8 matches found
CVE-2025-26625 Git LFS may write to arbitrary files via crafted symlinks
Git LFS is a Git extension for versioning large files. In Git LFS versions 0.5.2 through 3.7.0, when populating a Git repository's working tree with the contents of Git LFS objects, certain Git LFS commands may write to files visible outside the current Git working tree if symbolic or hard links...
CVE-2025-26625
Git LFS CVE-2025-26625 affects versions 0.5.2–3.7.0. When populating a working tree (and in bare repositories), git lfs checkout and git lfs pull may write to files outside the repository if crafted symbolic or hard links collide with paths tracked by Git LFS. The root cause is lack of checks for...
WordPress Tutor LMS Pro plugin <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection vulnerability
Authenticated Tutor Instructor+ SQL Injection vulnerability discovered by sergioframi in WordPress Plugin Tutor LMS Pro versions = 3.7.0...
CVE-2025-27501
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side...
CVE-2025-27501
CVE-2025-27501 describes an unauthenticated SSRF in OpenZiti Console where an admin-panel endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller, enabling server-side requests. Root cause: server-side request is triggered using a node’s identity via the parameter. Imp...
CVE-2025-27501 Server Side Request Forgery in Ziti Console
OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint on the admin panel can be accessed without any form of authentication. This endpoint accepts a user-supplied URL parameter to connect to an OpenZiti Controller and performs a server-side...
WordPress Sheets To WP Table Live Sync Plugin <= 3.7.0 is vulnerable to Cross Site Scripting (XSS)
Software Sheets To WP Table Live Sync Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34375 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 592f4fe7fc70 Credits Manab Jyoti Dowarah...
WordPress Custom 404 Pro Plugin <= 3.7.0 is vulnerable to SQL Injection
Software Custom 404 Pro Type Plugin Vulnerable versions = 3.7.0 Fixed in 3.7.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2022-47605 Patch priority Low CVSS severity Low 8.3 Developer Kunal Nagar PSID 960f40facc61 Credits minhtuanact Required privilege Administrator Published...