🚨 CVE-2025-67073
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.
🎖@cveNotify
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serviceName`) to /goform/AdvSetMacMtuWan.
🎖@cveNotify
GitHub
CVEReport/CVE-2025-67073 at master · johnathanhuutri/CVEReport
Contribute to johnathanhuutri/CVEReport development by creating an account on GitHub.
🚨 CVE-2025-67074
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.
🎖@cveNotify
A Buffer overflow vulnerability in function fromAdvSetMacMtuWan of bin httpd in Tenda AC10V4.0 V16.03.10.20 allows remote attackers to cause denial of service and possibly code execution by sending a post request with a crafted payload (field `serverName`) to /goform/AdvSetMacMtuWan.
🎖@cveNotify
GitHub
CVEReport/CVE-2025-67074 at master · johnathanhuutri/CVEReport
Contribute to johnathanhuutri/CVEReport development by creating an account on GitHub.
🚨 CVE-2025-66909
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without validating dimensions or pixel count before decompression. An attacker can upload a specially crafted compressed image file (e.g., PNG) that is small when compressed but expands to gigabytes of memory when loaded. This causes immediate memory exhaustion, OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. Multiple requests can completely deny service availability.
🎖@cveNotify
Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without validating dimensions or pixel count before decompression. An attacker can upload a specially crafted compressed image file (e.g., PNG) that is small when compressed but expands to gigabytes of memory when loaded. This causes immediate memory exhaustion, OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. Multiple requests can completely deny service availability.
🎖@cveNotify
GitHub
public_cve_report/CVE-2025-66909_report.md at main · Xzzz111/public_cve_report
Contribute to Xzzz111/public_cve_report development by creating an account on GitHub.
🚨 CVE-2025-66910
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection.
🎖@cveNotify
Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, raw passwords are stored unencrypted in memory in the rawPassword field. Attackers with local system access can extract these passwords through memory dumps, heap analysis, or debugger attachment, bypassing bcrypt protection.
🎖@cveNotify
GitHub
public_cve_report/CVE-2025-66910_report.md at main · Xzzz111/public_cve_report
Contribute to Xzzz111/public_cve_report development by creating an account on GitHub.
🚨 CVE-2025-66911
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, and login timestamps of arbitrary users without proper authorization checks.
🎖@cveNotify
Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest() method in UserServiceController.java allows any authenticated user to query the online status, device information, and login timestamps of arbitrary users without proper authorization checks.
🎖@cveNotify
GitHub
public_cve_report/CVE-2025-66911_report.md at main · Xzzz111/public_cve_report
Contribute to Xzzz111/public_cve_report development by creating an account on GitHub.
🚨 CVE-2025-68916
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
🎖@cveNotify
Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/certsupload.cgi /../ directory traversal for file upload with resultant code execution.
🎖@cveNotify
GitHub
GitHub - gerico-lab/riello-multiple-vulnerabilities-2025: Riello UPS Multiple Vulnerabilities - 2025
Riello UPS Multiple Vulnerabilities - 2025. Contribute to gerico-lab/riello-multiple-vulnerabilities-2025 development by creating an account on GitHub.
🚨 CVE-2025-68935
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
🎖@cveNotify
ONLYOFFICE Docs before 9.2.1 allows XSS via the Font field for the Multilevel list settings window. This is related to DocumentServer.
🎖@cveNotify
GitHub
DocumentServer/CHANGELOG.md at master · ONLYOFFICE/DocumentServer
ONLYOFFICE Docs is a free collaborative online office suite comprising viewers and editors for texts, spreadsheets and presentations, forms and PDF, fully compatible with Office Open XML formats: ....
🚨 CVE-2025-68936
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
🎖@cveNotify
ONLYOFFICE Docs before 9.2.1 allows XSS via the Color theme name. This is related to DocumentServer.
🎖@cveNotify
GitHub
DocumentServer/CHANGELOG.md at master · ONLYOFFICE/DocumentServer
ONLYOFFICE Docs is a free collaborative online office suite comprising viewers and editors for texts, spreadsheets and presentations, forms and PDF, fully compatible with Office Open XML formats: ....
🚨 CVE-2025-68939
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
🎖@cveNotify
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
🎖@cveNotify
Gitea
Gitea 1.23.0(and 1.23.1) is released | Gitea Blog
We are thrilled to announce the latest release of Gitea v1.23.0.
🚨 CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
🎖@cveNotify
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
🎖@cveNotify
Gitea
Gitea 1.22.5 is released | Gitea Blog
We are excited to announce the release of Gitea version 1.22.5.
🚨 CVE-2025-68941
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
🎖@cveNotify
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
🎖@cveNotify
Gitea
Gitea 1.22.3 is released | Gitea Blog
We are proud to present the release of Gitea version 1.22.3.
🚨 CVE-2025-68942
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
🎖@cveNotify
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
🎖@cveNotify
Gitea
Gitea 1.22.2 is released | Gitea Blog
We are proud to present the release of Gitea version 1.22.2.
🚨 CVE-2024-31211
WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected.
🎖@cveNotify
WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected.
🎖@cveNotify
GitHub
Remote Code Execution in `WP_HTML_Token`
### Impact
Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method.
### Patches
This issue was fixed in WordPress 6.4.2 on D...
Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method.
### Patches
This issue was fixed in WordPress 6.4.2 on D...
🚨 CVE-2024-24550
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.
🎖@cveNotify
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.
🎖@cveNotify
www.redguard.ch
Redguard AG - Security Advisory: Multiple Vulnerabilities in the Open Source CMS Bludit
In order to prepare for the OffSec Web Expert (OSWE) certification exam, I searched for open source web applications that I can analyze in a white box approach. I stumbled upon Bludit, an open source content management system for building websites and blogs.…
🚨 CVE-2024-24554
Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.
🎖@cveNotify
Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit API.
🎖@cveNotify
www.redguard.ch
Redguard AG - Security Advisory: Multiple Vulnerabilities in the Open Source CMS Bludit
In order to prepare for the OffSec Web Expert (OSWE) certification exam, I searched for open source web applications that I can analyze in a white box approach. I stumbled upon Bludit, an open source content management system for building websites and blogs.…
🚨 CVE-2024-2231
The allows any authenticated user to join a private group due to a missing authorization check on a function
🎖@cveNotify
The allows any authenticated user to join a private group due to a missing authorization check on a function
🎖@cveNotify
WPScan
Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR
See details on Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR CVE 2024-2231. View the latest Theme Vulnerabilities on WPScan.
🚨 CVE-2024-6717
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
🎖@cveNotify
HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2.
🎖@cveNotify
HashiCorp Discuss
HCSEC-2024-15 - Nomad Vulnerable to Allocation Directory Path Escape Through Archive Unpacking
Bulletin ID: HCSEC-2024-15 Affected Products / Versions: Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1; fixed in Nomad Enterprise 1.6.13, 1.7.10, 1.8.2. Publication Date: July 22, 2024 Summary HashiCorp Nomad and Nomad Enterprise 1.6.12 up…
🚨 CVE-2024-40495
A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function.
🎖@cveNotify
A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function.
🎖@cveNotify
E2500
色欲aⅴ国产日韩欧美视频_国产清纯白嫩初高生在线观看视频_美乳丧服未亡人在线观看_人妻少妇精品无码专区二区色伊
色欲aⅴ国产日韩欧美视频_国产清纯白嫩初高生在线观看视频_美乳丧服未亡人在线观看_人妻少妇精品无码专区二区色伊,亚洲春色无码永久在线观看,精品一区二区三区无码免费嫩草,91成人精品国语在线,国产无码亚洲天堂韩日,国产浪潮AV免费无码,亚洲A∨性无码国产精品
🚨 CVE-2024-24551
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.
🎖@cveNotify
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP files.
🎖@cveNotify
www.redguard.ch
Redguard AG - Security Advisory: Multiple Vulnerabilities in the Open Source CMS Bludit
In order to prepare for the OffSec Web Expert (OSWE) certification exam, I searched for open source web applications that I can analyze in a white box approach. I stumbled upon Bludit, an open source content management system for building websites and blogs.…
🚨 CVE-2024-24552
A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.
🎖@cveNotify
A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their choosing.
🎖@cveNotify
www.redguard.ch
Redguard AG - Security Advisory: Multiple Vulnerabilities in the Open Source CMS Bludit
In order to prepare for the OffSec Web Expert (OSWE) certification exam, I searched for open source web applications that I can analyze in a white box approach. I stumbled upon Bludit, an open source content management system for building websites and blogs.…