CVE Notify
19.1K subscribers
4 photos
182K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2025-15128
A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing a manipulation of the argument backup_encryption_password_decrypt/export_encryption_password_decrypt results in unprotected storage of credentials. Remote exploitation of the attack is possible. The exploit is now public and may be used. Upgrading to version 9.0.6 is able to mitigate this issue. It is recommended to upgrade the affected component. The vendor confirms: "The mainstream version ZKBioTime V9.0.6 has fixed this vulnerability. Please update to the latest version as soon as possible. For the Middle East version BioTime 9.5.X, you can contact the local technical support to obtain the fix package."

πŸŽ–@cveNotify
🚨 CVE-2023-33999
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS.

This issue affects WP Mail Log: from n/a through 1.0.2.

πŸŽ–@cveNotify
🚨 CVE-2023-40200
Authorization bypass through User-Controlled key vulnerability in Essential Plugin WP Logo Showcase Responsive Slider and Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects WP Logo Showcase Responsive Slider and Carousel: from n/a through 3.6.

πŸŽ–@cveNotify
🚨 CVE-2024-32110
Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery.

This issue affects WpEvently: from n/a through 4.1.2.

πŸŽ–@cveNotify
🚨 CVE-2026-53901
Cerebrate before version 1.37 contains a mass-assignment vulnerability in the generic CRUD add path. The add() handler attempted to remove an attacker-supplied id from $params before normalizing the request through __massageInput(). Because the normalized $input could still contain an id field, a user able to reach an affected add endpoint could supply an identifier that should have been server-controlled.


Successful exploitation could allow creation of objects with attacker-chosen identifiers, potentially causing unauthorized data manipulation, object spoofing, inconsistent references, or disruption through identifier collisions, depending on the affected model and endpoint permissions. The issue was fixed in v1.37 by removing id from the normalized input before entity patching.

πŸŽ–@cveNotify
🚨 CVE-2026-4878
A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.

πŸŽ–@cveNotify
🚨 CVE-2022-42479
Missing Authorization vulnerability in TemplateHouse Soledad allows Accessing Functionality Not Properly Constrained by ACLs.

This issue affects Soledad: from n/a through 8.2.5.

πŸŽ–@cveNotify
🚨 CVE-2022-44630
Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery.

This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0.

πŸŽ–@cveNotify
🚨 CVE-2025-7064
Authentication bypass by primary weakness vulnerability in ABB Freelance.

This issue affects Freelance: through 2013, 2013 SP1, 2016, 2016 SP1, 2019, 2019 SP1, 2019 SP1 FP1, 2024.

πŸŽ–@cveNotify
🚨 CVE-2026-46170
In the Linux kernel, the following vulnerability has been resolved:

mptcp: pm: ADD_ADDR rtx: free sk if last

When an ADD_ADDR is retransmitted, the sk is held in sk_reset_timer(),
and released at the end.

If at that moment, it was the last reference being held, the sk would
not be freed. sock_put() should then be called instead of __sock_put().

But that's not enough: if it is the last reference, sock_put() will call
sk_free(), which will end up calling sk_stop_timer_sync() on the same
timer, and waiting indefinitely to finish. So it is needed to mark that
the timer is done at the end of the timer handler when it has not been
rescheduled, not to call sk_stop_timer_sync() on "itself".

πŸŽ–@cveNotify
🚨 CVE-2026-46171
In the Linux kernel, the following vulnerability has been resolved:

riscv: kvm: fix vector context allocation leak

When the second kzalloc (host_context.vector.datap) fails in
kvm_riscv_vcpu_alloc_vector_context, the first allocation
(guest_context.vector.datap) is leaked. Free it before returning.

πŸŽ–@cveNotify
🚨 CVE-2026-1784
The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks performed on the spec.path YAML stanza in a Route document was insufficient and could allow a controlled injection of the HAProxy configuration.

πŸŽ–@cveNotify
🚨 CVE-2026-46517
LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, hardcoded "trust_remote_code=True" enables HF supply-chain RCE without user opt-in. At time of publication, there are no publicly available patches.

πŸŽ–@cveNotify
🚨 CVE-2022-45813
Missing Authorization vulnerability in BeRocket Advanced AJAX Product Filters allows Exploiting Incorrectly Configured Access Control Security Levels.

This issue affects Advanced AJAX Product Filters: from n/a through 1.6.3.3.

πŸŽ–@cveNotify
🚨 CVE-2022-47150
Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery.

This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10.

πŸŽ–@cveNotify
🚨 CVE-2026-34710
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

πŸŽ–@cveNotify
🚨 CVE-2026-48305
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

πŸŽ–@cveNotify
🚨 CVE-2026-48306
Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

πŸŽ–@cveNotify
🚨 CVE-2026-52758
Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the PostgreSQL database.

πŸŽ–@cveNotify
🀣1
🚨 CVE-2025-13462
The "tarfile" module would still apply normalization of AREGTYPE (\x00) blocks to DIRTYPE, even while processing a multi-block member such as GNUTYPE_LONGNAME or GNUTYPE_LONGLINK. This could result in a crafted tar archive being misinterpreted by the tarfile module compared to other implementations.

πŸŽ–@cveNotify
🚨 CVE-2026-1726
IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 enables privilege escalation, allowing unauthorized users to perform administrative operations after being demoted. Attackers could access sensitive data, modify system configurations, or change permissions for other users. The issue undermines administrative controls and could lead to data breaches, system compromise, and loss of trust in the application's security mechanisms.

πŸŽ–@cveNotify