CVE Notify
19.3K subscribers
4 photos
197K links
Alert on the latest CVEs

Partner channel: @malwr
Download Telegram
🚨 CVE-2020-35546
Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings.

🎖@cveNotify
🚨 CVE-2025-25968
DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.

🎖@cveNotify
🚨 CVE-2025-26201
Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges.

🎖@cveNotify
🚨 CVE-2025-25783
An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.

🎖@cveNotify
🚨 CVE-2025-25784
An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.

🎖@cveNotify
🚨 CVE-2025-25789
FoxCMS v1.2.5 was discovered to contain a remote code execution (RCE) vulnerability via the index() method at \controller\Sitemap.php.

🎖@cveNotify
🚨 CVE-2025-25790
An arbitrary file upload vulnerability in the component \controller\LocalTemplate.php of FoxCMS v1.2.5 allows attackers to execute arbitrary code via uploading a crafted Zip file.

🎖@cveNotify
🚨 CVE-2025-25792
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.

🎖@cveNotify
🚨 CVE-2025-25793
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.

🎖@cveNotify
🚨 CVE-2025-25794
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.

🎖@cveNotify
🚨 CVE-2025-25796
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.

🎖@cveNotify
🚨 CVE-2025-25797
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.

🎖@cveNotify
🚨 CVE-2025-25799
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.

🎖@cveNotify
🚨 CVE-2025-25800
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php.

🎖@cveNotify
🚨 CVE-2025-25802
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.

🎖@cveNotify
🚨 CVE-2025-25813
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.

🎖@cveNotify
🚨 CVE-2025-25818
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the postStrVar function at article_save.php.

🎖@cveNotify
🚨 CVE-2025-25825
A cross-site scripting (XSS) vulnerability in Emlog Pro v2.5.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Titile in the article category section.

🎖@cveNotify
🚨 CVE-2025-25827
A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.

🎖@cveNotify