π¨ CVE-2025-32095
Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
π@cveNotify
Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
π@cveNotify
π¨ CVE-2025-69202
Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only from the URL, ignoring request headers like `Authorization`. When the server responds with `Vary: Authorization` (indicating the response varies by auth token), the library ignores this, causing all requests to share the same cache regardless of authorization. Server-side applications (APIs, proxies, backend services) that use axios-cache-interceptor to cache requests to upstream services, handle requests from multiple users with different auth tokens, and upstream services replies on `Vary` to differentiate caches are affected. Browser/client-side applications (single user per browser session) are not affected. Services using different auth tokens to call upstream services will return incorrect cached data, bypassing authorization checks and leaking user data across different authenticated sessions. After `v1.11.1`, automatic `Vary` header support is now enabled by default. When server responds with `Vary: Authorization`, cache keys now include the authorization header value. Each user gets their own cache.
π@cveNotify
Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only from the URL, ignoring request headers like `Authorization`. When the server responds with `Vary: Authorization` (indicating the response varies by auth token), the library ignores this, causing all requests to share the same cache regardless of authorization. Server-side applications (APIs, proxies, backend services) that use axios-cache-interceptor to cache requests to upstream services, handle requests from multiple users with different auth tokens, and upstream services replies on `Vary` to differentiate caches are affected. Browser/client-side applications (single user per browser session) are not affected. Services using different auth tokens to call upstream services will return incorrect cached data, bypassing authorization checks and leaking user data across different authenticated sessions. After `v1.11.1`, automatic `Vary` header support is now enabled by default. When server responds with `Vary: Authorization`, cache keys now include the authorization header value. Each user gets their own cache.
π@cveNotify
GitHub
Foolproof request headers casing (#1157) Β· arthurfiorette/axios-cache-interceptor@49a8080
π¬ Small and efficient cache interceptor for axios. Etag, Cache-Control, TTL, HTTP headers and more! - Foolproof request headers casing (#1157) Β· arthurfiorette/axios-cache-interceptor@49a8080
π¨ CVE-2025-66723
inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths.
π@cveNotify
inMusic Brands Engine DJ before 4.3.4 suffers from Insecure Permissions due to exposed HTTP service in the Remote Library, which allows attackers to access all files and network paths.
π@cveNotify
GitHub
GitHub - audiopump/cve-2025-66723: CVE-2025-66723: inMusic Brands Engine DJ >=3.0.0 through <4.3.4 exposes local and network filesβ¦
CVE-2025-66723: inMusic Brands Engine DJ >=3.0.0 through <4.3.4 exposes local and network files to external parties - audiopump/cve-2025-66723
π¨ CVE-2025-13820
The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an account on disqus.com yet.
π@cveNotify
The Comments WordPress plugin before 7.6.40 does not properly validate user's identity when using the disqus.com provider, allowing an attacker to log in to any user (when knowing their email address) when such user does not have an account on disqus.com yet.
π@cveNotify
WPScan
Comments β wpDiscuz < 7.6.40 - Unauthenticated Account Takeover
See details on Comments β wpDiscuz < 7.6.40 - Unauthenticated Account Takeover CVE 2025-13820. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2025-48768
Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.
This issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.
Users of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.
π@cveNotify
Release of Invalid Pointer or Reference vulnerability was discovered in fs/inode/fs_inoderemove code of the Apache NuttX RTOS that allowed root filesystem inode removal leading to a debug assert trigger (that is disabled by default), NULL pointer dereference (handled differently depending on the target architecture), or in general, a Denial of Service.
This issue affects Apache NuttX RTOS: from 10.0.0 before 12.10.0.
Users of filesystem based services with write access that were exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.10.0 that fixes the issue.
π@cveNotify
GitHub
fs/inode: Fix inoderemove when removing an inode without parent by acassis Β· Pull Request #16437 Β· apache/nuttx
Summary
This modification ensures that inoderemove will error instead of trying to remove an inode without parent.
This fix was implement by Richard Jiayang Liu.
Impact
Bug fixes
Testing
ostest
This modification ensures that inoderemove will error instead of trying to remove an inode without parent.
This fix was implement by Richard Jiayang Liu.
Impact
Bug fixes
Testing
ostest
π¨ CVE-2025-48769
Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results.
This issue affects Apache NuttX RTOS: from 7.20 before 12.11.0.
Users of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue.
π@cveNotify
Use After Free vulnerability was discovered in fs/vfs/fs_rename code of the Apache NuttX RTOS, that due recursive implementation and single buffer use by two different pointer variables allowed arbitrary user provided size buffer reallocation and write to the previously freed heap chunk, that in specific cases could cause unintended virtual filesystem rename/move operation results.
This issue affects Apache NuttX RTOS: from 7.20 before 12.11.0.
Users of virtual filesystem based services with write access especially when exposed over the network (i.e. FTP) are affected and recommended to upgrade to version 12.11.0 that fixes the issue.
π@cveNotify
GitHub
fs/vfs/fs_rename: fix directory move operation. by cederom Β· Pull Request #16455 Β· apache/nuttx
Summary
Recurrency is removed from filesystem directory rename.
Fixes use after free in buffer that was used as output and argument.
Patch provided by @richyliu.
Impact
fs/vfs bug fix of possible...
Recurrency is removed from filesystem directory rename.
Fixes use after free in buffer that was used as output and argument.
Patch provided by @richyliu.
Impact
fs/vfs bug fix of possible...
π¨ CVE-2025-44013
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
π@cveNotify
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (DoS) attack.
We have already fixed the vulnerability in the following versions:
QTS 5.2.6.3195 build 20250715 and later
QuTS hero h5.2.6.3195 build 20250715 and later
π@cveNotify
QNAP Systems, Inc. - Network Attached Storage (NAS)
Multiple Vulnerabilities in QTS and QuTS hero - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
π₯1
π¨ CVE-2025-62857
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following version:
QuMagie 2.8.1 and later
π@cveNotify
A cross-site scripting (XSS) vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to bypass security mechanisms or read application data.
We have already fixed the vulnerability in the following version:
QuMagie 2.8.1 and later
π@cveNotify
QNAP Systems, Inc. - Network Attached Storage (NAS)
Vulnerability in QuMagie - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
π¨ CVE-2025-52871
An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following version:
License Center 2.0.36 and later
π@cveNotify
An out-of-bounds read vulnerability has been reported to affect License Center. If a remote attacker gains a user account, they can then exploit the vulnerability to obtain secret data.
We have already fixed the vulnerability in the following version:
License Center 2.0.36 and later
π@cveNotify
QNAP Systems, Inc. - Network Attached Storage (NAS)
Multiple Vulnerabilities in License Center - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
π¨ CVE-2025-53597
A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
License Center 2.0.36 and later
π@cveNotify
A buffer overflow vulnerability has been reported to affect License Center. If a remote attacker gains an administrator account, they can then exploit the vulnerability to modify memory or crash processes.
We have already fixed the vulnerability in the following version:
License Center 2.0.36 and later
π@cveNotify
QNAP Systems, Inc. - Network Attached Storage (NAS)
Multiple Vulnerabilities in License Center - Security Advisory
QNAP designs and delivers high-quality network attached storage (NAS) and professional network video recorder (NVR) solutions to users from home, SOHO to small, medium businesses.
π¨ CVE-2025-36932
In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2025-36935
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In trusty_ffa_mem_reclaim of shared-mem-smcall.c, there is a possible memory corruption due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2025-36936
In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In GetTachyonCommand of tachyon_server_common.h, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2025-36937
In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
In AudioDecoder::HandleProduceRequest of audio_decoder.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
π@cveNotify
π¨ CVE-2025-67158
An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.
π@cveNotify
An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.
π@cveNotify
Revotech
A forward-thinking technology powerhouse devoted to fostering innovation
π¨ CVE-2025-65328
Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant state (e.g., WG_CLIENT_IP cookie). Deployments that rely on this value for IP allowlists may be bypassed.
π@cveNotify
Mega-Fence (webgate-lib.*) 25.1.914 and prior trusts the first value of the X-Forwarded-For (XFF) header as the client IP without validating a trusted proxy chain. An attacker can supply an arbitrary XFF value in a remote request to spoof the client IP, which is then propagated to security-relevant state (e.g., WG_CLIENT_IP cookie). Deployments that rely on this value for IP allowlists may be bypassed.
π@cveNotify
drive.proton.me
Proton Drive
Securely store, share, and access your important files and photos. Anytime, anywhere.
π₯1
π¨ CVE-2025-15198
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
π@cveNotify
π¨ CVE-2025-15199
A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
π@cveNotify
A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
π@cveNotify
π¨ CVE-2023-37466
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. Version 3.10.0 contains a patch for the issue.
π@cveNotify
vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox. Version 3.10.0 contains a patch for the issue.
π@cveNotify
GitHub
Upstream security fixes, and update supported node.js versions (#540) Β· patriksimek/vm2@d9a1fde
* make it possible identify proxies by checking `if (obj.isProxy)`
* fix a typo
* backport security fixes, and add additional tests
* upgrade GH actions, and drop unsupported versions of node.js
* fix a typo
* backport security fixes, and add additional tests
* upgrade GH actions, and drop unsupported versions of node.js
π¨ CVE-2025-15418
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. Performing manipulation results in denial of service. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is named 4e913d21f2c032b187815f063dbab5ebe65fe83a. To fix this issue, it is recommended to deploy a patch.
π@cveNotify
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. Performing manipulation results in denial of service. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. The patch is named 4e913d21f2c032b187815f063dbab5ebe65fe83a. To fix this issue, it is recommended to deploy a patch.
π@cveNotify
GitHub
gtp: avoid fatal assert on malformed Bearer/Flow QoS IEs Β· open5gs/open5gs@4e913d2
Remove hard assertions in GTPv2 Bearer QoS and Flow QoS parsers and
replace them with defensive length validation. Invalid IEs are now
gracefully rejected by the caller instead of aborting the proc...
replace them with defensive length validation. Invalid IEs are now
gracefully rejected by the caller instead of aborting the proc...
π¨ CVE-2025-15420
A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
GitHub
cve/Yonyou Space-Time Enterprise Information Integration KSOA Platformworksheetagent_work_report.jsp SQL injection.md at main Β·β¦
Contribute to master-abc/cve development by creating an account on GitHub.