π¨ CVE-2026-25746
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the prescription listing functionality. Version 8.0.0 fixes the vulnerability.
π@cveNotify
OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 8.0.0 contain a SQL injection vulnerability in prescription that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the prescription listing functionality. Version 8.0.0 fixes the vulnerability.
π@cveNotify
GitHub
GitHub - ChrisSub08/CVE-2026-25746_SqlInjectionVulnerabilityOpenEMR7.0.4: SQL Injection Vulnerability in OpenEMR 7.0.4
SQL Injection Vulnerability in OpenEMR 7.0.4 . Contribute to ChrisSub08/CVE-2026-25746_SqlInjectionVulnerabilityOpenEMR7.0.4 development by creating an account on GitHub.
π¨ CVE-2025-69416
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.
π@cveNotify
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve other tokens (intended for unrelated access) via clients.plex.tv/devices.xml.
π@cveNotify
GitHub
vulnerability-research/CVE-2025-34158/README.md at main Β· lufinkey/vulnerability-research
Collection of CVEs that i've discovered. Contribute to lufinkey/vulnerability-research development by creating an account on GitHub.
π¨ CVE-2025-69417
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.
π@cveNotify
In the plex.tv backend for Plex Media Server (PMS) through 2025-12-31, a non-server device token can retrieve share tokens (intended for unrelated access) via a shared_servers endpoint.
π@cveNotify
GitHub
vulnerability-research/CVE-2025-34158/README.md at main Β· lufinkey/vulnerability-research
Collection of CVEs that i've discovered. Contribute to lufinkey/vulnerability-research development by creating an account on GitHub.
π¨ CVE-2026-23873
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection (Formula Injection) through the contest rank export functionality (contestrank.xls.php and admin/ranklist_export.php). The application fails to sanitize user-supplied input (specifically the "Nickname" field) before exporting it to an .xls file (which renders as an HTML table but is opened by Excel). If a malicious user sets their nickname to an Excel formula when an administrator exports and opens the rank list in Microsoft Excel, the formula will be executed. This can lead to arbitrary command execution (RCE) on the administrator's machine or data exfiltration. A fix was not available at the time of publication.
π@cveNotify
hustoj is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. All versions are vulnerable to CSV Injection (Formula Injection) through the contest rank export functionality (contestrank.xls.php and admin/ranklist_export.php). The application fails to sanitize user-supplied input (specifically the "Nickname" field) before exporting it to an .xls file (which renders as an HTML table but is opened by Excel). If a malicious user sets their nickname to an Excel formula when an administrator exports and opens the rank list in Microsoft Excel, the formula will be executed. This can lead to arbitrary command execution (RCE) on the administrator's machine or data exfiltration. A fix was not available at the time of publication.
π@cveNotify
GitHub
Stored CSV Injection (Formula Injection) in Contest Rank Export Leading to RCE Risk
Summary: A CSV Injection (Formula Injection) vulnerability exists in the contest rank export functionality (contestrank.xls.php and admin/ranklist_export.php). The application fails to sanitize use...
π¨ CVE-2026-23592
Insecure file operations in HPE Aruba Networking Fabric ComposerΓ’β¬β’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
π@cveNotify
Insecure file operations in HPE Aruba Networking Fabric ComposerΓ’β¬β’s backup functionality could allow authenticated attackers to achieve remote code execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
π@cveNotify
π¨ CVE-2026-23593
A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory.
π@cveNotify
A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an unauthenticated remote attacker to view some system files. Successful exploitation could allow an attacker to read files within the affected directory.
π@cveNotify
π¨ CVE-2026-0709
Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
π@cveNotify
Some Hikvision Wireless Access Points are vulnerable to authenticated command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command execution.
π@cveNotify
π¨ CVE-2026-22623
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages.
π@cveNotify
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can execute arbitrary commands on the device by crafting specific messages.
π@cveNotify
π¨ CVE-2026-22624
Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization.
π@cveNotify
Due to inadequate access control, authenticated users of certain HIKSEMI NAS products can manipulate other users' file resources without proper authorization.
π@cveNotify
π¨ CVE-2026-22625
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.
π@cveNotify
Improper handling of filenames in certain HIKSEMI NAS products may lead to the exposure of sensitive system files.
π@cveNotify
π¨ CVE-2026-22626
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.
π@cveNotify
Due to insufficient input parameter validation on the interface, authenticated users of certain HIKSEMI NAS products can cause abnormal device behavior by crafting specific messages.
π@cveNotify
β€1
π¨ CVE-2025-69414
Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.
π@cveNotify
Plex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient access token.
π@cveNotify
GitHub
vulnerability-research/CVE-2025-34158/README.md at main Β· lufinkey/vulnerability-research
Collection of CVEs that i've discovered. Contribute to lufinkey/vulnerability-research development by creating an account on GitHub.
π¨ CVE-2025-69415
In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.
π@cveNotify
In Plex Media Server (PMS) through 1.42.2.10156, ability to access /myplex/account with a device token is not properly aligned with whether the device is currently associated with an account.
π@cveNotify
GitHub
vulnerability-research/CVE-2025-34158/README.md at main Β· lufinkey/vulnerability-research
Collection of CVEs that i've discovered. Contribute to lufinkey/vulnerability-research development by creating an account on GitHub.
π¨ CVE-2022-46764
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
π@cveNotify
A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 (fixed in 5.2.6) allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution.
π@cveNotify
GitHub
public_cve_submissions/CVE-2022-46764.txt at main Β· sldlb/public_cve_submissions
Contribute to sldlb/public_cve_submissions development by creating an account on GitHub.
π¨ CVE-2025-9900
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.
By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
π@cveNotify
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file.
By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
π@cveNotify
π¨ CVE-2026-23517
Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server diagnostics and trigger resource-intensive profiling operations. Fleetβs debug/pprof endpoints are accessible to any authenticated user regardless of role, including the lowest-privilege βObserverβ role. This allows low-privilege users to access sensitive server internals, including runtime profiling data and in-memory application state, and to trigger CPU-intensive profiling operations that could lead to denial of service. Versions 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, users should put the debug/pprof endpoints behind an IP allowlist as a workaround.
π@cveNotify
Fleet is open source device management software. A broken access control issue in versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 allowed authenticated users to access debug and profiling endpoints regardless of role. As a result, low-privilege users could view internal server diagnostics and trigger resource-intensive profiling operations. Fleetβs debug/pprof endpoints are accessible to any authenticated user regardless of role, including the lowest-privilege βObserverβ role. This allows low-privilege users to access sensitive server internals, including runtime profiling data and in-memory application state, and to trigger CPU-intensive profiling operations that could lead to denial of service. Versions 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, users should put the debug/pprof endpoints behind an IP allowlist as a workaround.
π@cveNotify
GitHub
Revise auth requirements for debug endpoints (#38173) Β· fleetdm/fleet@5c030e3
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don'...
remove if NA -->
**Related issue:** Resolves #
# Checklist for submitter
If some of the following don'...
π¨ CVE-2026-23518
Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized devices under arbitrary Azure AD user identities. Versions 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.
π@cveNotify
Fleet is open source device management software. In versions prior to 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3, a vulnerability in Fleet's Windows MDM enrollment flow could allow an attacker to submit forged authentication tokens that are not properly validated. Because JWT signatures were not verified, Fleet could accept attacker-controlled identity claims, enabling enrollment of unauthorized devices under arbitrary Azure AD user identities. Versions 4.78.3, 4.77.1, 4.76.2, 4.75.2, and 4.53.3 fix the issue. If an immediate upgrade is not possible, affected Fleet users should temporarily disable Windows MDM.
π@cveNotify
GitHub
Improve Microsoft endpoint validation (#38180) Β· fleetdm/fleet@e225ef5
<!-- Add the related story/sub-task/bug number, like Resolves #123, or
remove if NA -->
**Related issue:** Resolves #13698
# Checklist for submitter
If some of the following don&...
remove if NA -->
**Related issue:** Resolves #13698
# Checklist for submitter
If some of the following don&...
π¨ CVE-2025-15571
A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
A security vulnerability has been detected in ckolivas lrzip up to 0.651. This vulnerability affects the function ucompthread of the file stream.c. Such manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.
π@cveNotify
GitHub
GitHub - ckolivas/lrzip: Long Range Zip
Long Range Zip. Contribute to ckolivas/lrzip development by creating an account on GitHub.
π¨ CVE-2019-25312
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session information.
π@cveNotify
InoERP 0.7.2 contains a persistent cross-site scripting vulnerability in the comment section that allows unauthenticated attackers to inject malicious scripts. Attackers can submit comments with JavaScript payloads that execute in other users' browsers, potentially stealing cookies and session information.
π@cveNotify
π¨ CVE-2020-37196
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
π@cveNotify
Dnss Domain Name Search Software contains a denial of service vulnerability that allows attackers to crash the application by providing an oversized registration key. Attackers can generate a 1000-character buffer payload and paste it into the registration key field to trigger an application crash.
π@cveNotify
Nsauditor
Network Security Auditing Tools | Nsauditor
Discover powerful network security auditing software for administrators. Nsauditor provides tools for product key recovery, password recovery, and network inventory.
π¨ CVE-2019-25346
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information.
π@cveNotify
TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'server_name' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information.
π@cveNotify
GitHub
GitHub - kostasmitroglou/thesystem: Password Management Project
Password Management Project. Contribute to kostasmitroglou/thesystem development by creating an account on GitHub.