π¨ CVE-2025-45949
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover.
π@cveNotify
A critical vulnerability was found in PHPGurukul User Registration & Login and User Management System V3.3 in the /loginsystem/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely and leading to account takeover.
π@cveNotify
GitHub
CVE/CVE-2025-45949/README.MD at main Β· VasilVK/CVE
A curated collection of CVEs discovered through focused research, real-world testing, and continuous learning. This repository highlights my commitment to uncovering vulnerabilities, analyzing thei...
π¨ CVE-2025-45953
A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely
π@cveNotify
A vulnerability was found in PHPGurukul Hostel Management System 2.1 in the /hostel/change-password.php file of the user panel - Change Password component. Improper handling of session data allows a Session Hijacking attack, exploitable remotely
π@cveNotify
GitHub
CVE/CVE-2025-45953/README.MD at main Β· VasilVK/CVE
A curated collection of CVEs discovered through focused research, real-world testing, and continuous learning. This repository highlights my commitment to uncovering vulnerabilities, analyzing thei...
π¨ CVE-2025-25504
An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.
π@cveNotify
An issue in the /usr/local/bin/jncs.sh script of Gefen WebFWC (In AV over IP products) v1.85h, v1.86v, and v1.70 allows attackers with network access to connect to the device over TCP port 4444 without authentication and execute arbitrary commands with root privileges.
π@cveNotify
π¨ CVE-2025-45242
Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
π@cveNotify
Rhymix v2.1.22 was discovered to contain an arbitrary file deletion vulnerability via the procFileAdminEditImage method in /file/file.admin.controller.php.
π@cveNotify
Gist
gist:536a55fece5f578b90cee2c841eecdce
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2025-45236
A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nickname parameter.
π@cveNotify
Gist
gist:504e224e63c9a966ba233df1d523ce4f
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2025-28200
Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.
π@cveNotify
Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.
π@cveNotify
π¨ CVE-2024-57273
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized "reason" field and a derivable device key generated from the public SSH key.
π@cveNotify
Netgate pfSense CE (prior to 2.8.0 beta release) and corresponding Plus builds is vulnerable to Cross-site scripting (XSS) in the Automatic Configuration Backup (ACB) service, allowing remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized "reason" field and a derivable device key generated from the public SSH key.
π@cveNotify
π¨ CVE-2025-25370
An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function.
π@cveNotify
An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function.
π@cveNotify
Gist
CVE-2025-25370 β Lock Screen Privacy Bypass in realme GT 2 (RMX3311) with Android 14 / realme UI 5.0
CVE-2025-25370 β Lock Screen Privacy Bypass in realme GT 2 (RMX3311) with Android 14 / realme UI 5.0 - gist:4eeed04a065287489c2e606e6d48c1bc
π¨ CVE-2024-57529
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.
π@cveNotify
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.
π@cveNotify
Medium
XSS Vulnerability Discovered in JetPlanner ProβββA Popular Flight Planning Solution
Good day everyone! I hope all of you are doing well.
π¨ CVE-2025-45343
An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.
π@cveNotify
An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.
π@cveNotify
Gist
account_edit_unauthorized_chg_pwd_RCE.md
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2025-44619
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
π@cveNotify
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
π@cveNotify
Brandbucket
Tinxy.com is For Sale | BrandBucket
Buy the domain name Tinxy.com and launch your business with a premium domain and a high quality logo.
π¨ CVE-2025-44148
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component
π@cveNotify
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component
π@cveNotify
GitHub
GitHub - barisbaydur/CVE-2025-44148: A reflected cross-site scripting (XSS) vulnerability exists in MailEnable Webmail due to improperβ¦
A reflected cross-site scripting (XSS) vulnerability exists in MailEnable Webmail due to improper user input sanitization in the failure.aspx. This allows a remote attacker to inject arbitrary Java...
π¨ CVE-2025-46041
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
π@cveNotify
GitHub
GitHub - binneko/CVE-2025-46041
Contribute to binneko/CVE-2025-46041 development by creating an account on GitHub.
π¨ CVE-2024-41502
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person.
π@cveNotify
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person.
π@cveNotify
GitHub
GitHub - rafaelbaldasso/CVE-2024-41502
Contribute to rafaelbaldasso/CVE-2024-41502 development by creating an account on GitHub.
π¨ CVE-2024-41503
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.
π@cveNotify
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.
π@cveNotify
GitHub
GitHub - rafaelbaldasso/CVE-2024-41503
Contribute to rafaelbaldasso/CVE-2024-41503 development by creating an account on GitHub.
π¨ CVE-2024-41504
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript.
π@cveNotify
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript.
π@cveNotify
GitHub
GitHub - rafaelbaldasso/CVE-2024-41504
Contribute to rafaelbaldasso/CVE-2024-41504 development by creating an account on GitHub.
π¨ CVE-2024-41505
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor).
π@cveNotify
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor).
π@cveNotify
GitHub
GitHub - rafaelbaldasso/CVE-2024-41505
Contribute to rafaelbaldasso/CVE-2024-41505 development by creating an account on GitHub.
π¨ CVE-2025-46035
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
π@cveNotify
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
π@cveNotify
π¨ CVE-2025-46060
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
π@cveNotify
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
π@cveNotify
GitHub
GitHub - Luanruy/qax
Contribute to Luanruy/qax development by creating an account on GitHub.
π¨ CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form
π@cveNotify
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form
π@cveNotify
π¨ CVE-2025-44528
An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service (DoS) via sending a crafted LL_Pause_Enc_Req packet during the authentication and connection phase, causing a Denial of Service (DoS).
π@cveNotify
An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service (DoS) via sending a crafted LL_Pause_Enc_Req packet during the authentication and connection phase, causing a Denial of Service (DoS).
π@cveNotify