π¨ CVE-2023-45771
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8.
π@cveNotify
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contact Form With Captcha allows Reflected XSS.This issue affects Contact Form With Captcha: from n/a through 1.6.8.
π@cveNotify
π¨ CVE-2025-1946
A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
A vulnerability was found in hzmanyun Education and Training System 2.1. It has been rated as critical. Affected by this issue is the function exportPDF of the file /user/exportPDF. The manipulation of the argument id leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
π@cveNotify
GitHub
report/nxb_1.md at main Β· heiheixz/report
Contribute to heiheixz/report development by creating an account on GitHub.
π¨ CVE-2025-27925
Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.
π@cveNotify
Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.
π@cveNotify
π¨ CVE-2025-27926
In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
π@cveNotify
In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
π@cveNotify
π¨ CVE-2025-41077
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality to access the application by impersonating any user, including those with administrative permissions.
π@cveNotify
IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality to access the application by impersonating any user, including those with administrative permissions.
π@cveNotify
www.incibe.es
Multiple vulnerabilities in Viafirma products
INCIBE has coordinated the publication of two vulnerabilities, both high severity, affecting Documents
π¨ CVE-2025-41078
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the generation and signing of documents.
π@cveNotify
Weaknesses in the authorization mechanisms of Viafirma Documents v3.7.129 allow an authenticated user without privileges to list and access other user data, use user creation, modification, and deletion features, and escalate privileges by impersonating other users of the application in the generation and signing of documents.
π@cveNotify
www.incibe.es
Multiple vulnerabilities in Viafirma products
INCIBE has coordinated the publication of two vulnerabilities, both high severity, affecting Documents
π¨ CVE-2025-27796
ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.
π@cveNotify
ReadWPGImage in WPG in GraphicsMagick before 1.3.46 mishandles palette buffer allocation, resulting in out-of-bounds access to heap memory in ReadBlob.
π@cveNotify
π¨ CVE-2025-32460
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
π@cveNotify
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
π@cveNotify
GitLab
ReadJXLImage(): pixel_format.num_channels needs to be 2 for grayscale matte. (8e56520435df) Β· Commits Β· GraphicsMagick / graphicsmagickβ¦
Heptapod FOSS public service
π¨ CVE-2024-56526
An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.
π@cveNotify
An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.
π@cveNotify
π¨ CVE-2025-27795
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
π@cveNotify
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
π@cveNotify
π¨ CVE-2025-25748
A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token.
π@cveNotify
A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token.
π@cveNotify
π¨ CVE-2025-7808
The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
π@cveNotify
WPScan
WP Shopify < 1.5.4 - Reflected XSS
See details on WP Shopify < 1.5.4 - Reflected XSS CVE 2025-7808. View the latest Plugin Vulnerabilities on WPScan.
π¨ CVE-2025-64718
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).
π@cveNotify
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).
π@cveNotify
GitHub
fix prototype pollution in merge (<<) Β· nodeca/js-yaml@383665f
JavaScript YAML parser and dumper. Very fast. Contribute to nodeca/js-yaml development by creating an account on GitHub.
π¨ CVE-2026-0798
Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.
π@cveNotify
Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.
π@cveNotify
Gitea
Gitea 1.25.4 is released | Gitea Blog
We're excited to announce the release of Gitea 1.25.4! We strongly recommend all users upgrade to this version, as it includes important security fixes, numerous bug fixes, and overall stability improvements.
π¨ CVE-2026-20800
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications.
π@cveNotify
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications.
π@cveNotify
Gitea
Gitea 1.25.4 is released | Gitea Blog
We're excited to announce the release of Gitea 1.25.4! We strongly recommend all users upgrade to this version, as it includes important security fixes, numerous bug fixes, and overall stability improvements.
π¨ CVE-2026-20883
Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.
π@cveNotify
Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.
π@cveNotify
Gitea
Gitea 1.25.4 is released | Gitea Blog
We're excited to announce the release of Gitea 1.25.4! We strongly recommend all users upgrade to this version, as it includes important security fixes, numerous bug fixes, and overall stability improvements.
π¨ CVE-2026-20888
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users.
π@cveNotify
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users.
π@cveNotify
Gitea
Gitea 1.25.4 is released | Gitea Blog
We're excited to announce the release of Gitea 1.25.4! We strongly recommend all users upgrade to this version, as it includes important security fixes, numerous bug fixes, and overall stability improvements.
π¨ CVE-2026-20897
Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.
π@cveNotify
Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.
π@cveNotify
Gitea
Gitea 1.25.4 is released | Gitea Blog
We're excited to announce the release of Gitea 1.25.4! We strongly recommend all users upgrade to this version, as it includes important security fixes, numerous bug fixes, and overall stability improvements.
π¨ CVE-2025-12758
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.
π@cveNotify
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.
π@cveNotify
Gist
JS validator isLength bug
JS validator isLength bug. GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2026-1637
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
π@cveNotify
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
π@cveNotify
GitHub
Tenda Router AC21 Latest version - Stack-based Buffer Overflow in `/goform/AdvSetMacMtuWan Β· Issue #25 Β· LX-LX88/cve
NAME OF AFFECTED PRODUCT(S) Tenda Router AC21 Latest version - Stack-based Buffer Overflow in /goform/AdvSetMacMtuWan Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technol...
π¨ CVE-2026-1665
A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget code path (though it was sanitized in the curl code path). An attacker who can set environment variables in a victim's shell environment (e.g., via malicious CI/CD configurations, compromised dotfiles, or Docker images) can inject arbitrary shell commands that execute when the victim runs nvm commands that trigger downloads, such as 'nvm install' or 'nvm ls-remote'.
π@cveNotify
A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget code path (though it was sanitized in the curl code path). An attacker who can set environment variables in a victim's shell environment (e.g., via malicious CI/CD configurations, compromised dotfiles, or Docker images) can inject arbitrary shell commands that execute when the victim runs nvm commands that trigger downloads, such as 'nvm install' or 'nvm ls-remote'.
π@cveNotify
GitHub
GitHub - nvm-sh/nvm: Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions - nvm-sh/nvm