๐จ CVE-2026-0615
The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions.
๐@cveNotify
The Librarian `supervisord` status page can be retrieved by the `web_fetch` tool, which can be used to retrieve running processes within TheLibrarian backend. The vendor has fixed the vulnerability in all affected versions.
๐@cveNotify
mindgard.ai
TheLibrarian.io's AI Security Is Checked Out, and Their Disclosure Response - Mindgard
The Mindgard platform identified high severity vulnerabilities in TheLibrarian.io platform
๐จ CVE-2026-0616
TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.
๐@cveNotify
TheLibrarians web_fetch tool can be used to retrieve the Adminer interface content, which can then be used to log into the internal TheLibrarian backend system. The vendor has fixed the vulnerability in all affected versions.
๐@cveNotify
mindgard.ai
TheLibrarian.io's AI Security Is Checked Out, and Their Disclosure Response - Mindgard
The Mindgard platform identified high severity vulnerabilities in TheLibrarian.io platform
๐จ CVE-2025-15104
Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and 127.0.0.1, these controls can be bypassed using DNS rebinding techniques or domains that resolve to loopback addresses.This issue affects The Nu Html Checker (vnu): latest (commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd).
๐@cveNotify
Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources, including localhost services. While the validator implements hostname-based protections to block direct access to localhost and 127.0.0.1, these controls can be bypassed using DNS rebinding techniques or domains that resolve to loopback addresses.This issue affects The Nu Html Checker (vnu): latest (commit 23f090a11bab8d0d4e698f1ffc197a4fe226a9cd).
๐@cveNotify
Fluidattacks
Nu Html Checker (validator.nu) - Restriction bypass vulnerability allowing local SSRF | Fluid Attacks
CVE-2025-15104: Nu Html Checker (validator.nu) contains a restriction bypass that allows remote attackers to make the server perform arbitrary HTTP/HTTPS requests to internal resources.
๐จ CVE-2025-70298
GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.
๐@cveNotify
GPAC v2.4.0 was discovered to contain an out-of-bounds read in the oggdmx_parse_tags function.
๐@cveNotify
GitHub
POC/dmx_ogg/GPAC_oggdmx_parse_tags_offbyone.md at main ยท zakkanijia/POC
Contribute to zakkanijia/POC development by creating an account on GitHub.
๐จ CVE-2025-70304
A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
๐@cveNotify
A buffer overflow in the vobsub_get_subpic_duration() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted packet.
๐@cveNotify
GitHub
POC/gpac_vobsub/GPAC_vobsub.md at main ยท zakkanijia/POC
Contribute to zakkanijia/POC development by creating an account on GitHub.
๐จ CVE-2025-70305
A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.
๐@cveNotify
A stack overflow in the dmx_saf function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .saf file.
๐@cveNotify
GitHub
POC/gpac_saf/GPAC_SAF.md at main ยท zakkanijia/POC
Contribute to zakkanijia/POC development by creating an account on GitHub.
๐จ CVE-2025-70308
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.
๐@cveNotify
An out-of-bounds read in the GSF demuxer filter component of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .gsf file.
๐@cveNotify
GitHub
POC/gpac_gsf/GPAC_gsf.md at main ยท zakkanijia/POC
Contribute to zakkanijia/POC development by creating an account on GitHub.
๐1
๐จ CVE-2025-70309
A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.
๐@cveNotify
A stack overflow in the pcmreframe_flush_packet function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted WAV file.
๐@cveNotify
GitHub
POC/gpac_rawpcm/GPAC_RFPCM.md at main ยท zakkanijia/POC
Contribute to zakkanijia/POC development by creating an account on GitHub.
๐จ CVE-2025-70310
A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.
๐@cveNotify
A heap overflow in the vorbis_to_intern() function of GPAC v2.4.0 allows attackers to cause a Denial of Service (DoS) via a crafted .ogg file.
๐@cveNotify
GitHub
POC/gpac_dec_vorbis/GPAC_VORBIS.md at main ยท zakkanijia/POC
Contribute to zakkanijia/POC development by creating an account on GitHub.
๐จ CVE-2017-1000226
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
๐@cveNotify
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
๐@cveNotify
Dxw
Stop User Enumeration allows user enumeration via the REST API โ dxw advisories
dxw advisory: Stop User Enumeration allows user enumeration via the REST API (fixed) - July 25, 2017
๐จ CVE-2017-18536
The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.
๐@cveNotify
The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.
๐@cveNotify
WordPress.org
Stop User Enumeration
Helps secure your site against hacking attacks through detecting User Enumeration
๐จ CVE-2020-25760
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
๐@cveNotify
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2020-25761
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.
๐@cveNotify
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.
๐@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
๐จ CVE-2021-24767
The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack
๐@cveNotify
The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack
๐@cveNotify
WPScan
Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF
See details on Redirect 404 Error Page to Homepage or Custom Page with Logs < 1.7.9 - Log Deletion via CSRF CVE 2021-24767. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2022-1952
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.
๐@cveNotify
The Free Booking Plugin for Hotels, Restaurant and Car Rental WordPress plugin before 1.1.16 suffers from insufficient input validation which leads to arbitrary file upload and subsequently to remote code execution. An AJAX action accessible to unauthenticated users is affected by this issue. An allowlist of valid file extensions is defined but is not used during the validation steps.
๐@cveNotify
WPScan
eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload
See details on eaSYNC < 1.1.16 - Unauthenticated Arbitrary File Upload CVE 2022-1952. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2024-39563
A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device.
A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can exploit this vulnerability to execute arbitrary shell commands on the Junos Space Appliance.
This issue affects Junos Space 24.1R1. Previous versions of Junos Space are unaffected by this vulnerability.
๐@cveNotify
A Command Injection vulnerability in Juniper Networks Junos Space allows an unauthenticated, network-based attacker sending a specially crafted request to execute arbitrary shell commands on the Junos Space Appliance, leading to remote command execution by the web application, gaining complete control of the device.
A specific script in the Junos Space web application allows attacker-controlled input from a GET request without sufficient input sanitization. A specially crafted request can exploit this vulnerability to execute arbitrary shell commands on the Junos Space Appliance.
This issue affects Junos Space 24.1R1. Previous versions of Junos Space are unaffected by this vulnerability.
๐@cveNotify
๐จ CVE-2024-7930
A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
cve/sql.md at main ยท Pingxy/cve
Contribute to Pingxy/cve development by creating an account on GitHub.
๐จ CVE-2023-47762
Missing Authorization vulnerability in WPDeveloper BetterDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through 2.5.2.
๐@cveNotify
Missing Authorization vulnerability in WPDeveloper BetterDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through 2.5.2.
๐@cveNotify
๐จ CVE-2024-54223
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Contact Form - Repute InfoSystems ARForms Form Builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through 1.7.1.
๐@cveNotify
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Contact Form - Repute InfoSystems ARForms Form Builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through 1.7.1.
๐@cveNotify
๐จ CVE-2025-2912
A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
Heap-based Buffer Overflow in H5O_msg_flush ยท Issue #5370 ยท HDFGroup/hdf5
Affected Projects hdf5 v1.14.6 (https://github.com/HDFGroup/hdf5) Problem Type CWE-122: Heap-based Buffer Overflow Description Summary A heap-buffer-overflow vulnerability was discovered in the H5O...
๐จ CVE-2025-2913
A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability was found in HDF5 up to 1.14.6. It has been rated as critical. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
๐@cveNotify
GitHub
Use After Free in H5FL__blk_gc_list ยท Issue #5376 ยท HDFGroup/hdf5
Affected Projects hdf5 v1.14.6 (https://github.com/HDFGroup/hdf5) Problem Type CWE-416: Use After Free Description Summary A heap-use-after-free vulnerability was discovered in the H5FL__blk_gc_lis...