A vulnerability identified as critical has been detected in Apple iOS and iPadOS up to 26.1. This affects an unknown
Vulnerabilities
NetBT e-Fatura ‘InboxProcessor’ Unquoted Service Path Privilege Escalation
Topic: NetBT e-Fatura ‘InboxProcessor’ Unquoted Service Path Privilege Escalation Risk: Medium Text:# Exploit Title: NetBT e-Fatura ‘InboxProcessor’ Unquoted Service Path
R.s.W – Sql Injection
Topic: R.s.W – Sql Injection Risk: Medium Text:********************************************************* # Exploit Title: SQL Injection – Red Spider Web CMS # Date:
Pluck 4.7.7-dev2 PHP Code Execution
Topic: Pluck 4.7.7-dev2 PHP Code Execution Risk: High Text:# Exploit Title: Pluck 4.7.7-dev2 – PHP Code Execution # Date: 2024-10-26
phpMyFAQ 3.1.7 Reflected Cross-Site Scripting (XSS)
Topic: phpMyFAQ 3.1.7 Reflected Cross-Site Scripting (XSS) Risk: Low Text:# Exploit Title: phpMyFAQ 3.1.7 – Reflected Cross-Site Scripting (XSS) #
Microsoft Windows Media Player WMDRM ‘RES://’ URI Arbitrary Code Execution Vulnerability
Topic: Microsoft Windows Media Player WMDRM ‘RES://’ URI Arbitrary Code Execution Vulnerability Risk: High Text:There´s an implementation flaw that causes
Windows LNK File UI Misrepresentation Remote Code Execution
Topic: Windows LNK File UI Misrepresentation Remote Code Execution Risk: Medium Text:# Title: Windows LNK File UI Misrepresentation Remote Code
Debian: Thunderbird Critical Arbitrary Code Exec DSA-6081-1 CVE-2025-14321
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For the oldstable distribution
CVE-2025-14710 | FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0 OrderList.php telephone sql injection
A vulnerability was found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. It has been declared as critical. This affects an
CVE-2025-14711 | FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0 hotelList.php pickedHotelName/type sql injection
A vulnerability was found in FantasticLBP Hotels Server up to 67b44df162fab26df209bd5d5d542875fcbec1d0. It has been rated as critical. This vulnerability affects
CVE-2025-13740 | Lightweight Accordion Plugin up to 1.5.20 on WordPress Shortcode lightweight-accordion cross site scripting
A vulnerability marked as problematic has been reported in Lightweight Accordion Plugin up to 1.5.20 on WordPress. This issue affects
CVE-2025-14702 | Smartbit CommV Smartschool App up to 10.4.4 be.smartschool.mobile.SplashActivity path traversal
A vulnerability described as problematic has been identified in Smartbit CommV Smartschool App up to 10.4.4. Impacted is an unknown
CVE-2025-14703 | Shiguangwu sgwbox N3 2.0.25 POST Message /fsnotify token improper authentication
A vulnerability classified as critical has been found in Shiguangwu sgwbox N3 2.0.25. The affected element is an unknown function
CVE-2025-14704 | Shiguangwu sgwbox N3 2.0.25 API /eshell path traversal
A vulnerability classified as critical was found in Shiguangwu sgwbox N3 2.0.25. The impacted element is an unknown function of
CVE-2025-14705 | Shiguangwu sgwbox N3 2.0.25 SHARESERVER Feature params command injection
A vulnerability, which was classified as critical, has been found in Shiguangwu sgwbox N3 2.0.25. This affects an unknown function
CVE-2025-14706 | Shiguangwu sgwbox N3 2.0.25 NETREBOOT Interface http_eshell_server command injection
A vulnerability, which was classified as critical, was found in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of
CVE-2025-14707 | Shiguangwu sgwbox N3 2.0.25 DOCKER Feature http_eshell_server params command injection
A vulnerability has been found in Shiguangwu sgwbox N3 2.0.25 and classified as critical. Affected is an unknown function of
CVE-2025-14708 | Shiguangwu sgwbox N3 2.0.25 WIREDCFGGET Interface http_eshell_server params buffer overflow
A vulnerability was found in Shiguangwu sgwbox N3 2.0.25 and classified as critical. Affected by this vulnerability is an unknown
CVE-2025-14709 | Shiguangwu sgwbox N3 2.0.25 WIRELESSCFGGET Interface http_eshell_server params buffer overflow
A vulnerability was found in Shiguangwu sgwbox N3 2.0.25. It has been classified as critical. Affected by this issue is
CVE-2025-14698 | atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android gallery.photogallery.pictures.vault.album path traversal
A vulnerability identified as problematic has been detected in atlaszz AI Photo Team Galleryit App 1.3.8.2 on Android. This affects
CVE-2025-14699 | Municorn FAX App 3.27.0 on Android biz.faxapp.app path traversal
A vulnerability labeled as problematic has been found in Municorn FAX App 3.27.0 on Android. This vulnerability affects unknown code
CVE-2025-14695 | SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b Inter-plugin API index.js html_renderer action dynamically-managed code resources
A vulnerability was found in SamuNatsu HaloBot up to 026b01d4a896d93eaaf9d5163a287dc9f267515b. It has been declared as critical. Affected is the function
CVE-2025-14696 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3 UpdatePasswordBatch password recovery
A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. It has been rated as
CVE-2025-14697 | Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3 /ExportFiles/ file access
A vulnerability categorized as problematic has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected
Rocky Linux: RLSA-2025:23088 grafana security update Security Advisories Updates
Moderate: grafana security updateLinuxSecurity – Security AdvisoriesRead More
Rocky Linux: RLSA-2025:23139 libsoup3 security update Security Advisories Updates
Moderate: libsoup3 security updateLinuxSecurity – Security AdvisoriesRead More
CVE-2025-14694 | ketr JEPaaS up to 7.2.8 readAllPostil keyWord sql injection
A vulnerability was found in ketr JEPaaS up to 7.2.8. It has been classified as critical. This impacts the function
CVE-2025-14691 | Mayan EDMS up to 4.10.1 /authentication/ cross site scripting
A vulnerability, which was classified as problematic, was found in Mayan EDMS up to 4.10.1. The affected element is an
CVE-2025-14692 | Mayan EDMS up to 4.10.1 /authentication/ redirect
A vulnerability has been found in Mayan EDMS up to 4.10.1 and classified as problematic. The impacted element is an
CVE-2025-14693 | Ugreen DH2100+ up to 5.3.0 USB symlink
A vulnerability was found in Ugreen DH2100+ up to 5.3.0 and classified as critical. This affects an unknown function of
CVE-2025-13126 | tomdever wpForo Forum Plugin up to 2.4.12 on WordPress post_args/topic_args sql injection
A vulnerability marked as critical has been reported in tomdever wpForo Forum Plugin up to 2.4.12 on WordPress. Affected by
CVE-2025-67897 | sequoia-pgp sequoia up to 2.0.x PKESK aes_key_unwrap signed to unsigned conversion error
A vulnerability described as problematic has been identified in sequoia-pgp sequoia up to 2.0.x. This affects the function aes_key_unwrap of
CVE-2025-12537 | wpvibes Addon Elements for Elementor Plugin up to 1.14.3 on WordPress Widget cross site scripting
A vulnerability classified as problematic has been found in wpvibes Addon Elements for Elementor Plugin up to 1.14.3 on WordPress.
CVE-2025-67896 | Exim up to 4.99.0 heap-based overflow
A vulnerability classified as critical was found in Exim up to 4.99.0. This issue affects some unknown processing. Executing manipulation
CVE-2025-12696 | HelloLeads CRM Form Shortcode Plugin up to 1.0 on WordPress cross-site request forgery
A vulnerability, which was classified as problematic, has been found in HelloLeads CRM Form Shortcode Plugin up to 1.0 on
Fedora 42: xkbcomp Critical Advisory for CVE-2018-15853 DoS Risk
xkbcomp 1.5.0 (CVE-2018-15853, CVE-2018-15859, CVE-2018-15861, CVE-2018-15863)LinuxSecurity – Security AdvisoriesRead More
Fedora 43: libpng High CVE-2025-66293 Out-of-Bounds Read Advisory
Fixed CVE-2025-66293 (high severity): Out-of-bounds read in png_image_read_composite. Fixed the Paeth filter handling in the RISC-V RVV implementation. Improved the
Fedora 43: Important Memory Issue in golangci-lint ALPN Negotiation
Latest version This build with the latest golang should also fix all the Go CVEs, although I did verify how/if
openSUSE: pgadmin4 Moderate Security Fix CVE-2025-12762 2025:15818-1
An update that solves 5 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-14672 | gmg137 snap7-rs up to 1.142.1 s7_micro_client.cpp opWriteArea heap-based overflow (ID2H8E)
A vulnerability categorized as critical has been discovered in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of
CVE-2025-14673 | gmg137 snap7-rs up to 1.142.1 client.rs as_ct_write heap-based overflow (ID2H74)
A vulnerability identified as critical has been detected in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of
CVE-2025-14674 | aizuda snail-job up to 1.6.0 QLExpressEngine.java QLExpressEngine.doEval injection (ICNUG0)
A vulnerability labeled as critical has been found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the
Mageia 9: Codeblocks Receives Important Bugfix Update MGAA-2025-0104
MGAA-2025-0104 – Updated codeblocks packages fix bugLinuxSecurity – Security AdvisoriesRead More
Debian 11: Thunderbird Critical Code Execution Fix DLA-4405-1
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code. For Debian 11 bullseye,
Mageia 9: Golang Critical DNS Constraint Advisory MGASA-2025-0326
MGASA-2025-0326 – Updated golang packages fix security vulnerabilitiesLinuxSecurity – Security AdvisoriesRead More
CVE-2025-14542 | python-utcp up to 1.0.x trust boundary violation (jfsa-2025-001648)
A vulnerability marked as critical has been reported in python-utcp up to 1.0.x. This impacts an unknown function. The manipulation
CVE-2025-14659 | D-Link DIR-860LB1/DIR-868LB1 203b01/203b03 DHCP Daemon Hostname command injection
A vulnerability described as critical has been identified in D-Link DIR-860LB1 and DIR-868LB1 203b01/203b03. Affected is an unknown function of
CVE-2025-14660 | DecoCMS Mesh up to 1.0.0-alpha.31 Workspace Domain api.ts createTool domain access control (ID 1967)
A vulnerability classified as critical has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the
CVE-2025-14661 | itsourcecode Student Managemen System 1.0 /advisers.php sy sql injection
A vulnerability classified as critical was found in itsourcecode Student Managemen System 1.0. Affected by this issue is some unknown
CVE-2025-14662 | code-projects Student File Management System 1.0 Update User Page /admin/update_user.php cross site scripting
A vulnerability, which was classified as problematic, has been found in code-projects Student File Management System 1.0. This affects an
CVE-2025-14663 | code-projects Student File Management System 1.0 update_student.php cross site scripting
A vulnerability, which was classified as problematic, was found in code-projects Student File Management System 1.0. This vulnerability affects unknown
CVE-2025-14664 | Campcodes Supplier Management System 1.0 /admin/view_unit.php chkId[] sql injection
A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. This issue affects some unknown
CVE-2025-14665 | Tenda WH450 1.0.0.18 HTTP Request /goform/DhcpListClient page stack-based overflow
A vulnerability was found in Tenda WH450 1.0.0.18 and classified as critical. Impacted is an unknown function of the file
CVE-2025-14666 | itsourcecode COVID Tracking System 1.0 /admin/?page=user Username sql injection
A vulnerability was found in itsourcecode COVID Tracking System 1.0. It has been classified as critical. The affected element is
CVE-2025-14667 | itsourcecode COVID Tracking System 1.0 /admin/?page=system_info meta_value sql injection
A vulnerability was found in itsourcecode COVID Tracking System 1.0. It has been declared as critical. The impacted element is
CVE-2025-14668 | campcodes Advanced Online Examination System 1.0 /query/loginExe.php Username sql injection
A vulnerability was found in campcodes Advanced Online Examination System 1.0. It has been rated as critical. This affects an
CVE-2025-14653 | itsourcecode Student Management System 1.0 /addrecord.php ID sql injection
A vulnerability was found in itsourcecode Student Management System 1.0. It has been rated as critical. Impacted is an unknown
CVE-2025-14654 | Tenda AC20 16.03.08.12 httpd /goform/setPptpUserList formSetPPTPUserList list stack-based overflow
A vulnerability categorized as critical has been discovered in Tenda AC20 16.03.08.12. The affected element is the function formSetPPTPUserList of
CVE-2025-14655 | Tenda AC20 16.03.08.12 httpd SetSysAutoRebbotCfg formSetRebootTimer rebootTime stack-based overflow
A vulnerability identified as critical has been detected in Tenda AC20 16.03.08.12. The impacted element is the function formSetRebootTimer of
CVE-2025-14656 | Tenda AC20 16.03.08.12 /goform/openSchedWifi httpd schedStartTime/schedEndTime buffer overflow
A vulnerability labeled as critical has been found in Tenda AC20 16.03.08.12. This affects the function httpd of the file
CVE-2025-36747 | Growatt ShineLan-X up to 3.6.0.2 Firmware data authenticity
A vulnerability, which was classified as critical, has been found in Growatt ShineLan-X up to 3.6.0.2. The impacted element is
CVE-2025-36751 | Growatt ShineLan-X up to 3.6.0.2 Configuration Interface missing encryption
A vulnerability, which was classified as problematic, was found in Growatt ShineLan-X up to 3.6.0.2. This affects an unknown function
CVE-2025-36754 | Growatt ShineLan-X up to 3.6.0.2 Web Interface authentication spoofing
A vulnerability has been found in Growatt ShineLan-X up to 3.6.0.2 and classified as critical. This impacts an unknown function
CVE-2025-9116 | WPS Visitor Counter Plugin up to 1.4.8 on WordPress $_SERVER[‘REQUEST_URI’] cross site scripting
A vulnerability was found in WPS Visitor Counter Plugin up to 1.4.8 on WordPress and classified as problematic. Affected is
CVE-2025-36752 | Growatt ShineLan-X up to 3.6.0.2 Communication Dongle hard-coded credentials
A vulnerability was found in Growatt ShineLan-X up to 3.6.0.2. It has been classified as critical. Affected by this vulnerability
CVE-2025-36753 | Growatt ShineLan-X up to 3.6.0.2 SWD Debug Interface authentication spoofing
A vulnerability was found in Growatt ShineLan-X up to 3.6.0.2. It has been declared as critical. Affected by this issue
CVE-2025-36750 | Growatt ShineLan-X up to 3.6.0.2 Plant Management Page Plant Name cross site scripting
A vulnerability was found in Growatt ShineLan-X up to 3.6.0.2. It has been rated as problematic. This affects an unknown
CVE-2025-36748 | Growatt ShineLan-X up to 3.6.0.2 Communication cross site scripting
A vulnerability categorized as problematic has been discovered in Growatt ShineLan-X up to 3.6.0.2. This vulnerability affects unknown code of
CVE-2025-14641 | code-projects Computer Laboratory System 1.0 admin/admin_pic.php image unrestricted upload
A vulnerability identified as critical has been detected in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing
CVE-2025-14642 | code-projects Computer Laboratory System 1.0 technical_staff_pic.php image unrestricted upload
A vulnerability labeled as critical has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of
CVE-2025-14643 | code-projects Simple Attendance Record System 2.0 /check.php student sql injection
A vulnerability marked as critical has been reported in code-projects Simple Attendance Record System 2.0. The affected element is an
CVE-2025-14644 | itsourcecode Student Management System 1.0 /update_subject.php ID sql injection
A vulnerability described as critical has been identified in itsourcecode Student Management System 1.0. The impacted element is an unknown
CVE-2025-14645 | code-projects Student File Management System 1.0 /admin/delete_user.php user_id sql injection
A vulnerability classified as critical has been found in code-projects Student File Management System 1.0. This affects an unknown function
CVE-2025-14646 | code-projects Student File Management System 1.0 delete_student.php stud_id sql injection
A vulnerability classified as critical was found in code-projects Student File Management System 1.0. This impacts an unknown function of
CVE-2025-14647 | code-projects Computer Book Store 1.0 /admin_delete.php bookisbn sql injection
A vulnerability, which was classified as critical, has been found in code-projects Computer Book Store 1.0. Affected is an unknown
CVE-2025-14648 | DedeBIZ up to 6.5.9 catalog_add.php command injection
A vulnerability, which was classified as critical, was found in DedeBIZ up to 6.5.9. Affected by this vulnerability is an
CVE-2025-14649 | itsourcecode Online Cake Ordering System 1.0 /cakeshop/supplier.php supplier sql injection
A vulnerability has been found in itsourcecode Online Cake Ordering System 1.0 and classified as critical. Affected by this issue
CVE-2025-14650 | itsourcecode Online Cake Ordering System 1.0 /cakeshop/product.php Product sql injection
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0 and classified as critical. This affects an unknown part
CVE-2025-14651 | MartialBE one-hub up to 0.14.27 docker-compose.yml SESSION_SECRET hard-coded key (Issue 872)
A vulnerability was found in MartialBE one-hub up to 0.14.27. It has been classified as critical. This vulnerability affects unknown
CVE-2025-14652 | itsourcecode Online Cake Ordering System 1.0 admindetail.php?action=edit ID sql injection
A vulnerability was found in itsourcecode Online Cake Ordering System 1.0. It has been declared as critical. This issue affects
Fedora 43: apptainer 2025-cf169a01e8
Apply fuse2fs patches that were accidentally empty Update to upstream 1.4.5, including a fix for CVE-2025-65105LinuxSecurity – Security AdvisoriesRead More
Fedora 42: apptainer 2025-ff963b3775
Apply fuse2fs patches that were accidentally empty Update to upstream 1.4.5, including a fix for CVE-2025-65105LinuxSecurity – Security AdvisoriesRead More
Fedora 41: apptainer 2025-df330356b2
Apply fuse2fs patches that were accidentally empty Update to upstream 1.4.5, including a fix for CVE-2025-65105LinuxSecurity – Security AdvisoriesRead More
CVE-2025-14640 | code-projects Student File Management System 1.0 /admin/save_student.php stud_no sql injection
A vulnerability classified as critical was found in code-projects Student File Management System 1.0. The affected element is an unknown
CVE-2025-67749 | pcsx2 up to 2.5.377 SCMD mg_buffer out-of-bounds (GHSA-69wg-97fx-8j5w)
A vulnerability was found in pcsx2 up to 2.5.377. It has been rated as critical. Affected is an unknown function
CVE-2025-67721 | airlift aircompressor up to 3.3 insertion of sensitive information into sent data (GHSA-vx9q-rhv9-3jvg)
A vulnerability categorized as problematic has been discovered in airlift aircompressor up to 3.3. Affected by this vulnerability is an
CVE-2025-13970 | OpenPLC v3 Setting cross-site request forgery
A vulnerability identified as problematic has been detected in OpenPLC v3. Affected by this issue is some unknown functionality of
CVE-2025-14636 | Tenda AX9 22.03.01.46 httpd image_check weak hash
A vulnerability labeled as problematic has been found in Tenda AX9 22.03.01.46. This affects the function image_check of the component
CVE-2025-14637 | itsourcecode Online Pet Shop Management System 1.0 /pet1/addcnp.php cnpname sql injection
A vulnerability marked as critical has been reported in itsourcecode Online Pet Shop Management System 1.0. This vulnerability affects unknown
CVE-2025-14638 | itsourcecode Online Pet Shop Management System 1.0 /pet1/update_cnp.php ID sql injection
A vulnerability described as critical has been identified in itsourcecode Online Pet Shop Management System 1.0. This issue affects some
CVE-2025-14639 | itsourcecode Student Management System 1.0 /uprec.php ID sql injection
A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. Impacted is an unknown function of
CVE-2025-43320 | Apple macOS up to 15.7.2 App Local Privilege Escalation
A vulnerability classified as problematic was found in Apple macOS up to 15.7.2. Impacted is an unknown function of the
CVE-2025-14611 | Gladinet CentreStack/TrioFox prior 16.12.10420.56791 Request file inclusion
A vulnerability, which was classified as problematic, has been found in Gladinet CentreStack and TrioFox. The affected element is an
CVE-2025-43351 | Apple macOS up to 26.0 App permission
A vulnerability, which was classified as critical, was found in Apple macOS up to 26.0. The impacted element is an
CVE-2025-43381 | Apple macOS up to 26.0 App symlink
A vulnerability has been found in Apple macOS up to 26.0 and classified as critical. This affects an unknown function
CVE-2025-43388 | Apple macOS up to 26.0 App information disclosure
A vulnerability was found in Apple macOS up to 26.0 and classified as problematic. This impacts an unknown function of
CVE-2025-43410 | Apple macOS up to 14.8.1/15.7.1 Note denial of service
A vulnerability was found in Apple macOS up to 14.8.1/15.7.1. It has been classified as problematic. Affected is an unknown
CVE-2025-43393 | Apple macOS up to 26.0 App sandbox
A vulnerability was found in Apple macOS up to 26.0. It has been declared as critical. Affected by this vulnerability
CVE-2025-43402 | Apple macOS up to 26.0 memory corruption
A vulnerability was found in Apple macOS up to 26.0. It has been rated as critical. Affected by this issue
CVE-2025-43404 | Apple macOS up to 26.0 sandbox
A vulnerability categorized as critical has been discovered in Apple macOS up to 26.0. This affects an unknown part. Executing
CVE-2025-43406 | Apple macOS up to 26.0 App information disclosure
A vulnerability identified as problematic has been detected in Apple macOS up to 26.0. This vulnerability affects unknown code of