994 matches found
CVE-2025-68937
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...
Forgejo 安全漏洞
Forgejo is a lightweight git service. A security vulnerability exists in Forgejo versions prior to 13.0.2 that stems from mishandling of the template repository symbolic link target, which could result in writing unexpected files and gaining server shell access...
DEBIAN-CVE-2025-68696
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...
CVE-2025-68696 httparty Has Potential SSRF Vulnerability That Leads to API Key Leakage
httparty is an API tool. In versions 0.23.2 and prior, httparty is vulnerable to SSRF. This issue can pose a risk of leaking API keys, and it can also allow third parties to issue requests to internal servers. This issue has been patched via commit 0529bcd...
CVE-2025-11545
CVE-2025-11545 affects Sharp Display Solutions projectors. NEC/Sharp disclosures and JVN data confirm a vulnerability that exposes sensitive system information to an unauthorized control sphere, enabling an attacker to improperly access the projector’s HTTP server and perform arbitrary actions. T...
EUVD-2025-204692
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions...
CVE-2025-11545
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions...
CVE-2025-11545
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sharp Display Solutions projectors allows a attacker may improperly access the HTTP server and execute arbitrary actions...
CVE-2025-66524
Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...
CVE-2025-66524
Apache NiFi 1.20.0 through 2.6.0 include the GetAsanaObject Processor, which requires integration with a configurable Distribute Map Cache Client Service for storing and retrieving state information. The GetAsanaObject Processor used generic Java Object serialization and deserialization without...
EUVD-2025-203064
The WooMulti WordPress plugin through 17 does not validate a file parameter when deleting files, which could allow any authenticated users, such as subscriber to delete arbitrary files on the server...
CVE-2025-40818
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...
PT-2025-49836
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...
CVE-2025-54305
An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. One of the middlewares included in this application, LocalhostAuthMiddleware, authenticates users as ionadmin if the REMOTEADDR property in request.META is set to 127.0.0.1, to 127.0.1.1, or to ::1. Any user wit...
CVE-2025-66201
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...
CVE-2025-66263
The CVE-2025-66263 entry describes an unauthenticated arbitrary file read due to a null byte injection in the Mozart FM Transmitter’s download_setting.php. The PHP code appends a forced .tgz extension to user-supplied $_GET['filename'], and on PHP 5.3.2 (pre-5.3.4) the null byte (%00) terminates ...
PT-2025-48117
Unauthenticated Arbitrary File Read via Null Byte Injection in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Null byte injection in download setting.php allows reading arbitrary files...
GHSA-6XVF-4VH9-MW47 Minder does not sandbox http.send in Rego programs
Impact Minder users may fetch content in the context of the Minder server, which may include URLs which the user would not normally have access to for example, if the Minder server is behind a firewall or other network partition. Patches...
GO-2025-4131 Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server
Mattermost allows regular users to access archived channel content and files in github.com/mattermost/mattermost-server...
CVE-2025-9982
CVE-2025-9982 affects QuickCMS 6.8. The vulnerability is due to sensitive admin credentials hardcoded in a plaintext configuration file, allowing attackers with access to the source code or server filesystem to retrieve credentials and potentially escalate privileges. Only version 6.8 was tested ...