๐จ CVE-2025-14596
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro
Installer (SFX)
on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.
๐@cveNotify
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro
Installer (SFX)
on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1.
๐@cveNotify
Altera
PSIRT Advisory ASA-0004
Quartusยฎ Prime Pro Security AdvisoryASA-0004CVE ID: CVE-2025-14596A potential security vulnerability in Quartus Prime Pro Edition Installer (SFX) for Windows may allow escalation of privilege.Vulnerability Details:
๐จ CVE-2025-14599
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard
Installer (SFX)
on Windows, Altera Quartus Prime Lite
Installer (SFX)
on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.
๐@cveNotify
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Standard
Installer (SFX)
on Windows, Altera Quartus Prime Lite
Installer (SFX)
on Windows allows Search Order Hijacking.This issue affects Quartus Prime Standard: from 23.1 through 24.1; Quartus Prime Lite: from 23.1 through 24.1.
๐@cveNotify
Altera
PSIRT Advisory ASA-0005
Quartusยฎ Prime Standard and Quartusยฎ Prime Lite Security AdvisoryASA-0005CVE ID: CVE-2025-14599A potential security vulnerability in Quartus Prime Standard Edition Installer (SFX) for Windows and Quartus Prime Lite Edition Installer (SFX) for Windows mayโฆ
๐จ CVE-2025-14605
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.
๐@cveNotify
Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro on Windows (System Console modules) allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 17.0 through 25.1.1.
๐@cveNotify
Altera
PSIRT Advisory ASA-0004
Quartusยฎ Prime Pro Security AdvisoryASA-0004CVE ID: CVE-2025-14596A potential security vulnerability in Quartus Prime Pro Edition Installer (SFX) for Windows may allow escalation of privilege.Vulnerability Details:
๐จ CVE-2025-14612
Insecure Temporary File vulnerability in Altera Quartus Prime Pro
Installer (SFX)
on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.
๐@cveNotify
Insecure Temporary File vulnerability in Altera Quartus Prime Pro
Installer (SFX)
on Windows allows : Use of Predictable File Names.This issue affects Quartus Prime Pro: from 24.1 through 25.1.1.
๐@cveNotify
Altera
PSIRT Advisory ASA-0004
Quartusยฎ Prime Pro Security AdvisoryASA-0004CVE ID: CVE-2025-14596A potential security vulnerability in Quartus Prime Pro Edition Installer (SFX) for Windows may allow escalation of privilege.Vulnerability Details:
๐จ CVE-2025-15471
A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was detected in TRENDnet TEW-713RE 1.02. The impacted element is an unknown function of the file /goformX/formFSrvX. The manipulation of the argument SZCMD results in os command injection. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
pentagonal-time-3a7 on Notion
Command Injection Vulnerability in formFSrvX of Trendnet TEW-713RE | Notion
Vulnerability Title: Pre-auth Command Injection Vulnerability in formFSrvX of Trendnet TEW-713RE
๐จ CVE-2025-11561
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.
๐@cveNotify
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.
๐@cveNotify
๐จ CVE-2025-6923
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.This issue affects UNIS: before 42957.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software UNIS allows Reflected XSS.This issue affects UNIS: before 42957.
๐@cveNotify
๐จ CVE-2025-6924
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Talent Software e-BAP Automation allows Reflected XSS.This issue affects e-BAP Automation: before 42957.
๐@cveNotify
๐จ CVE-2025-15174
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /manage/app/auditList ยท Issue #370 ยท sohutv/cachecloud
XSS vulnerability on /manage/app/auditList Summary In the latest version (v3.2) of CacheCloud, the endpoint /manage/app/auditList does not encode user-controllable parameters when outputting them o...
โค1
๐จ CVE-2025-15175
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /admin/app/commandAnalysis ยท Issue #371 ยท sohutv/cachecloud
XSS vulnerability on /admin/app/commandAnalysis Summary In the latest version (v3.2) of CacheCloud, the endpoint /admin/app/commandAnalysis does not encode user-controllable parameters when outputt...
๐จ CVE-2025-32303
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.
๐@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla WPCHURCH allows Blind SQL Injection.This issue affects WPCHURCH: from n/a through 2.7.0.
๐@cveNotify
Patchstack
SQL Injection in WordPress WPCHURCH Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2025-15171
A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /server/index ยท Issue #367 ยท sohutv/cachecloud
XSS vulnerability on /server/index Summary In the latest version (v3.2) of CacheCloud, the endpoint /server/index does not encode user-controllable parameters when outputting them on web page, resu...
๐จ CVE-2025-15172
A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /manage/redisConfig/preview ยท Issue #368 ยท sohutv/cachecloud
XSS vulnerability on /manage/redisConfig/preview Summary In the latest version (v3.2) of CacheCloud, the endpoint /manage/redisConfig/preview does not encode user-controllable parameters when outpu...
๐จ CVE-2025-15173
A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /admin/instance/advancedAnalysis ยท Issue #369 ยท sohutv/cachecloud
XSS vulnerability on /admin/instance/advancedAnalysis Summary In the latest version (v3.2) of CacheCloud, the endpoint /admin/instance/advancedAnalysis does not encode user-controllable parameters ...
๐จ CVE-2023-51794
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
๐@cveNotify
Buffer Overflow vulnerability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavfilter/af_stereowiden.c:120:69.
๐@cveNotify
๐จ CVE-2025-32185
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder allows Stored XSS. This issue affects Colibri Page Builder: from n/a through 1.0.319.
๐@cveNotify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Extend Themes Colibri Page Builder allows Stored XSS. This issue affects Colibri Page Builder: from n/a through 1.0.319.
๐@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Colibri Page Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
๐จ CVE-2025-15144
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
๐จ CVE-2025-15145
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /manage/total/list ยท Issue #365 ยท sohutv/cachecloud
XSS vulnerability on /manage/total/list Summary In the latest version (v3.2) of CacheCloud, the endpoint /manage/total/list does not encode user-controllable parameters when outputting them on web ...
๐จ CVE-2025-68973
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
๐@cveNotify
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
๐@cveNotify
GitHub
gnupg/g10/armor.c at ff30683418695f5d2cc9e6cf8c9418e09378ebe4 ยท gpg/gnupg
The GNU Privacy Guard. NOTE: Maintainers are not tracking this mirror. Do not make pull requests here, nor comment any commits, submit them usual way to bug tracker (https://www.gnupg.org/documenta...
๐จ CVE-2025-15146
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
๐@cveNotify
GitHub
XSS vulnerability on /manage/user/list ยท Issue #366 ยท sohutv/cachecloud
Summary In the latest version (v3.2) of CacheCloud, the endpoint /manage/user/list does not encode user-controllable parameters when outputting them on web page, resulting in XSS vulnerability. Thi...
๐จ CVE-2024-25181
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "file_get_contents" function within the "save.php" file.
๐@cveNotify
A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "file_get_contents" function within the "save.php" file.
๐@cveNotify
Gist
CVE-2024-25181
CVE-2024-25181. GitHub Gist: instantly share code, notes, and snippets.