๐จ CVE-2025-32460
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
๐@cveNotify
GraphicsMagick before 8e56520 has a heap-based buffer over-read in ReadJXLImage in coders/jxl.c, related to an ImportViewPixelArea call.
๐@cveNotify
GitLab
ReadJXLImage(): pixel_format.num_channels needs to be 2 for grayscale matte. (8e56520435df) ยท Commits ยท GraphicsMagick / graphicsmagickโฆ
Heptapod FOSS public service
๐จ CVE-2024-56526
An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.
๐@cveNotify
An issue was discovered in OXID eShop before 7. CMS pages in combination with Smarty may display user information if a CMS page contains a Smarty syntax error.
๐@cveNotify
๐จ CVE-2025-27795
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
๐@cveNotify
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
๐@cveNotify
๐จ CVE-2025-25748
A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token.
๐@cveNotify
A CSRF vulnerability in the gestione_utenti.php endpoint of HotelDruid 3.0.7 allows attackers to perform unauthorized actions (e.g., modifying user passwords) on behalf of authenticated users by exploiting the lack of origin or referrer validation and the absence of CSRF tokens. NOTE: this is disputed because there is an id_sessione CSRF token.
๐@cveNotify
๐จ CVE-2025-7808
The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
๐@cveNotify
The WP Shopify WordPress plugin before 1.5.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
๐@cveNotify
WPScan
WP Shopify < 1.5.4 - Reflected XSS
See details on WP Shopify < 1.5.4 - Reflected XSS CVE 2025-7808. View the latest Plugin Vulnerabilities on WPScan.
๐จ CVE-2025-64718
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).
๐@cveNotify
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).
๐@cveNotify
GitHub
fix prototype pollution in merge (<<) ยท nodeca/js-yaml@383665f
JavaScript YAML parser and dumper. Very fast. Contribute to nodeca/js-yaml development by creating an account on GitHub.
๐จ CVE-2026-0798
Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.
๐@cveNotify
Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.
๐@cveNotify
Gitea
Gitea 1.25.4 is released | Gitea Blog
We're excited to announce the release of Gitea 1.25.4! We strongly recommend all users upgrade to this version, as it includes important security fixes, numerous bug fixes, and overall stability improvements.
๐จ CVE-2026-20800
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications.
๐@cveNotify
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications.
๐@cveNotify
Gitea
Gitea 1.25.4 is released | Gitea Blog
We're excited to announce the release of Gitea 1.25.4! We strongly recommend all users upgrade to this version, as it includes important security fixes, numerous bug fixes, and overall stability improvements.
๐จ CVE-2026-20883
Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.
๐@cveNotify
Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.
๐@cveNotify
Gitea
Gitea 1.25.4 is released | Gitea Blog
We're excited to announce the release of Gitea 1.25.4! We strongly recommend all users upgrade to this version, as it includes important security fixes, numerous bug fixes, and overall stability improvements.
๐จ CVE-2026-20888
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users.
๐@cveNotify
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users.
๐@cveNotify
Gitea
Gitea 1.25.4 is released | Gitea Blog
We're excited to announce the release of Gitea 1.25.4! We strongly recommend all users upgrade to this version, as it includes important security fixes, numerous bug fixes, and overall stability improvements.
๐จ CVE-2026-20897
Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.
๐@cveNotify
Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.
๐@cveNotify
Gitea
Gitea 1.25.4 is released | Gitea Blog
We're excited to announce the release of Gitea 1.25.4! We strongly recommend all users upgrade to this version, as it includes important security fixes, numerous bug fixes, and overall stability improvements.
๐จ CVE-2025-12758
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.
๐@cveNotify
Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isLength for input validation accepting strings significantly longer than intended, resulting in issues like data truncation in databases, buffer overflows in other system components, or denial-of-service.
๐@cveNotify
Gist
JS validator isLength bug
JS validator isLength bug. GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-1637
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
๐@cveNotify
A vulnerability was identified in Tenda AC21 16.03.08.16. The affected element is the function fromAdvSetMacMtuWan of the file /goform/AdvSetMacMtuWan. The manipulation leads to stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
๐@cveNotify
GitHub
Tenda Router AC21 Latest version - Stack-based Buffer Overflow in `/goform/AdvSetMacMtuWan ยท Issue #25 ยท LX-LX88/cve
NAME OF AFFECTED PRODUCT(S) Tenda Router AC21 Latest version - Stack-based Buffer Overflow in /goform/AdvSetMacMtuWan Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technol...
๐จ CVE-2026-1665
A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget code path (though it was sanitized in the curl code path). An attacker who can set environment variables in a victim's shell environment (e.g., via malicious CI/CD configurations, compromised dotfiles, or Docker images) can inject arbitrary shell commands that execute when the victim runs nvm commands that trigger downloads, such as 'nvm install' or 'nvm ls-remote'.
๐@cveNotify
A command injection vulnerability exists in nvm (Node Version Manager) versions 0.40.3 and below. The nvm_download() function uses eval to execute wget commands, and the NVM_AUTH_HEADER environment variable was not sanitized in the wget code path (though it was sanitized in the curl code path). An attacker who can set environment variables in a victim's shell environment (e.g., via malicious CI/CD configurations, compromised dotfiles, or Docker images) can inject arbitrary shell commands that execute when the victim runs nvm commands that trigger downloads, such as 'nvm install' or 'nvm ls-remote'.
๐@cveNotify
GitHub
GitHub - nvm-sh/nvm: Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions
Node Version Manager - POSIX-compliant bash script to manage multiple active node.js versions - nvm-sh/nvm
๐จ CVE-2025-5377
A vulnerability was found in Astun Technology iShare Maps 5.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file historic1.asp. The manipulation of the argument Zoom leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability was found in Astun Technology iShare Maps 5.4.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file historic1.asp. The manipulation of the argument Zoom leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
๐จ CVE-2025-5378
A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of the file mycouncil2.aspx. The manipulation of the argument atTxtStreet leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
A vulnerability classified as problematic has been found in Astun Technology iShare Maps 5.4.0. This affects an unknown part of the file mycouncil2.aspx. The manipulation of the argument atTxtStreet leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
๐@cveNotify
๐จ CVE-2025-5884
A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
๐จ CVE-2025-69517
An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agent_id parameter accepts up to 255 characters and is improperly sanitized using DOMPurify.sanitize() with the html: true option enabled, which fails to adequately filter HTML input. The injected HTML is rendered in the Tactical RMM management panel when an administrator attempts to remove or shut down the affected agent, potentially leading to client-side attacks such as UI manipulation or phishing. NOTE: the Supplier's position is that this has incorrect information.
๐@cveNotify
An HTML injection vulnerability in Amidaware Inc Tactical RMM v1.3.1 and earlier allows authenticated users to inject arbitrary HTML content during the creation of a new agent via the POST /api/v3/newagent/ endpoint. The agent_id parameter accepts up to 255 characters and is improperly sanitized using DOMPurify.sanitize() with the html: true option enabled, which fails to adequately filter HTML input. The injected HTML is rendered in the Tactical RMM management panel when an administrator attempts to remove or shut down the affected agent, potentially leading to client-side attacks such as UI manipulation or phishing. NOTE: the Supplier's position is that this has incorrect information.
๐@cveNotify
Gist
CVE-2025-69517.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2026-1638
A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
๐@cveNotify
A security flaw has been discovered in Tenda AC21 1.1.1.1/1.dmzip/16.03.08.16. The impacted element is the function mDMZSetCfg of the file /goform/mDMZSetCfg. The manipulation of the argument dmzIp results in command injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
๐@cveNotify
GitHub
Tenda Router AC21 Latest version - Stored Command Injection in `/goform/mDMZSetCfg ยท Issue #26 ยท LX-LX88/cve
NAME OF AFFECTED PRODUCT(S) Tenda Router AC21 Latest version - Stored Command Injection in /goform/mDMZSetCfg Vulnerability Details Detail Information Vendor Shenzhen Jixiang Tengda Technology Co.,...
๐จ CVE-2025-5885
A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
๐@cveNotify
๐จ CVE-2025-6775
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component.
๐@cveNotify
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.8 is able to address this issue. The patch is named e23559b98c8ea2957f09978c29f4e512ba789eb6. It is recommended to upgrade the affected component.
๐@cveNotify
GitHub
Fix the vulnerability ยท xiaoyunjie/openvpn-cms-flask@e23559b
ๅบไบopenvpn็web็ฎก็็ณป็ป๏ผๅๅ็ซฏๅ็ฆป่ฎพ่ฎกใ. Contribute to xiaoyunjie/openvpn-cms-flask development by creating an account on GitHub.