CVE-2025-1520

Summary of CVE-2025-1520 : Affected product family is PostHog, specifically the ClickHouse Table Functions component. The vulnerability is a SQL injection leading to remote code execution, stemming from improper validation of a user-supplied string used to construct SQL queries within the SQL par...

CVE-2025-1520 PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability

PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-1049 Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability

Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

XSS in the /files Endpoint of the Generic REST API

Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...

Exploit for CVE-2025-32682

🐚 CVE-2025-32682 - Arbitrary File Upload in MapSVG Lite --...

CVE-2025-32869

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'ImportCertificate' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-32826

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetActiveProjects' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from a...

CVE-2025-32993

Vision Helpdesk through 5.7.0 allows Time-Based Blind SQL injection via the Forgot Password aka index.php?/home/forgot-password visusername parameter. Authentication is not needed...

CVE-2025-24797

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not...

📄 PandoraFMS 7.0NG.772 SQL Injection

PandoraFMS version 7.0NG.772 proof of concept authenticated remote SQL injection exploit. Exploit Title: PandoraFMS console v7.0NG.772 - SQL Injection Authenticated Date: 21/11/2023 Exploit Author: Osama Yousef Vendor Homepage: https://pandorafms.com/ Software Link:...

DRUPAL-CONTRIB-2025-032

Gif Player Field creates a simple file field types that allows you to upload the GIF files and configure the output for this using the Field Formatters. The module uses GifPlayer jQuery library to render the GIF according to configured setups for the Field Formatter. The external Gif Player Libra...

Ivanti Endpoint Manager OpenRecordSet SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the OpenRecordSet method. The issue results from the lack of...

(Pwn2Own) Synology BeeStation BST150-4T SQL Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BeeStation BST150-4T devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the updatesettings command. The issue results from the lack ...

Trend Micro Apex Central Query Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Apex Central. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the Query method. The issue results from the lack of...

(Pwn2Own) Lexmark CX331adwe loadCFFdata Type Confusion Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark CX331adwe printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the loadCFFdata method. The issue results from the lack of proper...

Fortinet FortiWeb cgi_xmlprotection_xmlschemafile_post Directory Traversal Arbitrary File Write Vulnerability

This vulnerability allows remote attackers to create arbitrary XML schema files on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the cgixmlprotectionxmlschemafilepost function. The issue results from the lack...

WordPress Feedbucket – Website Feedback Tool Plugin <= 1.0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Feedbucket – Website Feedback Tool versions = 1.0.6...

CVE-2025-2008 Import Export Suite for CSV and XML Datafeed <= 7.19 - Authenticated (Subscriber+) Arbitrary File Upload

The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the importsinglepostascsv function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with...

Exploit for CVE-2025-25705

CVE-2025-25705 Description Item: Product Vendor: freebsd...

CVE-2025-29928

CVE-2025-29928 concerns authentik, an open-source identity provider. When configured to use database-based session storage (not default), deleting sessions via the Web Interface or API would not revoke those sessions, allowing session holders continued access. This affects authentik versions prio...