π¨ CVE-2025-47813
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
π@cveNotify
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
π@cveNotify
GitHub
advisories/CVEs/CVE-2025-47813.txt at master Β· MrTuxracer/advisories
Security Advisories. Contribute to MrTuxracer/advisories development by creating an account on GitHub.
π¨ CVE-2025-54236
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Commerce | APSB25-88
π¨ CVE-2025-60007
A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).
When a user executes the 'show chassis' command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.
This issue affects:
Junos OS on MX, SRX and EX Series, except MX10000 Series and MX304:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R2.
π@cveNotify
A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).
When a user executes the 'show chassis' command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.
This issue affects:
Junos OS on MX, SRX and EX Series, except MX10000 Series and MX304:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R2.
π@cveNotify
π¨ CVE-2018-25178
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files.
π@cveNotify
Easyndexer 1.0 contains an arbitrary file download vulnerability that allows unauthenticated attackers to download sensitive files by manipulating the file parameter. Attackers can send POST requests to showtif.php with arbitrary file paths in the file parameter to retrieve system files like configuration and initialization files.
π@cveNotify
Exploit Database
Easyndexer 1.0 - Arbitrary File Download
Easyndexer 1.0 - Arbitrary File Download.. webapps exploit for PHP platform
π¨ CVE-2018-25186
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user data like passwords and email addresses to update administrator accounts without authentication.
π@cveNotify
Tina4 Stack 1.0.3 contains a cross-site request forgery vulnerability that allows attackers to modify admin user credentials by submitting forged POST requests to the profile endpoint. Attackers can craft HTML forms targeting the /kim/profile endpoint with hidden fields containing malicious user data like passwords and email addresses to update administrator accounts without authentication.
π@cveNotify
Exploit Database
Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin)
Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin).. webapps exploit for PHP platform
π¨ CVE-2018-25187
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries.
π@cveNotify
Tina4 Stack 1.0.3 contains multiple vulnerabilities allowing unauthenticated attackers to access sensitive database files and execute SQL injection attacks. Attackers can directly request the kim.db database file to retrieve user credentials and password hashes, or inject SQL code through the menu endpoint to manipulate database queries.
π@cveNotify
Exploit Database
Tina4 Stack 1.0.3 - SQL Injection / Database File Download
Tina4 Stack 1.0.3 - SQL Injection / Database File Download.. webapps exploit for PHP platform
π¨ CVE-2026-31957
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for arbitrary Entra ID domains by dynamically registering providers at runtime. This behavior is intended for initial/local bootstrap scenarios, but it can create risk in remote authentication environments. This vulnerability is fixed in 3.1.0.
π@cveNotify
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for arbitrary Entra ID domains by dynamically registering providers at runtime. This behavior is intended for initial/local bootstrap scenarios, but it can create risk in remote authentication environments. This vulnerability is fixed in 3.1.0.
π@cveNotify
GitHub
Unset domain configuration can allow any-tenant authentication at first login for remote deployments
### Summary
If Himmelblau is deployed without a configured tenant domain in `himmelblau.conf`, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for ...
If Himmelblau is deployed without a configured tenant domain in `himmelblau.conf`, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication attempts for ...
π¨ CVE-2026-31958
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. This vulnerability is fixed in 6.5.5.
π@cveNotify
Tornado is a Python web framework and asynchronous networking library. In versions of Tornado prior to 6.5.5, the only limit on the number of parts in multipart/form-data is the max_body_size setting (default 100MB). Since parsing occurs synchronously on the main thread, this creates the possibility of denial-of-service due to the cost of parsing very large multipart bodies with many parts. This vulnerability is fixed in 6.5.5.
π@cveNotify
GitHub
DoS due to too many multipart parts
In versions of Tornado prior to 6.5.5, the only limit on the number of parts in `multipart/form-data` is the `max_body_size` setting (default 100MB). Since parsing occurs synchronously on the main ...
π¨ CVE-2025-69236
Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page.
This issue was fixed in version 1.4.6.
π@cveNotify
Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing functionality. Authenticated attacker with permissions to edit posts can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page.
This issue was fixed in version 1.4.6.
π@cveNotify
cert.pl
Vulnerabilities in Raytha software
CERT Polska has received a report about 11 vulnerabilities (CVE-2025-15540 and from CVE-2025-69236 to CVE-2025-69243 and from CVE-2025-69245 to CVE-2025-69246) found in Raytha software.
π¨ CVE-2025-69237
Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page.
This issue was fixed in version 1.4.6.
π@cveNotify
Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation functionality. Authenticated attacker with permissions to create content can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page.
This issue was fixed in version 1.4.6.
π@cveNotify
cert.pl
Vulnerabilities in Raytha software
CERT Polska has received a report about 11 vulnerabilities (CVE-2025-15540 and from CVE-2025-69236 to CVE-2025-69243 and from CVE-2025-69245 to CVE-2025-69246) found in Raytha software.
π¨ CVE-2025-69238
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint (e. x. deletion of the data) without enforcing token verification.
This issue was fixed in version 1.4.6.
π@cveNotify
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special website, which when visited by the authenticated victim, will automatically send POST request to the endpoint (e. x. deletion of the data) without enforcing token verification.
This issue was fixed in version 1.4.6.
π@cveNotify
cert.pl
Vulnerabilities in Raytha software
CERT Polska has received a report about 11 vulnerabilities (CVE-2025-15540 and from CVE-2025-69236 to CVE-2025-69243 and from CVE-2025-69245 to CVE-2025-69246) found in Raytha software.
π¨ CVE-2025-69239
Raytha CMS is vulnerable to Server-Side Request Forgery in the βThemes - Import from URLβ feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request.
This issue was fixed in version 1.4.6.
π@cveNotify
Raytha CMS is vulnerable to Server-Side Request Forgery in the βThemes - Import from URLβ feature. It allows an attacker with high privileges to provide the URL for redirecting server-side HTTP request.
This issue was fixed in version 1.4.6.
π@cveNotify
cert.pl
Vulnerabilities in Raytha software
CERT Polska has received a report about 11 vulnerabilities (CVE-2025-15540 and from CVE-2025-69236 to CVE-2025-69243 and from CVE-2025-69245 to CVE-2025-69246) found in Raytha software.
π¨ CVE-2024-0202
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server's certificate. THIS CVE ID IS CURRENTLY DISPUTED - MAINTAINER NOTE: There are only two situations where it's enabled, one is for fuzz-testing to exercise code paths that wouldn't otherwise be available, the other is for static source code analysis with tools like Coverity and Prefast, again to open up code paths that otherwise wouldn't be available. It can also be enabled manually in two specific test builds just to make sure the code still compiles OK, to avoid bit rot and verify that the fuzz-testing build will compile without errors.
π@cveNotify
A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server's certificate. THIS CVE ID IS CURRENTLY DISPUTED - MAINTAINER NOTE: There are only two situations where it's enabled, one is for fuzz-testing to exercise code paths that wouldn't otherwise be available, the other is for static source code analysis with tools like Coverity and Prefast, again to open up code paths that otherwise wouldn't be available. It can also be enabled manually in two specific test builds just to make sure the code still compiles OK, to avoid bit rot and verify that the fuzz-testing build will compile without errors.
π@cveNotify
π¨ CVE-2025-47813
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
π@cveNotify
loginok.html in Wing FTP Server before 7.4.4 discloses the full local installation path of the application when using a long value in the UID cookie.
π@cveNotify
GitHub
advisories/CVEs/CVE-2025-47813.txt at master Β· MrTuxracer/advisories
Security Advisories. Contribute to MrTuxracer/advisories development by creating an account on GitHub.
π¨ CVE-2025-61662
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
π@cveNotify
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
π@cveNotify
π¨ CVE-2025-9820
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
π@cveNotify
A flaw was found in the GnuTLS library, specifically in the gnutls_pkcs11_token_init() function that handles PKCS#11 token initialization. When a token label longer than expected is processed, the function writes past the end of a fixed-size stack buffer. This programming error can cause the application using GnuTLS to crash or, in certain conditions, be exploited for code execution. As a result, systems or applications relying on GnuTLS may be vulnerable to a denial of service or local privilege escalation attacks.
π@cveNotify
π¨ CVE-2025-14831
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
π@cveNotify
A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs).
π@cveNotify
π¨ CVE-2026-27478
Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the issuer (iss) claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without validating that the issuer is a trusted identity provider.
π@cveNotify
Unity Catalog is an open, multi-modal Catalog for data and AI. In 0.4.0 and earlier, a critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the issuer (iss) claim from incoming JWTs and uses it to dynamically fetch the JWKS endpoint for signature validation without validating that the issuer is a trusted identity provider.
π@cveNotify
GitHub
JWT Issuer Validation Bypass Allows Complete User Impersonation
**Context:**
A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the issuer (iss) claim f...
A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The endpoint extracts the issuer (iss) claim f...
π¨ CVE-2026-24509
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
π@cveNotify
Dell Alienware Command Center (AWCC), versions prior to 6.12.24.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Denial of service.
π@cveNotify
π¨ CVE-2025-61662
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
π@cveNotify
A Use-After-Free vulnerability has been discovered in GRUB's gettext module. This flaw stems from a programming error where the gettext command remains registered in memory after its module is unloaded. An attacker can exploit this condition by invoking the orphaned command, causing the application to access a memory location that is no longer valid. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded.
π@cveNotify
π¨ CVE-2025-13913
If an Ignition user imports an external file with a specially crafted payload, it could execute embedded malicious code during deserialization.
π@cveNotify
If an Ignition user imports an external file with a specially crafted payload, it could execute embedded malicious code during deserialization.
π@cveNotify
GitHub
CSAF/csaf_files/OT/white/2026/icsa-26-071-06.json at develop Β· cisagov/CSAF
CISA CSAF Security Advisories. Contribute to cisagov/CSAF development by creating an account on GitHub.