🚨 CVE-2025-11953
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
🎖@cveNotify
The Metro Development Server, which is opened by the React Native Community CLI, binds to external interfaces by default. The server exposes an endpoint that is vulnerable to OS command injection. This allows unauthenticated network attackers to send a POST request to the server and run arbitrary executables. On Windows, the attackers can also execute arbitrary shell commands with fully controlled arguments.
🎖@cveNotify
GitHub
fix: Add stricter URL validation to openURLMiddleware (#2697) · react-native-community/cli@1508990
The React Native Community CLI - command line tools to help you build RN apps - fix: Add stricter URL validation to openURLMiddleware (#2697) · react-native-community/cli@1508990
🚨 CVE-2025-66400
mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This vulnerability is fixed in 13.2.1.
🎖@cveNotify
mdast-util-to-hast is an mdast utility to transform to hast. From 13.0.0 to before 13.2.1, multiple (unprefixed) classnames could be added in markdown source by using character references. This could make rendered user supplied markdown code elements appear like the rest of the page. This vulnerability is fixed in 13.2.1.
🎖@cveNotify
GitHub
Change to remove support for ancient `lang` on `code` with spaces · syntax-tree/mdast-util-to-hast@6fc783a
utility to transform mdast to hast. Contribute to syntax-tree/mdast-util-to-hast development by creating an account on GitHub.
🚨 CVE-2025-66401
MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host machine by appending shell metacharacters to the URL.
🎖@cveNotify
MCP Watch is a comprehensive security scanner for Model Context Protocol (MCP) servers. In 0.1.2 and earlier, the MCPScanner class contains a critical Command Injection vulnerability in the cloneRepo method. The application passes the user-supplied githubUrl argument directly to a system shell via execSync without sanitization. This allows an attacker to execute arbitrary commands on the host machine by appending shell metacharacters to the URL.
🎖@cveNotify
GitHub
chore(vuln): fixes the vuln plus updates deps · kapilduraphe/mcp-watch@e7da78c
A comprehensive security scanner for Model Context Protocol (MCP) servers that detects vulnerabilities and security issues in your MCP server implementations. - chore(vuln): fixes the vuln plus updates deps · kapilduraphe/mcp-watch@e7da78c
🚨 CVE-2025-66405
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
🎖@cveNotify
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
🎖@cveNotify
GitHub
Merge pull request #1372 from Portkey-AI/fix/ssrf_custom_host_validator · Portkey-AI/gateway@b5a7825
fix: custom host validator to protect from ssrf attack
🚨 CVE-2025-66410
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
🎖@cveNotify
Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder.
🎖@cveNotify
GitHub
fix: 添加路径穿越拦截,禁止非法路径删除切片 · flipped-aurora/gin-vue-admin@ee8d8d7
🚀Vite+Vue3+Gin拥有AI辅助的基础开发平台,企业级业务AI+开发解决方案,内置mcp辅助服务,内置skills管理,支持TS和JS混用。它集成了JWT鉴权、权限管理、动态路由、显隐可控组件、分页封装、多点登录拦截、资源权限、上传下载、代码生成器、表单生成器和可配置的导入导出等开发必备功能。 - fix: 添加路径穿越拦截,禁止非法路径删除切片 · flipped-aurora/gin-vue-admin@ee8d8d7
🚨 CVE-2025-66415
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
🎖@cveNotify
fastify-reply-from is a Fastify plugin to forward the current HTTP request to another server. Prior to 12.5.0, by crafting a malicious URL, an attacker could access routes that are not allowed, even though the reply.from is defined for specific routes in @fastify/reply-from. This vulnerability is fixed in 12.5.0.
🎖@cveNotify
GitHub
Merge commit from fork · fastify/fastify-reply-from@4d9795c
* advisory fix 1
Signed-off-by: Roberto Bianchi <roberto.bianchi@spendesk.com>
* cleanup
Signed-off-by: Roberto Bianchi <roberto.bianchi@spendesk.com>
* update
Sign...
Signed-off-by: Roberto Bianchi <roberto.bianchi@spendesk.com>
* cleanup
Signed-off-by: Roberto Bianchi <roberto.bianchi@spendesk.com>
* update
Sign...
🚨 CVE-2022-44151
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
🎖@cveNotify
Simple Inventory Management System v1.0 is vulnerable to SQL Injection via /ims/login.php.
🎖@cveNotify
GitHub
bug_report/vendors/oretnom23/Simple Inventory Management System/SQLi-1.md at main · li-baige/bug_report
Contribute to li-baige/bug_report development by creating an account on GitHub.
🚨 CVE-2022-46763
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6) allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.
🎖@cveNotify
A SQL injection issue in a database stored function in TrueConf Server 5.2.0.10225 (fixed in 5.2.6) allows a low-privileged database user to execute arbitrary SQL commands as the database administrator, resulting in execution of arbitrary code.
🎖@cveNotify
GitHub
public_cve_submissions/CVE-2022-46763.txt at main · sldlb/public_cve_submissions
Contribute to sldlb/public_cve_submissions development by creating an account on GitHub.
🚨 CVE-2024-26655
In the Linux kernel, the following vulnerability has been resolved:
Fix memory leak in posix_clock_open()
If the clk ops.open() function returns an error, we don't release the
pccontext we allocated for this clock.
Re-organize the code slightly to make it all more obvious.
🎖@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
Fix memory leak in posix_clock_open()
If the clk ops.open() function returns an error, we don't release the
pccontext we allocated for this clock.
Re-organize the code slightly to make it all more obvious.
🎖@cveNotify
🚨 CVE-2024-37385
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.
🎖@cveNotify
Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641.
🎖@cveNotify
GitHub
Fix command injection via crafted im_convert_path/im_identify_path on… · roundcube/roundcubemail@5ea9f37
… Windows
Reported by Huy Nguyễn Phạm Nhật.
Reported by Huy Nguyễn Phạm Nhật.
🚨 CVE-2026-0227
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
🎖@cveNotify
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the firewall entering into maintenance mode.
🎖@cveNotify
Palo Alto Networks Product Security Assurance
CVE-2026-0227 PAN-OS: Firewall Denial of Service (DoS) in GlobalProtect Gateway and Portal
A vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to cause a denial of service (DoS) to the firewall. Repeated attempts to trigger this issue results in the fir...
🚨 CVE-2026-24882
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
🎖@cveNotify
In GnuPG before 2.5.17, a stack-based buffer overflow exists in tpm2daemon during handling of the PKDECRYPT command for TPM-backed RSA and ECC keys.
🎖@cveNotify
🚨 CVE-2026-1504
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)
🎖@cveNotify
Chrome Releases
Stable Channel Update for Desktop
The Stable channel has been updated to 144.0.7559.109/.110 for Windows/Mac and 144.0.7559.109 for Linux, which will roll out over the comi...
🚨 CVE-2026-0537
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🎖@cveNotify
A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🎖@cveNotify
Autodesk
Autodesk Access | Formerly Autodesk Desktop App | Autodesk
Autodesk Access simplifies the update experience. Quickly and easily install updates for your desktop products from the app. Download now for free.
🚨 CVE-2026-0538
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🎖@cveNotify
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🎖@cveNotify
Autodesk
Autodesk Access | Formerly Autodesk Desktop App | Autodesk
Autodesk Access simplifies the update experience. Quickly and easily install updates for your desktop products from the app. Download now for free.
🚨 CVE-2022-40924
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
🎖@cveNotify
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
🎖@cveNotify
GitHub
Bug_report/vendors/pushpam02/zoo-management-system/RCE-1.md at main · admin77888/Bug_report
Contribute to admin77888/Bug_report development by creating an account on GitHub.
🚨 CVE-2023-6425
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.
🎖@cveNotify
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.
🎖@cveNotify
www.incibe.es
Multiple XSS vulnerabilities in BigProf products
INCIBE has coordinated the publication of 14 vulnerabilities affecting several products of BigProf, an
🚨 CVE-2025-5553
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
🚨 CVE-2026-24883
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
🎖@cveNotify
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
🎖@cveNotify
🚨 CVE-2025-12810
Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25.
A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. This leaves the secret in an inconsistent state with the wrong password.
Remediation: Upgrade to 11.9.47 or later. The secret will remain checked out when the password change fails.
🎖@cveNotify
Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25.
A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. This leaves the secret in an inconsistent state with the wrong password.
Remediation: Upgrade to 11.9.47 or later. The secret will remain checked out when the password change fails.
🎖@cveNotify
Delinea
Secret Server 11.9.000047 Release Notes | Delinea
Delinea Secret Server | Technical Documentation | Secret Server 11.9.000047 Release Notes
🚨 CVE-2025-64175
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code (e.g., from their own account) to bypass the victim’s 2FA. This enables full account takeover and renders 2FA ineffective in all environments where it's enabled.. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
🎖@cveNotify
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code (e.g., from their own account) to bypass the victim’s 2FA. This enables full account takeover and renders 2FA ineffective in all environments where it's enabled.. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
🎖@cveNotify
GitHub
2FA bypass via recovery code
Please only contact us at outbounddisclosures@openai.com to engage on this report.
Please see PDF report for easier reading
Security Advisory: 2FA Bypass via Recovery Code
Vulnerability Type...
Please see PDF report for easier reading
Security Advisory: 2FA Bypass via Recovery Code
Vulnerability Type...