๐จ CVE-2025-25370
An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function.
๐@cveNotify
An issue in realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function.
๐@cveNotify
Gist
CVE-2025-25370 โ Lock Screen Privacy Bypass in realme GT 2 (RMX3311) with Android 14 / realme UI 5.0
CVE-2025-25370 โ Lock Screen Privacy Bypass in realme GT 2 (RMX3311) with Android 14 / realme UI 5.0 - gist:4eeed04a065287489c2e606e6d48c1bc
๐จ CVE-2024-57529
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.
๐@cveNotify
Cross Site Scripting vulnerability in Jeppesen JetPlanner Pro v.1.6.2.20 allows a remote attacker to execute arbitrary code.
๐@cveNotify
Medium
XSS Vulnerability Discovered in JetPlanner ProโโโA Popular Flight Planning Solution
Good day everyone! I hope all of you are doing well.
๐จ CVE-2025-45343
An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.
๐@cveNotify
An issue in Tenda W18E v.2.0 v.16.01.0.11 allows an attacker to execute arbitrary code via the editing functionality of the account module in the goform/setmodules route.
๐@cveNotify
Gist
account_edit_unauthorized_chg_pwd_RCE.md
GitHub Gist: instantly share code, notes, and snippets.
๐จ CVE-2025-44619
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
๐@cveNotify
Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
๐@cveNotify
Brandbucket
Tinxy.com is For Sale | BrandBucket
Buy the domain name Tinxy.com and launch your business with a premium domain and a high quality logo.
๐จ CVE-2025-44148
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component
๐@cveNotify
Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component
๐@cveNotify
GitHub
GitHub - barisbaydur/CVE-2025-44148: A reflected cross-site scripting (XSS) vulnerability exists in MailEnable Webmail due to improperโฆ
A reflected cross-site scripting (XSS) vulnerability exists in MailEnable Webmail due to improper user input sanitization in the failure.aspx. This allows a remote attacker to inject arbitrary Java...
๐จ CVE-2025-46041
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
๐@cveNotify
A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).
๐@cveNotify
GitHub
GitHub - binneko/CVE-2025-46041
Contribute to binneko/CVE-2025-46041 development by creating an account on GitHub.
๐จ CVE-2024-41502
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person.
๐@cveNotify
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) via the form field "Observaces" (observances) in the "Pessoas" (persons) section when creating or editing either a legal or a natural person.
๐@cveNotify
GitHub
GitHub - rafaelbaldasso/CVE-2024-41502
Contribute to rafaelbaldasso/CVE-2024-41502 development by creating an account on GitHub.
๐จ CVE-2024-41503
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.
๐@cveNotify
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the field "Ttulo" (title) inside the filter Save option in the "Busca" (search) function.
๐@cveNotify
GitHub
GitHub - rafaelbaldasso/CVE-2024-41503
Contribute to rafaelbaldasso/CVE-2024-41503 development by creating an account on GitHub.
๐จ CVE-2024-41504
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript.
๐@cveNotify
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS). In the "Oportunidades" (opportunities) section of the application when creating or editing an "Atividade" (activity), the form field "Descrico" allows injection of JavaScript.
๐@cveNotify
GitHub
GitHub - rafaelbaldasso/CVE-2024-41504
Contribute to rafaelbaldasso/CVE-2024-41504 development by creating an account on GitHub.
๐จ CVE-2024-41505
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor).
๐@cveNotify
Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting (XSS) in the "Pessoas" (persons) section via the field "Profisso" (professor).
๐@cveNotify
GitHub
GitHub - rafaelbaldasso/CVE-2024-41505
Contribute to rafaelbaldasso/CVE-2024-41505 development by creating an account on GitHub.
๐จ CVE-2025-46035
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
๐@cveNotify
Buffer Overflow vulnerability in Tenda AC6 v.15.03.05.16 allows a remote attacker to cause a denial of service via the oversized schedStartTime and schedEndTime parameters in an unauthenticated HTTP GET request to the /goform/openSchedWifi endpoint
๐@cveNotify
๐จ CVE-2025-46060
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
๐@cveNotify
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
๐@cveNotify
GitHub
GitHub - Luanruy/qax
Contribute to Luanruy/qax development by creating an account on GitHub.
๐จ CVE-2025-46157
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form
๐@cveNotify
An issue in EfroTech Time Trax v.1.0 allows a remote attacker to execute arbitrary code via the file attachment function in the leave request form
๐@cveNotify
๐จ CVE-2025-44528
An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service (DoS) via sending a crafted LL_Pause_Enc_Req packet during the authentication and connection phase, causing a Denial of Service (DoS).
๐@cveNotify
An issue in Texas Instruments LP-CC2652RB SimpleLink CC13XX CC26XX SDK 7.41.00.17 allows attackers to cause a Denial of Service (DoS) via sending a crafted LL_Pause_Enc_Req packet during the authentication and connection phase, causing a Denial of Service (DoS).
๐@cveNotify
๐จ CVE-2025-44531
An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection attempt.
๐@cveNotify
An issue in Realtek RTL8762EKF-EVB RTL8762E SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via sending a crafted before a pairing public key is received during a Bluetooth connection attempt.
๐@cveNotify
๐จ CVE-2023-44915
A cross-site scripting (XSS) vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login_error parameter.
๐@cveNotify
A cross-site scripting (XSS) vulnerability in the component /Login.php of c3crm up to v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the login_error parameter.
๐@cveNotify
GitHub
GitHub - dfar2008/c3crm: ๆๅฎขCRMๅผๆบๅ
่ดน็
ๆๅฎขCRMๅผๆบๅ
่ดน็. Contribute to dfar2008/c3crm development by creating an account on GitHub.
๐จ CVE-2025-44141
A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.
๐@cveNotify
A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30.
๐@cveNotify
scandalous-author-611 on Notion
CVE-2025-44141 | Notion
[CVE ID]
๐จ CVE-2025-44559
An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafted control packets.
๐@cveNotify
An issue in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK v1.4.0 allows attackers within Bluetooth range to cause a Denial of Service (DoS) via sending a specific sequence of crafted control packets.
๐@cveNotify
๐จ CVE-2023-47310
A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets.
๐@cveNotify
A misconfiguration in the default settings of MikroTik RouterOS 7 and fixed in v7.14 allows incoming IPv6 UDP traceroute packets.
๐@cveNotify
๐จ CVE-2025-45931
An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file
๐@cveNotify
An issue D-Link DIR-816-A2 DIR-816A2_FWv1.10CNB05_R1B011D88210 allows a remote attacker to execute arbitrary code via system() function in the bin/goahead file
๐@cveNotify
๐จ CVE-2025-45029
WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENT_LENGTH variable at /cgi-bin/upload.cgi.
๐@cveNotify
WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENT_LENGTH variable at /cgi-bin/upload.cgi.
๐@cveNotify