๐จ CVE-2025-15148
A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing manipulation of the argument content/tempdata can lead to code injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing manipulation of the argument content/tempdata can lead to code injection. The attack may be launched remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
๐จ CVE-2025-15155
A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is identified as 5d11344150973f15e16d3ec4ee7550a73fb995e0. It is advisable to implement a patch to correct this issue.
๐@cveNotify
A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is identified as 5d11344150973f15e16d3ec4ee7550a73fb995e0. It is advisable to implement a patch to correct this issue.
๐@cveNotify
GitHub
sokol_gfx.h: fix another gap in assert check (fixes #1405) ยท floooh/sokol@5d11344
minimal cross-platform standalone C headers. Contribute to floooh/sokol development by creating an account on GitHub.
๐จ CVE-2025-63525
An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.
๐@cveNotify
An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.
๐@cveNotify
๐จ CVE-2025-59700
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition (because of a lack of integrity protection).
๐@cveNotify
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with root access to modify the Recovery Partition (because of a lack of integrity protection).
๐@cveNotify
GitHub
Entrust nShield Connect XC - Multiple Vulnerabilities Leading to Insecure Boot Chain Protections
### Summary
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
๐จ CVE-2025-59704
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password.
๐@cveNotify
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password.
๐@cveNotify
GitHub
Entrust nShield Connect XC - Multiple Vulnerabilities Leading to Insecure Boot Chain Protections
### Summary
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
The tested nShield Connect XC HSM appliance can be rooted and backdoored via physical attack vectors in less than 5 minutes without leaving visible traces or triggering tamper events. ...
๐จ CVE-2025-15200
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /client/show/exceptionStatistics/client ยท Issue #372 ยท sohutv/cachecloud
XSS vulnerability on /client/show/exceptionStatistics/client Summary In the latest version (v3.2) of CacheCloud, the endpoint /client/show/exceptionStatistics/client does not encode user-controllab...
๐จ CVE-2025-15201
A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /web/resource/noPower ยท Issue #373 ยท sohutv/cachecloud
XSS vulnerability on /web/resource/noPower Summary In the latest version (v3.2) of CacheCloud, the endpoint /web/resource/noPower does not encode user-controllable parameters when outputting them o...
๐จ CVE-2025-15202
A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /manage/task/list ยท Issue #374 ยท sohutv/cachecloud
XSS vulnerability on /manage/task/list Summary In the latest version (v3.2) of CacheCloud, the endpoint /manage/task/list does not encode user-controllable parameters when outputting them on web pa...
๐จ CVE-2025-15203
A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /manage/app/resource/index ยท Issue #375 ยท sohutv/cachecloud
XSS vulnerability on /manage/app/resource/index Summary In the latest version (v3.2) of CacheCloud, the endpoint /manage/app/resource/index does not encode user-controllable parameters when outputt...
๐จ CVE-2025-15204
A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /manage/quartz/list ยท Issue #376 ยท sohutv/cachecloud
XSS vulnerability on /manage/quartz/list Summary In the latest version (v3.2) of CacheCloud, the endpoint /manage/quartz/list does not encode user-controllable parameters when outputting them on we...
๐จ CVE-2025-15219
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /manage/machine/list ยท Issue #377 ยท sohutv/cachecloud
XSS vulnerability on /manage/machine/list Summary In the latest version (v3.2) of CacheCloud, the endpoint /manage/machine/list does not encode user-controllable parameters when outputting them on ...
๐จ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
๐@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
๐จ CVE-2025-14596
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro
Installer (SFX)
on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.
๐@cveNotify
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro
Installer (SFX)
on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.
๐@cveNotify
Altera
PSIRT Advisory ASA-0004
Quartusยฎ Prime Pro Security AdvisoryASA-0004CVE ID: CVE-2025-14596A potential security vulnerability in Quartus Prime Pro Edition Installer (SFX) for Windows may allow escalation of privilege.Vulnerability Details:
๐จ CVE-2025-14599
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard
Installer (SFX)
on Windows, Altera Quartus Prime Lite
Installer (SFX)
on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.
๐@cveNotify
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard
Installer (SFX)
on Windows, Altera Quartus Prime Lite
Installer (SFX)
on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.
๐@cveNotify
Altera
PSIRT Advisory ASA-0005
Quartusยฎ Prime Standard and Quartusยฎ Prime Lite Security AdvisoryASA-0005CVE ID: CVE-2025-14599A potential security vulnerability in Quartus Prime Standard Edition Installer (SFX) for Windows and Quartus Prime Lite Edition Installer (SFX) for Windows mayโฆ
๐จ CVE-2025-14605
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.
๐@cveNotify
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.
๐@cveNotify
Altera
PSIRT Advisory ASA-0004
Quartusยฎ Prime Pro Security AdvisoryASA-0004CVE ID: CVE-2025-14596A potential security vulnerability in Quartus Prime Pro Edition Installer (SFX) for Windows may allow escalation of privilege.Vulnerability Details:
๐จ CVE-2025-14612
Insecure Temporary File vulnerability in Altera Quartus Prime Pro
Installer (SFX)
on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.
๐@cveNotify
Insecure Temporary File vulnerability in Altera Quartus Prime Pro
Installer (SFX)
on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.
๐@cveNotify
Altera
PSIRT Advisory ASA-0004
Quartusยฎ Prime Pro Security AdvisoryASA-0004CVE ID: CVE-2025-14596A potential security vulnerability in Quartus Prime Pro Edition Installer (SFX) for Windows may allow escalation of privilege.Vulnerability Details:
๐จ CVE-2025-15471
A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
pentagonal-time-3a7 on Notion
Command Injection Vulnerability in formFSrvX of Trendnet TEW-713RE | Notion
Vulnerability Title: Pre-auth Command Injection Vulnerability in formFSrvX of Trendnet TEW-713RE
๐จ CVE-2025-11561
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.
๐@cveNotify
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.
๐@cveNotify
๐จ CVE-2025-6923
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.This issue affects UNIS: before 42957.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.This issue affects UNIS: before 42957.
๐@cveNotify
๐จ CVE-2025-6924
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.
๐@cveNotify
๐จ CVE-2025-15174
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /manage/app/auditList ยท Issue #370 ยท sohutv/cachecloud
XSS vulnerability on /manage/app/auditList Summary In the latest version (v3.2) of CacheCloud, the endpoint /manage/app/auditList does not encode user-controllable parameters when outputting them o...
โค1