π¨ CVE-2025-65530
An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file.
π@cveNotify
An eval injection in the malware de-obfuscation routines of CloudLinux ai-bolit before v32.7.4 allows attackers to overwrite arbitrary files as root via scanning a crafted file.
π@cveNotify
IMUNIFY 360
Security Advisory: Imunify AI-Bolit Vulnerability
We are issuing this security advisory regarding a vulnerability discovered in the AI-Bolit component of Imunify products.
π¨ CVE-2025-65427
An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations.
π@cveNotify
An issue was discovered in Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router on firmware version V1.0.0 does not implement rate limiting to /api/login allowing attackers to brute force password enumerations.
π@cveNotify
GitHub
GitHub - kirubel-cve/CVE-2025-65427: CVE-2025-65427: Missing rate limiting in Dbit N300 T1 Pro router login API allows brute-forceβ¦
CVE-2025-65427: Missing rate limiting in Dbit N300 T1 Pro router login API allows brute-force attacks - kirubel-cve/CVE-2025-65427
π¨ CVE-2025-65568
A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During parsing, parseFAR() calls ip2int(), which performs an out-of-bounds read on the IPv4 address buffer and triggers an index-out-of-range panic. An attacker who can send PFCP Session Establishment Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.
π@cveNotify
A denial-of-service vulnerability exists in the omec-project UPF (pfcpiface component) in version upf-epc-pfcpiface:2.1.3-dev. After PFCP association, a PFCP Session Establishment Request that includes a CreateFAR with an empty or truncated IPv4 address field is not properly validated. During parsing, parseFAR() calls ip2int(), which performs an out-of-bounds read on the IPv4 address buffer and triggers an index-out-of-range panic. An attacker who can send PFCP Session Establishment Request messages to the UPF's N4/PFCP endpoint can exploit this issue to repeatedly crash the UPF and disrupt user-plane services.
π@cveNotify
GitHub
[Bug] UPF crash on malformed FAR (emptyIP) in Session Establishment Request Β· Issue #962 Β· omec-project/upf
Describe the bug After association completes, a crafted Session Establishment Request whose CreateFAR contains an empty/truncated IPv4 address field triggers an out-of-bounds read in ip2int (parse_...
π¨ CVE-2025-67289
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.
π@cveNotify
An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file.
π@cveNotify
GitHub
CVE/CVE-2025-67289/README.md at main Β· vuquyen03/CVE
Contribute to vuquyen03/CVE development by creating an account on GitHub.
π¨ CVE-2025-65856
Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.
π@cveNotify
Authentication bypass vulnerability in Xiongmai XM530 IP cameras on Firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 allows unauthenticated remote attackers to access sensitive device information and live video streams. The ONVIF implementation fails to enforce authentication on 31 critical endpoints, enabling direct unauthorized video stream access.
π@cveNotify
π¨ CVE-2025-65857
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.
π@cveNotify
An issue was discovered in Xiongmai XM530 IP cameras on firmware V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06. The GetStreamUri exposes RTSP URIs containing hardcoded credentials enabling direct unauthorized video stream access.
π@cveNotify
π¨ CVE-2025-65865
An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.
π@cveNotify
An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.
π@cveNotify
Gist
gist:7aa48cb9fc7a1dd74cb595212bb69d33
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2025-67108
eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.
π@cveNotify
eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.
π@cveNotify
Gist
gist:81b5d5a8328d712dbfd497bf11dbe913
GitHub Gist: instantly share code, notes, and snippets.
π¨ CVE-2025-63314
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack.
π@cveNotify
A static password reset token in the password reset function of DDSN Interactive Acora CMS v10.7.1 allows attackers to arbitrarily reset the user password and execute a full account takeover via a replay attack.
π@cveNotify
GitHub
GitHub - padayali-JD/CVE-2025-63314
Contribute to padayali-JD/CVE-2025-63314 development by creating an account on GitHub.
π¨ CVE-2025-29329
Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request.
π@cveNotify
Buffer Overflow in the ippprint (Internet Printing Protocol) service in Sagemcom F@st 3686 MAGYAR_4.121.0 allows remote attacker to execute arbitrary code by sending a crafted HTTP request.
π@cveNotify
GitHub
GitHub - SilverS3c/Sagemcom-fast-3686-ippprint: Description of the vulnerability affecting the Sagemcom F@st 3686 MAGYAR_4.121.0β¦
Description of the vulnerability affecting the Sagemcom F@st 3686 MAGYAR_4.121.0, and possibly other versions. - SilverS3c/Sagemcom-fast-3686-ippprint
π¨ CVE-2024-54855
fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.
π@cveNotify
fabricators Ltd Vanilla OS 2 Core image v1.1.0 was discovered to contain static keys for the SSH service, allowing attackers to possibly execute a man-in-the-middle attack during connections with other hosts.
π@cveNotify
GitHub
Static SSH Host Key Vulnerability
### Summary
Static SSH host key vulnerability in old Vanilla OS image versions allowed any unauthenticated user to perform man-in-the-middle (MITM) attack on a Vanilla OS host who had SSH enable...
Static SSH host key vulnerability in old Vanilla OS image versions allowed any unauthenticated user to perform man-in-the-middle (MITM) attack on a Vanilla OS host who had SSH enable...
π¨ CVE-2025-65783
An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.
π@cveNotify
An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file.
π@cveNotify
GitHub
vulnerability-research/CVE-2025-65783 at main Β· carlos-artmann/vulnerability-research
This repository contains information on all of the CVEs I found. - carlos-artmann/vulnerability-research
π¨ CVE-2025-66698
An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints.
π@cveNotify
An issue in Semantic machines v5.4.8 allows attackers to bypass authentication via sending a crafted HTTP request to various API endpoints.
π@cveNotify
GitHub
GitHub - Perunchess/CVE-2025-66698
Contribute to Perunchess/CVE-2025-66698 development by creating an account on GitHub.
π¨ CVE-2025-65784
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request.
π@cveNotify
Insecure permissions in Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows authenticated attackers with low-level privileges to access other users' information via a crafted API request.
π@cveNotify
GitHub
vulnerability-research/CVE-2025-65784 at main Β· carlos-artmann/vulnerability-research
This repository contains information on all of the CVEs I found. - carlos-artmann/vulnerability-research
π¨ CVE-2025-65396
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.
π@cveNotify
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the boot, by shorting a data pin of the IC to ground. An attacker can then dump the entire firmware, leading to the disclosure of sensitive information including cryptographic keys and user configurations.
π@cveNotify
Lessonsec
CVE-2025-65396: SPI Fault Enables Bootloader Access and Firmware Dump in Blurams Flare Camera
Personal blog on cybersecurity, harware hacking and security research.
π¨ CVE-2025-65397
An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. The vulnerability can be triggered by providing a maliciously crafted auth.ini file on the device's SD card.
π@cveNotify
An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. The vulnerability can be triggered by providing a maliciously crafted auth.ini file on the device's SD card.
π@cveNotify
Lessonsec
CVE-2025-65397: Insecure Startup Script Allows Root Command Execution in Blurams Flare Camera
Personal blog on cybersecurity, harware hacking and security research.
π¨ CVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message.
π@cveNotify
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive information useful for further exploitation. This issue is classified under CWE-209: Information Exposure Through an Error Message.
π@cveNotify
Gist
This Gist contains the plain-text public advisories for five vulnerabilities affecting the Aptsys gemscms and gemsloyalty backendβ¦
This Gist contains the plain-text public advisories for five vulnerabilities affecting the Aptsys gemscms and gemsloyalty backend platforms, discovered in 2025. These advisories serve as the requir...
π¨ CVE-2025-69752
An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL.
π@cveNotify
An issue in the "My Details" user profile functionality of Ideagen Q-Pulse 7.1.0.32 allows an authenticated user to view other users' profile information by modifying the objectKey HTTP parameter in the My Details page URL.
π@cveNotify
GitHub
public-advisories/advisories/CVE-2025-69752 at main Β· brtsec/public-advisories
vulnerability disclosures from authorised security assessments and independent research. - brtsec/public-advisories
π¨ CVE-2025-70363
Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs.
π@cveNotify
Incorrect access control in the REST API of Ibexa & Ciril GROUP eZ Platform / Ciril Platform 2.x allows unauthenticated attackers to access sensitive data via enumerating object IDs.
π@cveNotify
Gist
CVE-2025-70363 - Ibexa eZ Platform / Ciril Platform Access Control Vulnerability
CVE-2025-70363 - Ibexa eZ Platform / Ciril Platform Access Control Vulnerability - CVE-2025-70363.md
π¨ CVE-2025-70330
Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.
π@cveNotify
Easy Grade Pro 4.1.0.2 contains a file parsing logic flaw in the handling of proprietary .EGP gradebook files. By modifying specific fields at precise offsets within an otherwise valid .EGP file, an attacker can trigger an out-of-bounds memory read during parsing. This results in an unhandled access violation and application crash, leading to a local denial-of-service condition when the crafted file is opened by a user.
π@cveNotify
GitHub
GitHub - TheMalwareGuardian/CVE-2025-70330: Easy Grade Pro 4.1 file parsing bug used as an educational example to show how beginnersβ¦
Easy Grade Pro 4.1 file parsing bug used as an educational example to show how beginners can start vulnerability research through reverse engineering. - TheMalwareGuardian/CVE-2025-70330
π¨ CVE-2025-67034
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.
π@cveNotify
An issue was discovered in Lantronix EDS5000 2.1.0.0R3. An authenticated attacker can inject OS commands into the "name" parameter when deleting SSL credentials through the management interface. Injected commands are executed with root privileges.
π@cveNotify