π¨ CVE-2025-68950
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue.
π@cveNotify
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, Magick fails to check for circular references between two MVGs, leading to a stack overflow. This is a DoS vulnerability, and any situation that allows reading the mvg file will be affected. Version 7.1.2-12 fixes the issue.
π@cveNotify
GitHub
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-7β¦ Β· ImageMagick/ImageMagick@204718c
β¦rvh-xqp3-pr8j
π¨ CVE-2025-69204
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.
π@cveNotify
ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, in the WriteSVGImage function, using an int variable to store number_attributes caused an integer overflow. This, in turn, triggered a buffer overflow and caused a DoS attack. Version 7.1.2-12 fixes the issue.
π@cveNotify
GitHub
https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-h⦠· ImageMagick/ImageMagick@2c08c23
β¦rh7-j8q2-4qcw
π¨ CVE-2025-68700
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.23.0, a low-privileged authenticated user (normal login account) can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox isolation. This occurs because untrusted data (stdout) is parsed using eval() with no filtering or sandboxing. The intended design was to "automatically convert string results into Python objects," but this effectively executes attacker-controlled code. Additional endpoints lack access control or contain inverted permission logic, significantly expanding the attack surface and enabling chained exploitation. Version 0.23.0 contains a patch for the issue.
π@cveNotify
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.23.0, a low-privileged authenticated user (normal login account) can execute arbitrary system commands on the server host process via the frontend Canvas CodeExec component, completely bypassing sandbox isolation. This occurs because untrusted data (stdout) is parsed using eval() with no filtering or sandboxing. The intended design was to "automatically convert string results into Python objects," but this effectively executes attacker-controlled code. Additional endpoints lack access control or contain inverted permission logic, significantly expanding the attack surface and enabling chained exploitation. Version 0.23.0 contains a patch for the issue.
π@cveNotify
GitHub
Fix: code exec component vulnerability and add support for nested lis⦠· infiniflow/ragflow@7a344a3
β¦t and dict object (#11504)
### What problem does this PR solve?
Fix code exec component vulnerability and add support for nested list
and dict object.
<img width="1491"...
### What problem does this PR solve?
Fix code exec component vulnerability and add support for nested list
and dict object.
<img width="1491"...
π¨ CVE-2025-68272
Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Version 2.19.0 fixes the issue.
π@cveNotify
Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Version 2.19.0 fixes the issue.
π@cveNotify
GitHub
Release v2.19.0 Β· SignalK/signalk-server
ImportantThis release includes important security fixes. If your Signal K server is accessible from Internet you should update your server ASAP.
π Features
feature: display arbitrary meta values ...
π Features
feature: display arbitrary meta values ...
π¨ CVE-2020-36645
A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The patch is named f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623.
π@cveNotify
A vulnerability, which was classified as critical, was found in square squalor. This affects an unknown part. The manipulation leads to sql injection. Upgrading to version v0.0.0 is able to address this issue. The patch is named f6f0a47cc344711042eb0970cb423e6950ba3f93. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-217623.
π@cveNotify
GitHub
Merge pull request #76 from danrice-square/fix_sql_injection Β· square/squalor@f6f0a47
Prevent a SQL injection
π¨ CVE-2025-15406
A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.
π@cveNotify
A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.
π@cveNotify
GitHub
Online-Course-Registration/Broken Access Control.md at main Β· rsecroot/Online-Course-Registration
Contribute to rsecroot/Online-Course-Registration development by creating an account on GitHub.
π¨ CVE-2025-15407
A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such manipulation of the argument dre_Ctitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such manipulation of the argument dre_Ctitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
π¨ CVE-2025-15408
A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing manipulation of the argument dre_title results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
π@cveNotify
A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing manipulation of the argument dre_title results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
π@cveNotify
π¨ CVE-2025-66398
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state (`restoreFilePath`) of the server via the `/skServer/validateBackup` endpoint. This allows the attacker to hijack the administrator's "Restore" functionality to overwrite critical server configuration files (e.g., `security.json`, `package.json`), leading to account takeover and Remote Code Execution (RCE). Version 2.19.0 patches this vulnerability.
π@cveNotify
Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.19.0, an unauthenticated attacker can pollute the internal state (`restoreFilePath`) of the server via the `/skServer/validateBackup` endpoint. This allows the attacker to hijack the administrator's "Restore" functionality to overwrite critical server configuration files (e.g., `security.json`, `package.json`), leading to account takeover and Remote Code Execution (RCE). Version 2.19.0 patches this vulnerability.
π@cveNotify
GitHub
Release v2.19.0 Β· SignalK/signalk-server
ImportantThis release includes important security fixes. If your Signal K server is accessible from Internet you should update your server ASAP.
π Features
feature: display arbitrary meta values ...
π Features
feature: display arbitrary meta values ...
π¨ CVE-2025-67703
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
π¨ CVE-2025-67704
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
π¨ CVE-2025-67705
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
π¨ CVE-2025-67706
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
π@cveNotify
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
π@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
π¨ CVE-2025-67707
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
π@cveNotify
ArcGIS Server version 11.5 and earlier on Windows and Linux does not properly validate uploaded files file, which allows remote attackers to upload arbitrary files.
π@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
π¨ CVE-2025-67708
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
There is a stored cross site scripting issue in Esri ArcGIS Server 11.4 and earlier on Windows and Linux that in some configurations allows a remote unauthenticated attacker to store files that contain malicious code that may execute in the context of a victimβs browser.
π@cveNotify
ArcGIS Blog
ArcGIS Server Security 2025 Update 2 Patch
ArcGIS Server Security 2025 update 2 is available, resolving 10 Medium severity vulnerabilities in ArcGIS Server versions 10.9.1 thru 11.5
π¨ CVE-2023-49270
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
π@cveNotify
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_in_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
π@cveNotify
Fluidattacks
Hotel Management v1.0 - Reflected XSS | Fluid Attacks
AppSec solution that integrates AI, automated tools, and pentesters to continuously help your development team build secure software without delays.
π¨ CVE-2023-49271
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
π@cveNotify
Hotel Management v1.0 is vulnerable to multiple authenticated Reflected Cross-Site Scripting vulnerabilities. The 'check_out_date' parameter of the reservation.php resource is copied into the HTML document as plain text between tags. Any input is echoed unmodified in the application's response.
π@cveNotify
Fluidattacks
Hotel Management v1.0 - Reflected XSS | Fluid Attacks
AppSec solution that integrates AI, automated tools, and pentesters to continuously help your development team build secure software without delays.
π¨ CVE-2023-50931
An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Bitbucket, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be.
π@cveNotify
An issue was discovered in savignano S/Notify before 2.0.1 for Bitbucket. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Bitbucket, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be.
π@cveNotify
help.savignano.net
SA-2023-11-28
Summary This is a Security Advisory about about the following two vulnerabilities in S/Notify for Jira, S/Notify for Confluence and S/Notify for Bi...
π¨ CVE-2023-50932
An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Confluence, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be.
π@cveNotify
An issue was discovered in savignano S/Notify before 4.0.2 for Confluence. While an administrative user is logged on, the configuration settings of S/Notify can be modified via a CSRF attack. The injection could be initiated by the administrator clicking a malicious link in an email or by visiting a malicious website. If executed while an administrator is logged on to Confluence, an attacker could exploit this to modify the configuration of the S/Notify app on that host. This can, in particular, lead to email notifications being no longer encrypted when they should be.
π@cveNotify
help.savignano.net
SA-2023-11-28
Summary This is a Security Advisory about about the following two vulnerabilities in S/Notify for Jira, S/Notify for Confluence and S/Notify for Bi...
π¨ CVE-2025-66402
Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue.
π@cveNotify
Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue.
π@cveNotify
GitHub
Merge commit from fork Β· misskey-dev/misskey@dc77d59
π A completely free and open interplanetary-microblogging platform π - Merge commit from fork Β· misskey-dev/misskey@dc77d59
π¨ CVE-2025-66482
Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option (`trustProxy`) has been added in config file to prevent this from happening. However, it is initialized with an insecure default value before version 2025.12.0-alpha.2, making it still vulnerable if the configuration is not set correctly. This is patched in v2025.12.0-alpha.2 by flipping default value of `trustProxy` to `false`. Users of a trusted reverse proxy who are unsure if they manually overode this value should check their config for optimal behavior. Users are running Misskey with a trusted reverse proxy should not be affected by this vulnerability. From v2025.9.1 to v2025.11.1, workaround is available. Set `trustProxy: false` in config file.
π@cveNotify
Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option (`trustProxy`) has been added in config file to prevent this from happening. However, it is initialized with an insecure default value before version 2025.12.0-alpha.2, making it still vulnerable if the configuration is not set correctly. This is patched in v2025.12.0-alpha.2 by flipping default value of `trustProxy` to `false`. Users of a trusted reverse proxy who are unsure if they manually overode this value should check their config for optimal behavior. Users are running Misskey with a trusted reverse proxy should not be affected by this vulnerability. From v2025.9.1 to v2025.11.1, workaround is available. Set `trustProxy: false` in config file.
π@cveNotify
GitHub
Merge commit from fork Β· misskey-dev/misskey@5512898
* Change trustProxy default value to false
* Update trustProxy default value in example.yml
* Update trustProxy default description in example.yml
* Update trustProxy default value in example.yml
* Update trustProxy default description in example.yml