π¨ CVE-2023-1454
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
π@cveNotify
A vulnerability classified as critical has been found in jeecg-boot 3.5.0. This affects an unknown part of the file jmreport/qurestSql. The manipulation of the argument apiSelectId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223299.
π@cveNotify
π¨ CVE-2023-47467
Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.
π@cveNotify
Directory Traversal vulnerability in jeecg-boot v.3.6.0 allows a remote privileged attacker to obtain sensitive information via the file directory structure.
π@cveNotify
π¨ CVE-2025-66953
CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints
π@cveNotify
CSRF vulnerability in narda miteq Uplink Power Contril Unit UPC2 v.1.17 allows a remote attacker to execute arbitrary code via the Web-based management interface and specifically the /system_setup.htm, /set_clock.htm, /receiver_setup.htm, /cal.htm?..., and /channel_setup.htm endpoints
π@cveNotify
GitHub
my--cve-vulnerability-research/CVE-2025-66953 _ narda miteq Uplink Power Contril Unitl UPC2 _ CSRF at main Β· shiky8/my--cve-vulnerabilityβ¦
This repository contains information on all of the CVEs I found. - shiky8/my--cve-vulnerability-research
π¨ CVE-2025-67073
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.
π@cveNotify
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.
π@cveNotify
GitHub
CVEReport/CVE-2025-67073 at master Β· johnathanhuutri/CVEReport
Contribute to johnathanhuutri/CVEReport development by creating an account on GitHub.
π¨ CVE-2025-67074
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.
π@cveNotify
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.
π@cveNotify
GitHub
CVEReport/CVE-2025-67074 at master Β· johnathanhuutri/CVEReport
Contribute to johnathanhuutri/CVEReport development by creating an account on GitHub.
π¨ CVE-2025-66909
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without validating dimensions or pixel count before decompression. An attacker can upload a specially crafted compressed image file (e.g., PNG) that is small when compressed but expands to gigabytes of memory when loaded. This causes immediate memory exhaustion, OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. Multiple requests can completely deny service availability.
π@cveNotify
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without validating dimensions or pixel count before decompression. An attacker can upload a specially crafted compressed image file (e.g., PNG) that is small when compressed but expands to gigabytes of memory when loaded. This causes immediate memory exhaustion, OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. Multiple requests can completely deny service availability.
π@cveNotify
GitHub
public_cve_report/CVE-2025-66909_report.md at main Β· Xzzz111/public_cve_report
Contribute to Xzzz111/public_cve_report development by creating an account on GitHub.
π¨ CVE-2025-66910
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection.
π@cveNotify
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection.
π@cveNotify
GitHub
public_cve_report/CVE-2025-66910_report.md at main Β· Xzzz111/public_cve_report
Contribute to Xzzz111/public_cve_report development by creating an account on GitHub.
π¨ CVE-2025-66911
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, and login timestamps of arbitrary users without proper authorization checks.
π@cveNotify
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, and login timestamps of arbitrary users without proper authorization checks.
π@cveNotify
GitHub
public_cve_report/CVE-2025-66911_report.md at main Β· Xzzz111/public_cve_report
Contribute to Xzzz111/public_cve_report development by creating an account on GitHub.
π¨ CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
π@cveNotify
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
π@cveNotify
GitHub
GitHub - gerico-lab/riello-multiple-vulnerabilities-2025: Riello UPS Multiple Vulnerabilities - 2025
Riello UPS Multiple Vulnerabilities - 2025. Contribute to gerico-lab/riello-multiple-vulnerabilities-2025 development by creating an account on GitHub.
π¨ CVE-2025-68935
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
π@cveNotify
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
π@cveNotify
GitHub
DocumentServer/CHANGELOG.md at master Β· ONLYOFFICE/DocumentServer
ONLYOFFICE Docs is a free collaborative online office suite comprising viewers and editors for texts, spreadsheets and presentations, forms and PDF, fully compatible with Office Open XML formats: ....
π¨ CVE-2025-68936
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
π@cveNotify
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
π@cveNotify
GitHub
DocumentServer/CHANGELOG.md at master Β· ONLYOFFICE/DocumentServer
ONLYOFFICE Docs is a free collaborative online office suite comprising viewers and editors for texts, spreadsheets and presentations, forms and PDF, fully compatible with Office Open XML formats: ....
π¨ CVE-2025-68938
Gitea before 1.25.2 mishandles authorization for deletion of releases.
π@cveNotify
Gitea before 1.25.2 mishandles authorization for deletion of releases.
π@cveNotify
Gitea
Gitea 1.25.2 is released | Gitea Blog
We are excited to announce the release of Gitea 1.25.2! We strongly recommend all users upgrade to this version, as it includes important security fixes and improves overall stability.
π¨ CVE-2025-68939
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
π@cveNotify
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
π@cveNotify
Gitea
Gitea 1.23.0(and 1.23.1) is released | Gitea Blog
We are thrilled to announce the latest release of Gitea v1.23.0.
π¨ CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
π@cveNotify
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
π@cveNotify
Gitea
Gitea 1.22.5 is released | Gitea Blog
We are excited to announce the release of Gitea version 1.22.5.
π¨ CVE-2025-68941
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
π@cveNotify
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
π@cveNotify
Gitea
Gitea 1.22.3 is released | Gitea Blog
We are proud to present the release of Gitea version 1.22.3.
π¨ CVE-2025-68942
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
π@cveNotify
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
π@cveNotify
Gitea
Gitea 1.22.2 is released | Gitea Blog
We are proud to present the release of Gitea version 1.22.2.
π¨ CVE-2024-31211
WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected.
π@cveNotify
WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected.
π@cveNotify
GitHub
Remote Code Execution in `WP_HTML_Token`
### Impact
Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method.
### Patches
This issue was fixed in WordPress 6.4.2 on D...
Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method.
### Patches
This issue was fixed in WordPress 6.4.2 on D...
π¨ CVE-2024-24550
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.
π@cveNotify
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.
π@cveNotify
www.redguard.ch
Redguard AG - Security Advisory: Multiple Vulnerabilities in the Open Source CMS Bludit
In order to prepare for the OffSec Web Expert (OSWE) certification exam, I searched for open source web applications that I can analyze in a white box approach. I stumbled upon Bludit, an open source content management system for building websites and blogs.β¦
π¨ CVE-2024-24554
Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.
π@cveNotify
Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.
π@cveNotify
www.redguard.ch
Redguard AG - Security Advisory: Multiple Vulnerabilities in the Open Source CMS Bludit
In order to prepare for the OffSec Web Expert (OSWE) certification exam, I searched for open source web applications that I can analyze in a white box approach. I stumbled upon Bludit, an open source content management system for building websites and blogs.β¦
π¨ CVE-2024-2231
The allows any authenticated user to join a private group due to a missing authorization check on a function
π@cveNotify
The allows any authenticated user to join a private group due to a missing authorization check on a function
π@cveNotify
WPScan
Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR
See details on Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR CVE 2024-2231. View the latest Theme Vulnerabilities on WPScan.
π¨ CVE-2024-6717
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
π@cveNotify
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
π@cveNotify
HashiCorp Discuss
HCSEC-2024-15 - Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking
Bulletin ID: HCSEC-2024-15 Affected Products / Versions: Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1; fixed in Nomad Enterprise 1.6.13, 1.7.10, 1.8.2. Publication Date: July 22, 2024 Summary HashiCorp Nomad and Nomad Enterprise 1.6.12 upβ¦