🚨 CVE-2025-70082
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component
🎖@cveNotify
An issue in Lantronix EDS3000PS v.3.1.0.0R2 allows an attacker to execute arbitrary code and obtain sensitive information via the ltrx_evo component
🎖@cveNotify
🚨 CVE-2025-66956
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.
🎖@cveNotify
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL.
🎖@cveNotify
GitHub
GitHub - TheWoodenBench/CVE-2025-66956: Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live…
Insecure Access Control in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote attackers to access and execute attachments via a computable URL. - TheWoodenBench/CVE-2...
🚨 CVE-2025-66955
Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls.
🎖@cveNotify
Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in the downloadAttachment and downloadAttachmentFromPath API calls.
🎖@cveNotify
GitHub
GitHub - TheWoodenBench/CVE-2025-66955: Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live…
Local File Inclusion in Contact Plan, E-Mail, SMS and Fax components in Asseco SEE Live 2.0 allows remote authenticated users to access files on the host via "path" parameter in t...
🚨 CVE-2025-50881
The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL parameter, performs insufficient validation, and incorporates this input into a string that is subsequently executed by the `eval()` function. Although a `method_exists()` check is performed, it only validates the part of the user input *before* the first parenthesis `(`, allowing an attacker to append arbitrary PHP code after a valid method call structure. Successful exploitation allows an unauthenticated or trivially authenticated attacker to execute arbitrary PHP code on the server with the privileges of the web server process.
🎖@cveNotify
The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL parameter, performs insufficient validation, and incorporates this input into a string that is subsequently executed by the `eval()` function. Although a `method_exists()` check is performed, it only validates the part of the user input *before* the first parenthesis `(`, allowing an attacker to append arbitrary PHP code after a valid method call structure. Successful exploitation allows an unauthenticated or trivially authenticated attacker to execute arbitrary PHP code on the server with the privileges of the web server process.
🎖@cveNotify
Atom
Use is for sale at Atom.com!
Domain name Use.com is a concise and impactful name that exudes versatility and accessibility. A three-letter, one-syllable word, it is easy to remember and stands out in a crowded online marketplace. The name suggests functionality, effici
🚨 CVE-2026-30695
A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter of the /file_manager.cgi endpoint.
🎖@cveNotify
A Cross-Site Scripting (XSS) vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter of the /file_manager.cgi endpoint.
🎖@cveNotify
🚨 CVE-2025-67260
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack TpkWebGIS Client 1.0.0.
🎖@cveNotify
The Terrapack software, from ASTER TEC / ASTER S.p.A., with the indicated components and versions has a file upload vulnerability that may allow attackers to execute arbitrary code. Vulnerable components include Terrapack TkWebCoreNG:: 1.0.20200914, Terrapack TKServerCGI 2.5.4.150, and Terrapack TpkWebGIS Client 1.0.0.
🎖@cveNotify
🚨 CVE-2025-63260
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comment field and Chat-UI Chat message.
🎖@cveNotify
SyncFusion 30.1.37 is vulnerable to Cross Site Scripting (XSS) via the Document-Editor reply to comment field and Chat-UI Chat message.
🎖@cveNotify
🚨 CVE-2025-52204
A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter
🎖@cveNotify
A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter
🎖@cveNotify
🚨 CVE-2026-30457
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
🎖@cveNotify
An issue in the /parser/dwoo component of Daylight Studio FuelCMS v1.5.2 allows attackers to execute arbitrary code via crafted PHP code.
🎖@cveNotify
Getfuelcms
FUEL CMS - A CodeIgniter Content Management System
FUEL CMS is a CodeIgniter-based, easy to use Content Management System.
🚨 CVE-2026-30463
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.
🎖@cveNotify
Daylight Studio FuelCMS v1.5.2 was discovered to contain a SQL injection vulnerability via the /controllers/Login.php component.
🎖@cveNotify
Getfuelcms
FUEL CMS - A CodeIgniter Content Management System
FUEL CMS is a CodeIgniter-based, easy to use Content Management System.
🚨 CVE-2025-61190
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter.
🎖@cveNotify
A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in DSpace JSPUI 6.5 within the search/discover filtering functionality. The vulnerability exists due to improper sanitization of user-supplied input via the filter_type_1 parameter.
🎖@cveNotify
🚨 CVE-2026-30082
Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters.
🎖@cveNotify
Multiple stored cross-site scripting (XSS) vulnerabilities in the Edit feature of the Software Package List page of IngEstate Server v11.14.0 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the About application, What's news, or Release note parameters.
🎖@cveNotify
GitHub
GitHub - Cr0wld3r/CVE-2026-30082: Stored cross-site scripting (XSS) vulnerabilities in IngEstate Server v11.14.0
Stored cross-site scripting (XSS) vulnerabilities in IngEstate Server v11.14.0 - Cr0wld3r/CVE-2026-30082
🚨 CVE-2026-29597
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/file_manager/file_details.asp” endpoint and manipulating the “file” parameter. By referencing specific files (e.g., cm3.xml), the attacker can retrieve system administrator credentials, SMTP settings, database credentials, and other confidential information. The exposure of this information can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databases, lateral movement within the network, and long-term persistence by an attacker. This access control bypass poses a critical risk of account takeover, privilege escalation, and systemic compromise of the affected application and its associated infrastructure.
🎖@cveNotify
DDSN Interactive cm3 Acora CMS version 10.7.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive configuration files by force browsing the “/Admin/file_manager/file_details.asp” endpoint and manipulating the “file” parameter. By referencing specific files (e.g., cm3.xml), the attacker can retrieve system administrator credentials, SMTP settings, database credentials, and other confidential information. The exposure of this information can lead to full administrative access to the CMS, unauthorized access to email services, compromise of backend databases, lateral movement within the network, and long-term persistence by an attacker. This access control bypass poses a critical risk of account takeover, privilege escalation, and systemic compromise of the affected application and its associated infrastructure.
🎖@cveNotify
Acora
Welcome to Acora
We are building our story around Uniting IT and Security Operations to deliver secure end user experiences.
🚨 CVE-2026-30284
An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🎖@cveNotify
An arbitrary file overwrite vulnerability in UXGROUP LLC Voice Recorder v10.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🎖@cveNotify
App Craze
App Craze – Discover & Enjoy Smart, Stylish Mobile Apps
Download App Craze and explore a world of innovative, easy-to-use mobile and web apps designed to simplify your digital life. Simple to use. Fun to explore.
🚨 CVE-2026-30277
An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🎖@cveNotify
An arbitrary file overwrite vulnerability in PDF Reader App : TA/UTAX Mobile Print v3.7.2.251001 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🎖@cveNotify
GitHub
TA/UTAX Mobile Print APP Arbitrary File Overwrite Vulnerability · Issue #24 · Secsys-FDU/AF_CVEs
Vendor:TA Triumph-Adler GmbH(https://www.triumph-adler.com/ta-de-de/software/mobile-und-cloud/mobile-print) Affected product:PDF Reader App : TA/UTAX Mobile Print(com.kyocera.kyoprinttautax) Versio...
🚨 CVE-2026-30278
An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🎖@cveNotify
An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🎖@cveNotify
🚨 CVE-2026-30279
An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🎖@cveNotify
An arbitrary file overwrite vulnerability in Squareapps LLC My Location Travel Timeline v11.80 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🎖@cveNotify
GitHub
My Location - Travel Timeline APP Arbitrary File Overwrite Vulnerability · Issue #28 · Secsys-FDU/AF_CVEs
Vendor:Squareapps LLC(https://lightapp3.firebaseapp.com/) Affected product:My Location - Travel Timeline (com.kaisquare.location) Version:V11.80 Google Play link:https://play.google.com/store/apps/...
🚨 CVE-2026-30282
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.
🎖@cveNotify
An arbitrary file overwrite vulnerability in UXGROUP LLC Cast to TV Screen Mirroring v2.2.77 allows attackers to overwrite critical internal files via the file import process, leading to arbtrary code execution or information exposure.
🎖@cveNotify
App Craze
App Craze – Discover & Enjoy Smart, Stylish Mobile Apps
Download App Craze and explore a world of innovative, easy-to-use mobile and web apps designed to simplify your digital life. Simple to use. Fun to explore.
🚨 CVE-2026-30283
An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🎖@cveNotify
An arbitrary file overwrite vulnerability in PEAKSEL D.O.O. NIS Animal Sounds and Ringtones v1.3.0 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure.
🎖@cveNotify
GitHub
Animal Sounds and Ringtones APP Arbitrary File Overwrite Vulnerability · Issue #26 · Secsys-FDU/AF_CVEs
Vendor:PEAKSEL D.O.O. NIS(https://peaksel.com/) Affected product:Animal Sounds and Ringtones (com.animalsounds.natureringtoneapp) Version:V1.3.0 Google Play link:https://play.google.com/store/apps/...
🚨 CVE-2026-29598
Multiple stored cross-site scripting (XSS) vulnerabilities in the submit_add_user.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters.
🎖@cveNotify
Multiple stored cross-site scripting (XSS) vulnerabilities in the submit_add_user.asp endpoint of DDSN Interactive Acora CMS v10.7.1 allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the First Name and Last Name parameters.
🎖@cveNotify
Acora
Welcome to Acora
We are building our story around Uniting IT and Security Operations to deliver secure end user experiences.
🚨 CVE-2026-26895
User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform.
🎖@cveNotify
User enumeration vulnerability in /pwreset.php in osTicket v1.18.2 allows remote attackers to enumerate valid usernames registered in the platform.
🎖@cveNotify
Csacyber
osTicket timing vulnerability: Understanding the risk
Discover how a timing flaw in osTicket exposed valid usernames and what your business needs to know about CVE‑2026‑26895 and its remediation.