🚨 CVE-2026-24139
MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export endpoint, enabling low-privileged users to access sensitive data they should not have permission to view.
🎖@cveNotify
MyTube is a self-hosted downloader and player for several video websites. Versions 1.7.78 and below do not safeguard against authorization bypass, allowing guest users to download the complete application database. The application fails to properly validate user permissions on the database export endpoint, enabling low-privileged users to access sensitive data they should not have permission to view.
🎖@cveNotify
GitHub
test: Add roleBasedSettingsMiddleware unit tests · franklioxygen/MyTube@e271775
Self-hosted downloader and player for YouTube, Bilibili, MissAV, and yt-dlp sites. Features channel subscriptions, auto-downloads, and local storage for media. Organize your library into collections with a sleek UI. Includes built-in Cloudflare Tunnel support…
🚨 CVE-2026-23848
MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypass via `X-Forwarded-For` header spoofing allows unauthenticated attackers to bypass IP-based rate limiting on general API endpoints. Attackers can spoof client IPs by manipulating the `X-Forwarded-For` header, enabling unlimited requests to protected endpoints, including general API endpoints (enabling DoS) and other rate-limited functionality. Version 1.7.71 contains a patch for the issue.
🎖@cveNotify
MyTube is a self-hosted downloader and player for several video websites. Prior to version 1.7.71, a rate limiting bypass via `X-Forwarded-For` header spoofing allows unauthenticated attackers to bypass IP-based rate limiting on general API endpoints. Attackers can spoof client IPs by manipulating the `X-Forwarded-For` header, enabling unlimited requests to protected endpoints, including general API endpoints (enabling DoS) and other rate-limited functionality. Version 1.7.71 contains a patch for the issue.
🎖@cveNotify
GitHub
refactor: Improve IP extraction and validation safety · franklioxygen/MyTube@bc05745
Self-hosted downloader and player for YouTube, Bilibili, MissAV, and yt-dlp sites. Features channel subscriptions, auto-downloads, and local storage for media. Organize your library into collections with a sleek UI. Includes built-in Cloudflare Tunnel support…
🚨 CVE-2025-69285
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data directly into the PostgreSQL database. The endpoint is explicitly added to the authentication whitelist, causing the TokenMiddleware to bypass all token validation. Uploaded files are parsed by pandas and inserted into the database via to_sql() with if_exists='replace' mode. The vulnerability has been fixed in v1.5.0. No known workarounds are available.
🎖@cveNotify
SQLBot is an intelligent data query system based on a large language model and RAG. Versions prior to 1.5.0 contain a missing authentication vulnerability in the /api/v1/datasource/uploadExcel endpoint, allowing a remote unauthenticated attacker to upload arbitrary Excel/CSV files and inject data directly into the PostgreSQL database. The endpoint is explicitly added to the authentication whitelist, causing the TokenMiddleware to bypass all token validation. Uploaded files are parsed by pandas and inserted into the database via to_sql() with if_exists='replace' mode. The vulnerability has been fixed in v1.5.0. No known workarounds are available.
🎖@cveNotify
GitHub
Release v1.5.0 · dataease/SQLBot
新功能
feat(数据源): 在数据预览页面为表格列增加最小宽度。
feat(数据源): 数据源表结构支持字段检索 #447
feat(数据源): 数据源支持数据表备注信息的导入导出 #557
feat(数据源): 表格关系画布优化
feat(数据源): 新增数据表字段更新功能
feat: 新增 API 密钥支持
feat: 新增 API 文档
feat: 新增参数配置功能
feat: M...
feat(数据源): 在数据预览页面为表格列增加最小宽度。
feat(数据源): 数据源表结构支持字段检索 #447
feat(数据源): 数据源支持数据表备注信息的导入导出 #557
feat(数据源): 表格关系画布优化
feat(数据源): 新增数据表字段更新功能
feat: 新增 API 密钥支持
feat: 新增 API 文档
feat: 新增参数配置功能
feat: M...
🚨 CVE-2026-21520
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
🎖@cveNotify
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
🎖@cveNotify
🚨 CVE-2026-21521
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.
🎖@cveNotify
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.
🎖@cveNotify
🚨 CVE-2026-24127
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
🎖@cveNotify
Typemill is a flat-file, Markdown-based CMS designed for informational documentation websites. A reflected Cross-Site Scripting (XSS) exists in the login error view template `login.twig` of versions 2.19.1 and below. The `username` value can be echoed back without proper contextual encoding when authentication fails. An attacker can execute script in the login page context. This issue has been fixed in version 2.19.2.
🎖@cveNotify
GitHub
Better escaping and ssecurity · typemill/typemill@b506acd
Typemill is a flat-file CMS based on Markdown and designed for informational websites like documentation, manuals, and handbooks. - Better escaping and ssecurity · typemill/typemill@b506acd
🚨 CVE-2026-1446
There is a Cross Site Scripting issue in Esri ArcGIS Pro versions 3.6.0 and earlier. A local attacker could supply malicious strings into ArcGIS Pro which may execute when a specific dialog is opened. This issue is fixed in ArcGIS Pro 3.6.1.
🎖@cveNotify
There is a Cross Site Scripting issue in Esri ArcGIS Pro versions 3.6.0 and earlier. A local attacker could supply malicious strings into ArcGIS Pro which may execute when a specific dialog is opened. This issue is fixed in ArcGIS Pro 3.6.1.
🎖@cveNotify
ArcGIS Blog
ArcGIS Pro 3.6.1 Patch
Esri has released the ArcGIS Pro 3.6.1 Patch which resolves one medium severity vulnerability in ArcGIS Pro.
🚨 CVE-2025-7397
A vulnerability in the ascgshell, of
Brocade ASCG before 3.3.0 stores any command executed in the Command
Line Interface (CLI) in plain text within the command history. A local
authenticated user that can access sensitive information like passwords
within the CLI history leading to unauthorized access and potential data
breaches.
🎖@cveNotify
A vulnerability in the ascgshell, of
Brocade ASCG before 3.3.0 stores any command executed in the Command
Line Interface (CLI) in plain text within the command history. A local
authenticated user that can access sensitive information like passwords
within the CLI history leading to unauthorized access and potential data
breaches.
🎖@cveNotify
🚨 CVE-2025-7398
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
🎖@cveNotify
Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.
🎖@cveNotify
🚨 CVE-2025-62408
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
🎖@cveNotify
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.
🎖@cveNotify
GitHub
Merge commit from fork · c-ares/c-ares@714bf56
* reproducer test case
* enqueue callbacks to be processed within process_answer rather than calling directly as that may lead to the connection being destroyed
* combine requeue and endqueue int...
* enqueue callbacks to be processed within process_answer rather than calling directly as that may lead to the connection being destroyed
* combine requeue and endqueue int...
🚨 CVE-2025-66039
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.
🎖@cveNotify
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions are vulnerable to authentication bypass when the authentication type is set to "webserver." When providing an Authorization header with an arbitrary value, a session is associated with the target user regardless of valid credentials. This issue is fixed in versions 16.0.44 and 17.0.23.
🎖@cveNotify
GitHub
Merge 2.3 branch to trunk, following 2.3.0 release. · FreePBX/framework@0422425
Merged revisions 4133-4134,4136-4139,4141-4992 via svnmerge from
https://amportal.svn.sourceforge.net/svnroot/amportal/freepbx/branches/2.3
................
r4146 | p_lindheimer | 2007-06-21 22...
https://amportal.svn.sourceforge.net/svnroot/amportal/freepbx/branches/2.3
................
r4146 | p_lindheimer | 2007-06-21 22...
🚨 CVE-2026-23892
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a cryptographical method with static runtime regardless of the point of mismatch, an attacker with network based access to an affected OctoPrint could extract API keys valid on the instance by measuring the response times of the denied access responses and guess an API key character by character. The vulnerability is patched in version 1.11.6. The likelihood of this attack actually working is highly dependent on the network's latency, noise and similar parameters. An actual proof of concept was not achieved so far. Still, as always administrators are advised to not expose their OctoPrint instance on hostile networks, especially not on the public Internet.
🎖@cveNotify
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up to and including 1.11.5 are affected by a (theoretical) timing attack vulnerability that allows API key extraction over the network. Due to using character based comparison that short-circuits on the first mismatched character during API key validation, rather than a cryptographical method with static runtime regardless of the point of mismatch, an attacker with network based access to an affected OctoPrint could extract API keys valid on the instance by measuring the response times of the denied access responses and guess an API key character by character. The vulnerability is patched in version 1.11.6. The likelihood of this attack actually working is highly dependent on the network's latency, noise and similar parameters. An actual proof of concept was not achieved so far. Still, as always administrators are advised to not expose their OctoPrint instance on hostile networks, especially not on the public Internet.
🎖@cveNotify
GitHub
fix: use hmac.compare_digest for checking api keys · OctoPrint/OctoPrint@249fd80
It's time static, which == is not.
See GHSA-xg4x-w2j3-57h6
See GHSA-xg4x-w2j3-57h6
🚨 CVE-2026-24842
node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.
🎖@cveNotify
node-tar,a Tar for Node.js, contains a vulnerability in versions prior to 7.5.7 where the security check for hardlink entries uses different path resolution semantics than the actual hardlink creation logic. This mismatch allows an attacker to craft a malicious TAR archive that bypasses path traversal protections and creates hardlinks to arbitrary files outside the extraction directory. Version 7.5.7 contains a fix for the issue.
🎖@cveNotify
GitHub
fix: properly sanitize hard links containing .. · isaacs/node-tar@f4a7aa9
Fix: https://github.com/isaacs/node-tar/security/advisories/GHSA-34x7-hfp2-rc4v
The issue here is that *hard* links are resolved relative to the unpack
cwd, so if they have `..`, they cannot possi...
The issue here is that *hard* links are resolved relative to the unpack
cwd, so if they have `..`, they cannot possi...
🚨 CVE-2018-7543
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.
🎖@cveNotify
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.
🎖@cveNotify
🚨 CVE-2018-17207
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
🎖@cveNotify
An issue was discovered in Snap Creek Duplicator before 1.2.42. By accessing leftover installer files (installer.php and installer-backup.php), an attacker can inject PHP code into wp-config.php during the database setup step, achieving arbitrary code execution.
🎖@cveNotify
🚨 CVE-2020-11738
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
🎖@cveNotify
The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Duplicator Pro before 3.8.7.1) allows Directory Traversal via ../ in the file parameter to duplicator_download or duplicator_init.
🎖@cveNotify
packetstorm.news
Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories, and Whitepapers
🚨 CVE-2022-2551
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.
🎖@cveNotify
The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating.
🎖@cveNotify
GitHub
CVEsLab/CVE-2022-2551 at main · SecuriTrust/CVEsLab
💀 A collection of proof-of-concept exploit scripts on docker lab environments has been discovered by Securi Trust Team. Vulnerabilities has been written by SecuriTrust team for various CVEs. - Secu...
🚨 CVE-2022-2552
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
🎖@cveNotify
The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site.
🎖@cveNotify
GitHub
CVEsLab/CVE-2022-2552 at main · SecuriTrust/CVEsLab
💀 A collection of proof-of-concept exploit scripts on docker lab environments has been discovered by Securi Trust Team. Vulnerabilities has been written by SecuriTrust team for various CVEs. - Secu...
🚨 CVE-2018-25095
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.
🎖@cveNotify
The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server.
🎖@cveNotify
WPScan
Duplicator < 1.3.0 - Unauthenticated RCE
See details on Duplicator < 1.3.0 - Unauthenticated RCE CVE 2018-25095. View the latest Plugin Vulnerabilities on WPScan.
🚨 CVE-2025-6391
Brocade ASCG before 3.3.0 logs JSON
Web Tokens (JWT) in log files. An attacker with access to the log files
can withdraw the unencrypted tokens with security implications, such as
unauthorized access, session hijacking, and information disclosure.
🎖@cveNotify
Brocade ASCG before 3.3.0 logs JSON
Web Tokens (JWT) in log files. An attacker with access to the log files
can withdraw the unencrypted tokens with security implications, such as
unauthorized access, session hijacking, and information disclosure.
🎖@cveNotify
👏1
🚨 CVE-2025-2501
An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
🎖@cveNotify
An untrusted search path vulnerability was reported in Lenovo PC Manager that could allow a local attacker to elevate privileges.
🎖@cveNotify