🚨 CVE-2026-0538
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🎖@cveNotify
A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
🎖@cveNotify
Autodesk
Autodesk Access | Formerly Autodesk Desktop App | Autodesk
Autodesk Access simplifies the update experience. Quickly and easily install updates for your desktop products from the app. Download now for free.
🚨 CVE-2022-40924
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
🎖@cveNotify
Zoo Management System v1.0 has an arbitrary file upload vulnerability in the picture upload point of the "save_animal" file of the "Animals" module in the background management system.
🎖@cveNotify
GitHub
Bug_report/vendors/pushpam02/zoo-management-system/RCE-1.md at main · admin77888/Bug_report
Contribute to admin77888/Bug_report development by creating an account on GitHub.
🚨 CVE-2023-6425
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.
🎖@cveNotify
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.
🎖@cveNotify
www.incibe.es
Multiple XSS vulnerabilities in BigProf products
INCIBE has coordinated the publication of 14 vulnerabilities affecting several products of BigProf, an
🚨 CVE-2025-5553
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability classified as critical was found in PHPGurukul Rail Pass Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download-pass.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
🚨 CVE-2026-24883
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
🎖@cveNotify
In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash).
🎖@cveNotify
🚨 CVE-2025-12810
Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25.
A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. This leaves the secret in an inconsistent state with the wrong password.
Remediation: Upgrade to 11.9.47 or later. The secret will remain checked out when the password change fails.
🎖@cveNotify
Improper Authentication vulnerability in Delinea Inc. Secret Server On-Prem (RPC Password Rotation modules).This issue affects Secret Server On-Prem: 11.8.1, 11.9.6, 11.9.25.
A secret with "change password on check in" enabled automatically checks in even when the password change fails after reaching its retry limit. This leaves the secret in an inconsistent state with the wrong password.
Remediation: Upgrade to 11.9.47 or later. The secret will remain checked out when the password change fails.
🎖@cveNotify
Delinea
Secret Server 11.9.000047 Release Notes | Delinea
Delinea Secret Server | Technical Documentation | Secret Server 11.9.000047 Release Notes
🚨 CVE-2025-64175
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code (e.g., from their own account) to bypass the victim’s 2FA. This enables full account takeover and renders 2FA ineffective in all environments where it's enabled.. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
🎖@cveNotify
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, Gogs’ 2FA recovery code validation does not scope codes by user, enabling cross-account bypass. If an attacker knows a victim’s username and password, they can use any unused recovery code (e.g., from their own account) to bypass the victim’s 2FA. This enables full account takeover and renders 2FA ineffective in all environments where it's enabled.. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
🎖@cveNotify
GitHub
2FA bypass via recovery code
Please only contact us at outbounddisclosures@openai.com to engage on this report.
Please see PDF report for easier reading
Security Advisory: 2FA Bypass via Recovery Code
Vulnerability Type...
Please see PDF report for easier reading
Security Advisory: 2FA Bypass via Recovery Code
Vulnerability Type...
🚨 CVE-2026-24688
pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects cannot upgrade yet, consider applying the changes from PR #3610 manually.
🎖@cveNotify
pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects cannot upgrade yet, consider applying the changes from PR #3610 manually.
🎖@cveNotify
GitHub
SEC: Detect cyclic references when retrieving outlines (#3610) · py-pdf/pypdf@b1282f8
A pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files - SEC: Detect cyclic references when retrieving outlines (#3610) · py-pdf/pypdf@b1282f8
🚨 CVE-2025-14472
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.
🎖@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.
🎖@cveNotify
Drupal.org
Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125
This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites. The module doesn't sufficiently protect export routes from cross-site request…
🚨 CVE-2025-14840
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1.
🎖@cveNotify
Improper Check for Unusual or Exceptional Conditions vulnerability in Drupal HTTP Client Manager allows Forceful Browsing.This issue affects HTTP Client Manager: from 0.0.0 before 9.3.13, from 10.0.0 before 10.0.2, from 11.0.0 before 11.0.1.
🎖@cveNotify
Drupal.org
HTTP Client Manager - Less critical - Information disclosure - SA-CONTRIB-2025-126
Http Client Manager introduces a new Guzzle based plugin which allows you to manage HTTP clients using Guzzle Service Descriptions via YAML, JSON or PHP files, in a simple and efficient way. The modules allows administrators to configure HTTP requests as…
🚨 CVE-2025-61726
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
🎖@cveNotify
The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.
🎖@cveNotify
🚨 CVE-2025-61728
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
🎖@cveNotify
archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.
🎖@cveNotify
🚨 CVE-2025-61731
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
🎖@cveNotify
Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.
🎖@cveNotify
🚨 CVE-2025-47283
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.
🎖@cveNotify
Gardener implements the automated management and operation of Kubernetes clusters as a service. A security vulnerability was discovered in Gardener prior to versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 that could allow a user with administrative privileges for a Gardener project to obtain control over the seed cluster(s) where their shoot clusters are managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. `gardener/gardener` (`gardenlet`) is the affected component. Versions 1.116.4, 1.117.5, 1.118.2, and 1.119.0 fix the issue.
🎖@cveNotify
GitHub
[release-v1.116] Ensure extension admission webhooks validated `Workl… · gardener/gardener@924b157
…oadIdentity`s and `Secret`s when used (#12077)
* Implement dummy `Secret`/`WorkloadIdentity` validator for provider-local
for local testing
Co-Authored-By: Tim Usner <tim.usner@sap.com&a...
* Implement dummy `Secret`/`WorkloadIdentity` validator for provider-local
for local testing
Co-Authored-By: Tim Usner <tim.usner@sap.com&a...
🚨 CVE-2025-13601
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
🎖@cveNotify
A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string.
🎖@cveNotify
🚨 CVE-2026-1162
A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /goform/setSysAdm. This manipulation of the argument passwd1 causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
🎖@cveNotify
A flaw has been found in UTT HiPER 810 1.7.4-141218. The impacted element is the function strcpy of the file /goform/setSysAdm. This manipulation of the argument passwd1 causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been published and may be used.
🎖@cveNotify
🚨 CVE-2025-13984
Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.
🎖@cveNotify
Permissive Cross-domain Security Policy with Untrusted Domains vulnerability in Drupal Next.Js allows Cross-Site Scripting (XSS).This issue affects Next.Js: from 0.0.0 before 1.6.4, from 2.0.0 before 2.0.1.
🎖@cveNotify
Drupal.org
Next.js - Critical - Access bypass - SA-CONTRIB-2025-122
This module enables integration between Next.js and Drupal for headless CMS functionality. When installed, the module automatically enables cross-origin resource sharing (CORS) with insecure default settings (Access-Control-Allow-Origin: *), overriding any…
🚨 CVE-2025-13985
Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0.
🎖@cveNotify
Incorrect Authorization vulnerability in Drupal Entity Share allows Forceful Browsing.This issue affects Entity Share: from 0.0.0 before 3.13.0.
🎖@cveNotify
Drupal.org
Entity Share - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-123
This module enables you to deploy content from one Drupal website to another. The module provides some default configuration without sufficient access control. This vulnerability is mitigated by the fact that an administrator can add some default access control…
🚨 CVE-2025-13986
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3.
🎖@cveNotify
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Disable Login Page allows Functionality Bypass.This issue affects Disable Login Page: from 0.0.0 before 1.1.3.
🎖@cveNotify
Drupal.org
Disable Login Page - Critical - Access bypass - SA-CONTRIB-2025-124
This module enables you to disable the standard Drupal login form (/user/login) so site owners can prevent interactive logins via the UI. The module does not sufficiently block authentication when the REST/HTTP login route is used. An attacker (or legitimate…
🚨 CVE-2025-14472
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.
🎖@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia Content Hub allows Cross Site Request Forgery.This issue affects Acquia Content Hub: from 0.0.0 before 3.6.4, from 3.7.0 before 3.7.3.
🎖@cveNotify
Drupal.org
Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125
This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites. The module doesn't sufficiently protect export routes from cross-site request…
🚨 CVE-2026-25505
Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.
🎖@cveNotify
Bambuddy is a self-hosted print archive and management system for Bambu Lab 3D printers. Prior to version 0.1.7, a hardcoded secret key used for signing JWTs is checked into source code and ManyAPI routes do not check authentication. This issue has been patched in version 0.1.7.
🎖@cveNotify
GitHub
bambuddy/backend/app/core/auth.py at a9bb8ed8239602bf08a9914f85a09eeb2bf13d15 · maziggy/bambuddy
A self-hosted print archive and management system for Bambu Lab 3D printers - maziggy/bambuddy