps. The highest threat from this vulnerability is to data confidentiality. Version 0.10.2 fixes the issue. No known workarounds are available.
π@cveNotify
GitHub
tpm2: Fix retrieval of updated IV when using OpenSSL >= 3.0 Β· stefanberger/libtpms@33c9ff0
Fix the retrieval of the updated IV for when OpenSSL >= 3.0 is used.
The previously used OSSL_PARAM_octet_ptr allocated a new buffer and then
returned the IV but this newly allocated buffer ...
The previously used OSSL_PARAM_octet_ptr allocated a new buffer and then
returned the IV but this newly allocated buffer ...
π¨ CVE-2023-1454
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
π@cveNotify
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
π@cveNotify
π¨ CVE-2023-47467
Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.
π@cveNotify
Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.
π@cveNotify
π¨ CVE-2025-66953
CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints
π@cveNotify
CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints
π@cveNotify
GitHub
my--cve-vulnerability-research/CVE-2025-66953 _ narda miteq Uplink Power Contril Unitl UPC2 _ CSRF at main Β· shiky8/my--cve-vulnerabilityβ¦
This repository contains information on all of the CVEs I found. - shiky8/my--cve-vulnerability-research
π¨ CVE-2025-67073
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.
π@cveNotify
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.
π@cveNotify
GitHub
CVEReport/CVE-2025-67073 at master Β· johnathanhuutri/CVEReport
Contribute to johnathanhuutri/CVEReport development by creating an account on GitHub.
π¨ CVE-2025-67074
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.
π@cveNotify
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.
π@cveNotify
GitHub
CVEReport/CVE-2025-67074 at master Β· johnathanhuutri/CVEReport
Contribute to johnathanhuutri/CVEReport development by creating an account on GitHub.
π¨ CVE-2025-66909
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without validating dimensions or pixel count before decompression. An attacker can upload a specially crafted compressed image file (e.g., PNG) that is small when compressed but expands to gigabytes of memory when loaded. This causes immediate memory exhaustion, OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. Multiple requests can completely deny service availability.
π@cveNotify
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without validating dimensions or pixel count before decompression. An attacker can upload a specially crafted compressed image file (e.g., PNG) that is small when compressed but expands to gigabytes of memory when loaded. This causes immediate memory exhaustion, OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. Multiple requests can completely deny service availability.
π@cveNotify
GitHub
public_cve_report/CVE-2025-66909_report.md at main Β· Xzzz111/public_cve_report
Contribute to Xzzz111/public_cve_report development by creating an account on GitHub.
π¨ CVE-2025-66910
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection.
π@cveNotify
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection.
π@cveNotify
GitHub
public_cve_report/CVE-2025-66910_report.md at main Β· Xzzz111/public_cve_report
Contribute to Xzzz111/public_cve_report development by creating an account on GitHub.
π¨ CVE-2025-66911
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, and login timestamps of arbitrary users without proper authorization checks.
π@cveNotify
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, and login timestamps of arbitrary users without proper authorization checks.
π@cveNotify
GitHub
public_cve_report/CVE-2025-66911_report.md at main Β· Xzzz111/public_cve_report
Contribute to Xzzz111/public_cve_report development by creating an account on GitHub.
π¨ CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
π@cveNotify
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
π@cveNotify
GitHub
GitHub - gerico-lab/riello-multiple-vulnerabilities-2025: Riello UPS Multiple Vulnerabilities - 2025
Riello UPS Multiple Vulnerabilities - 2025. Contribute to gerico-lab/riello-multiple-vulnerabilities-2025 development by creating an account on GitHub.
π¨ CVE-2025-68935
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
π@cveNotify
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
π@cveNotify
GitHub
DocumentServer/CHANGELOG.md at master Β· ONLYOFFICE/DocumentServer
ONLYOFFICE Docs is a free collaborative online office suite comprising viewers and editors for texts, spreadsheets and presentations, forms and PDF, fully compatible with Office Open XML formats: ....
π¨ CVE-2025-68936
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
π@cveNotify
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
π@cveNotify
GitHub
DocumentServer/CHANGELOG.md at master Β· ONLYOFFICE/DocumentServer
ONLYOFFICE Docs is a free collaborative online office suite comprising viewers and editors for texts, spreadsheets and presentations, forms and PDF, fully compatible with Office Open XML formats: ....
π¨ CVE-2025-68938
Gitea before 1.25.2 mishandles authorization for deletion of releases.
π@cveNotify
Gitea before 1.25.2 mishandles authorization for deletion of releases.
π@cveNotify
Gitea
Gitea 1.25.2 is released | Gitea Blog
We are excited to announce the release of Gitea 1.25.2! We strongly recommend all users upgrade to this version, as it includes important security fixes and improves overall stability.
π¨ CVE-2025-68939
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
π@cveNotify
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
π@cveNotify
Gitea
Gitea 1.23.0(and 1.23.1) is released | Gitea Blog
We are thrilled to announce the latest release of Gitea v1.23.0.
π¨ CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
π@cveNotify
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
π@cveNotify
Gitea
Gitea 1.22.5 is released | Gitea Blog
We are excited to announce the release of Gitea version 1.22.5.
π¨ CVE-2025-68941
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
π@cveNotify
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
π@cveNotify
Gitea
Gitea 1.22.3 is released | Gitea Blog
We are proud to present the release of Gitea version 1.22.3.
π¨ CVE-2025-68942
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
π@cveNotify
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
π@cveNotify
Gitea
Gitea 1.22.2 is released | Gitea Blog
We are proud to present the release of Gitea version 1.22.2.