π¨ CVE-2025-71003
An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
π@cveNotify
An input validation vulnerability in the flow.arange() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
π@cveNotify
GitHub
Daisy2ang - Overview
Daisy2ang has one repository available. Follow their code on GitHub.
π¨ CVE-2020-37033
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potentially extract or modify database information.
π@cveNotify
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usr_name' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usr_name' parameter to potentially extract or modify database information.
π@cveNotify
Insite Software, an Episerver Company
Infor Storefront | Insite Software, an Episerver Company
π¨ CVE-2020-37034
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files.
π@cveNotify
HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive configuration and system files.
π@cveNotify
web.archive.org
(μ£Ό)ν¬λ‘μΉ | ννμ΄μ§μ μ
ννμ΄μ§ μ μ,λ°μν ννμ΄μ§μ μ,μλνλ μ€ μ μ μ λ¬Έ μΉμμ΄μ μ,μΉμ΄μλ μμ ν¬λ‘μΉ,μ€μκΈ°μ
ννμ΄μ§μ μ,κΈ°μ
ννμ΄μ§μ μ,ννμ΄μ§μ μ 견μ ,μΉλμμΈ,ννμ΄μ§μ μ λΉμ©,λ°μν μΉ κ΅¬μΆ
π¨ CVE-2020-37035
e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive database information.
π@cveNotify
e-Learning PHP Script 0.1.0 contains a SQL injection vulnerability in the search functionality that allows attackers to manipulate database queries through unvalidated user input. Attackers can inject malicious SQL code in the 'search' parameter to potentially extract, modify, or access sensitive database information.
π@cveNotify
GitHub
GitHub - amitkolloldey/elearning-script: E Learning Blog Developed In Raw PHP
E Learning Blog Developed In Raw PHP. Contribute to amitkolloldey/elearning-script development by creating an account on GitHub.
π¨ CVE-2020-37036
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe.
π@cveNotify
RM Downloader 2.50.60 contains a local buffer overflow vulnerability in the 'Load' parameter that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload with an egg hunter technique to bypass memory protections and execute commands like launching calc.exe.
π@cveNotify
GitHub
GitHub - x00x00x00x00/RMDownloader_2.50.60
Contribute to x00x00x00x00/RMDownloader_2.50.60 development by creating an account on GitHub.
π¨ CVE-2025-41086
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculate the checksum and generate a valid license to grant themselves full privileges without credentials or access to the source code, allowing them unrestricted access to GAMS's mathematical models and commercial solvers.
π@cveNotify
Vulnerability in the access control system of the GAMS licensing system that allows unlimited valid licenses to be generated, bypassing any usage restrictions. The validator uses an insecure checksum algorithm; knowing this algorithm and the format of the license lines, an attacker can recalculate the checksum and generate a valid license to grant themselves full privileges without credentials or access to the source code, allowing them unrestricted access to GAMS's mathematical models and commercial solvers.
π@cveNotify
π¨ CVE-2025-9127
A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions.
π@cveNotify
A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions.
π@cveNotify
π¨ CVE-2025-46696
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
π@cveNotify
Dell Secure Connect Gateway (SCG) 5.0 Appliance and Application, version(s) versions 5.26 to 5.30, contain(s) an Execution with Unnecessary Privileges vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
π@cveNotify
π¨ CVE-2025-71001
A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
π@cveNotify
A segmentation violation in the flow.column_stack component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input.
π@cveNotify
Oneflow
Oneflow | Contract Lifecycle Management That Turns Contracts into Data
Oneflow is a Contract Lifecycle Management platform that transforms static contracts into dynamic data - giving visibility into obligations, renewals, risks and revenue.
π¨ CVE-2025-63650
An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
An out-of-bounds read in the mk_ptr_to_buf in mk_core function (mk_memory.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
GitHub
security-advisories/monkey/monkey-advisory-2025.md at master Β· archersec/security-advisories
Security advisories for CVE publication. Contribute to archersec/security-advisories development by creating an account on GitHub.
π¨ CVE-2025-63651
A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
A use-after-free in the mk_string_char_search function (mk_core/mk_string.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
GitHub
security-advisories/monkey/monkey-advisory-2025.md at master Β· archersec/security-advisories
Security advisories for CVE publication. Contribute to archersec/security-advisories development by creating an account on GitHub.
π¨ CVE-2025-63652
A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
A use-after-free in the mk_http_request_end function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
GitHub
security-advisories/monkey/monkey-advisory-2025.md at master Β· archersec/security-advisories
Security advisories for CVE publication. Contribute to archersec/security-advisories development by creating an account on GitHub.
π¨ CVE-2025-63653
An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
An out-of-bounds read in the mk_vhost_fdt_close function (mk_server/mk_vhost.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
GitHub
security-advisories/monkey/monkey-advisory-2025.md at master Β· archersec/security-advisories
Security advisories for CVE publication. Contribute to archersec/security-advisories development by creating an account on GitHub.
π¨ CVE-2025-63655
A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
A NULL pointer dereference in the mk_http_range_parse function (mk_server/mk_http.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
GitHub
security-advisories/monkey/monkey-advisory-2025.md at master Β· archersec/security-advisories
Security advisories for CVE publication. Contribute to archersec/security-advisories development by creating an account on GitHub.
π¨ CVE-2025-63656
An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
An out-of-bounds read in the header_cmp function (mk_server/mk_http_parser.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
GitHub
security-advisories/monkey/monkey-advisory-2025.md at master Β· archersec/security-advisories
Security advisories for CVE publication. Contribute to archersec/security-advisories development by creating an account on GitHub.
π¨ CVE-2025-63657
An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
An out-of-bounds read in the mk_mimetype_find function (mk_server/mk_mimetype.c) of monkey commit f37e984 allows attackers to cause a Denial of Service (DoS) via sending a crafted HTTP request to the server.
π@cveNotify
GitHub
security-advisories/monkey/monkey-advisory-2025.md at master Β· archersec/security-advisories
Security advisories for CVE publication. Contribute to archersec/security-advisories development by creating an account on GitHub.
π¨ CVE-2025-15115
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin with arbitrary Google IDs and phoneBrand parameters to obtain full session tokens and account access without proper OAuth verification.
π@cveNotify
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerability that allows unauthenticated attackers to access any user account by exploiting OAuth token validation flaws in the social login system. Attackers can send requests to /member/auth/thirdLogin with arbitrary Google IDs and phoneBrand parameters to obtain full session tokens and account access without proper OAuth verification.
π@cveNotify
Bobdahacker
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active forβ¦
π¨ CVE-2025-3646
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized access to devices and view owner information without proper authorization validation.
π@cveNotify
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerability that allows unauthorized users to add users as shared owners to any device by exploiting missing permission checks. Attackers can send requests to the device share API to gain unauthorized access to devices and view owner information without proper authorization validation.
π@cveNotify
Bobdahacker
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active forβ¦
π¨ CVE-2025-3652
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. Attackers can send requests to /device/deviceAudio/use with arbitrary audio IDs to assign recordings to any device, then retrieve audio URLs to access other users' private recordings.
π@cveNotify
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to private audio recordings by exploiting sequential audio IDs and insecure assignment endpoints. Attackers can send requests to /device/deviceAudio/use with arbitrary audio IDs to assign recordings to any device, then retrieve audio URLs to access other users' private recordings.
π@cveNotify
Bobdahacker
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active forβ¦
π¨ CVE-2025-3653
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device control APIs to change feeding schedules, trigger manual feeds, access camera feeds, and modify device settings without authorization checks.
π@cveNotify
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulnerability that allows unauthorized device manipulation by accepting arbitrary serial numbers without ownership verification. Attackers can control any device by sending serial numbers to device control APIs to change feeding schedules, trigger manual feeds, access camera feeds, and modify device settings without authorization checks.
π@cveNotify
Bobdahacker
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active forβ¦
π¨ CVE-2025-3654
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through /device/devicePetRelation/getBoundDevices using pet IDs, enabling full device control without proper authorization checks.
π@cveNotify
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnerability that allows unauthorized access to device hardware information by exploiting insecure API endpoints. Attackers can retrieve device serial numbers and MAC addresses through /device/devicePetRelation/getBoundDevices using pet IDs, enabling full device control without proper authorization checks.
π@cveNotify
Bobdahacker
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks
How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - and how they're still leaving the auth bypass active forβ¦