🚨 CVE-2025-6298
ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
🎖@cveNotify
ACAP applications can gain elevated privileges due to improper input validation, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
🎖@cveNotify
🚨 CVE-2025-14409
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27120.
🎖@cveNotify
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27120.
🎖@cveNotify
Zerodayinitiative
ZDI-25-1082
(0Day) Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
🚨 CVE-2025-14410
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-27142.
🎖@cveNotify
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-27142.
🎖@cveNotify
Zerodayinitiative
ZDI-25-1083
(0Day) Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
🚨 CVE-2025-14411
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-27140.
🎖@cveNotify
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-27140.
🎖@cveNotify
Zerodayinitiative
ZDI-25-1084
(0Day) Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
🚨 CVE-2025-14412
Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of XLS files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27495.
🎖@cveNotify
Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of XLS files. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27495.
🎖@cveNotify
Zerodayinitiative
ZDI-25-1085
(0Day) Soda PDF Desktop XLS File Insufficient UI Warning Remote Code Execution Vulnerability
🚨 CVE-2025-14415
Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of the Launch action. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27494.
🎖@cveNotify
Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the implementation of the Launch action. The issue results from allowing the execution of dangerous script without user warning. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27494.
🎖@cveNotify
Zerodayinitiative
ZDI-25-1088
(0Day) Soda PDF Desktop Launch Insufficient UI Warning Remote Code Execution Vulnerability
🚨 CVE-2025-71164
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the Editing component. The images parameter (submitted as images[] in a POST request) is reflected into an HTML href attribute without proper context-aware output encoding in include/tool/Editing.php. An authenticated attacker with editing privileges can supply a JavaScript pseudo-protocol (e.g., javascript:) to trigger arbitrary JavaScript execution in the context of the victim's browser session.
🎖@cveNotify
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the Editing component. The images parameter (submitted as images[] in a POST request) is reflected into an HTML href attribute without proper context-aware output encoding in include/tool/Editing.php. An authenticated attacker with editing privileges can supply a JavaScript pseudo-protocol (e.g., javascript:) to trigger arbitrary JavaScript execution in the context of the victim's browser session.
🎖@cveNotify
GitHub
GitHub - Typesetter/Typesetter: Open source CMS written in PHP focused on ease of use with true WYSIWYG editing and flat-file storage.
Open source CMS written in PHP focused on ease of use with true WYSIWYG editing and flat-file storage. - Typesetter/Typesetter
🚨 CVE-2024-30193
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17.
🎖@cveNotify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.1.17.
🎖@cveNotify
🚨 CVE-2024-30197
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.
🎖@cveNotify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Moyle Church Admin allows Stored XSS.This issue affects Church Admin: from n/a through 4.0.26.
🎖@cveNotify
Patchstack
Cross Site Scripting (XSS) in WordPress Church Admin Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-30244
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
🎖@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.0.27.
🎖@cveNotify
🚨 CVE-2024-30493
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.
🎖@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.7.
🎖@cveNotify
🚨 CVE-2024-30505
Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18.
🎖@cveNotify
Missing Authorization vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.18.
🎖@cveNotify
🚨 CVE-2024-31280
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.
🎖@cveNotify
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.5.
🎖@cveNotify
🚨 CVE-2023-39309
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
🎖@cveNotify
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThemeFusion Fusion Builder.This issue affects Fusion Builder: from n/a through 3.11.1.
🎖@cveNotify
Patchstack
SQL Injection in WordPress Fusion Builder Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-31373
Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue affects e2pdf: from n/a through 1.20.27.
🎖@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in E2Pdf.This issue affects e2pdf: from n/a through 1.20.27.
🎖@cveNotify
🚨 CVE-2024-27460
A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.
🎖@cveNotify
A privilege escalation exists in the updater for Plantronics Hub 3.25.1 and below.
🎖@cveNotify
🚨 CVE-2024-31771
Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file
🎖@cveNotify
Insecure Permission vulnerability in TotalAV v.6.0.740 allows a local attacker to escalate privileges via a crafted file
🎖@cveNotify
GitHub
GitHub - restdone/CVE-2024-31771
Contribute to restdone/CVE-2024-31771 development by creating an account on GitHub.
🚨 CVE-2024-35637
Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6.
🎖@cveNotify
Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6.
🎖@cveNotify
🚨 CVE-2024-37418
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.
🎖@cveNotify
Unrestricted Upload of File with Dangerous Type vulnerability in Andy Moyle Church Admin allows Upload a Web Shell to a Web Server.This issue affects Church Admin: from n/a through 4.4.6.
🎖@cveNotify
Patchstack
Arbitrary File Upload in WordPress Church Admin Plugin
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-37415
Missing Authorization vulnerability in E2Pdf.Com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through 1.20.27.
🎖@cveNotify
Missing Authorization vulnerability in E2Pdf.Com allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects e2pdf: from n/a through 1.20.27.
🎖@cveNotify
🚨 CVE-2024-37440
Missing Authorization vulnerability in Andy Moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.4.4.
🎖@cveNotify
Missing Authorization vulnerability in Andy Moyle Church Admin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Church Admin: from n/a through 4.4.4.
🎖@cveNotify