@CVEtracker profile picture
$Jacob @CVEtracker

Tracking CVEs, exploits, and security research for defenders & bug bounty hunters.

Joined December 2024
  • Tweets 525
  • Following 59
  • Followers 15
1 Photos and videos
$Jacob@CVEtracker
1 May 2025
CVE-2023-45721 04/30/2025 10:15:16 PM BaseSeverity: MEDIUM Insufficient default configuration in HCL Leap allows anonymous access to directory information. support.hcl-software.com/csm…
162
$Jacob@CVEtracker
1 May 2025
CVE-2024-13943 04/30/2025 08:15:20 PM BaseSeverity: HIGH Tesla Model S Iris Modem QCMAP_ConnectionManager Improper Input Validation Sandbox Escape Vulnerability. This vulnerability allows local attackers to escape the sa... zerodayinitiative.com/adviso…
146
$Jacob@CVEtracker
30 Apr 2025
CVE-2025-4080 04/29/2025 08:15:25 PM BaseSeverity: MEDIUM A vulnerability has been found in PHPGurukul Online Nurse Hiring System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adm... github.com/Iandweb/CVE/issue…

PHPGurukulOnline Nurse Hiring System Project V1.0 /admin/view-request.php SQL injection · Issue #2...

phpgurukul Online Nurse Hiring System Project V1.0 /admin/view-request.php SQL injection NAME OF AFFECTED PRODUCT(S) Online Nurse Hiring System Vendor Homepage https://phpgurukul.com/online-nurse-h...

github.com
66
$Jacob@CVEtracker
30 Apr 2025
CVE-2025-3501 04/29/2025 09:15:51 PM BaseSeverity: HIGH A flaw was found in Keycloak. By setting a verification policy to 'ALL', the trust store certificate verification is skipped, which is unintended. access.redhat.com/errata/RHS…
63
$Jacob@CVEtracker
30 Apr 2025
CVE-2025-46778 04/30/2025 03:15:19 AM Rejected reason: Not used
40
$Jacob@CVEtracker
30 Apr 2025
CVE-2025-32444 04/30/2025 01:15:51 AM BaseSeverity: CRITICAL vLLM is a high-throughput and memory-efficient inference and serving engin... github.com/vllm-project/vllm…

vllm/vllm/distributed/kv_transfer/kv_pipe/mooncake_pipe.py at 32b14baf8a1f7195ca09484de3008063569...

A high-throughput and memory-efficient inference and serving engine for LLMs - vllm-project/vllm

github.com
47
$Jacob@CVEtracker
30 Apr 2025
CVE-2025-0520 04/29/2025 08:15:25 PM BaseSeverity: CRITICAL An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.Thi... github.com/star7th/showdoc/p…

修复前台任意文件上传 by plzmyy · Pull Request #1059 · star7th/showdoc

\server\Application\Home\Controller\PageController.class.php第150行 $upload->allowExts = array('jpg', 'gif', 'png', 'jpeg');// ...

github.com
1
69
$Jacob@CVEtracker
29 Apr 2025
CVE-2025-34491 04/28/2025 08:15:20 PM BaseSeverity: HIGH GFI MailEssentials prior to version 21.8 is vulnerable to a .NET deserialization issue. A remote and authenticated attacker can execute arbitrary code by... frycos.github.io/vulns4free/…

GFI MailEssentials - Yet Another .NET Target

What is this product GFI MailEssentials all about? We’re living the future, right? So let’s ask the GFI AI.

frycos.github.io
53
$Jacob@CVEtracker
29 Apr 2025
CVE-2024-11922 04/28/2025 09:15:56 PM BaseSeverity: MEDIUM Missing input validation in certain features of the Web Client of Fortra's GoAnywhere prior to version 7.8.0 allows an attacker with permission to... fortra.com/security/advisori…

Input Validation vulnerability in Web Client emails that do not go through Secure Mail

fortra.com
57
$Jacob@CVEtracker
29 Apr 2025
CVE-2025-31651 04/28/2025 08:15:20 PM Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. For a subset of unlikely rewrite rule configurations, it was possible for a specia... lists.apache.org/list.html?a…
83
$Jacob@CVEtracker
29 Apr 2025
CVE-2025-4037 04/28/2025 09:15:56 PM BaseSeverity: MEDIUM A vulnerability was found in code-projects ATM Banking 1.0. It has been classified as critical. Affected is the function moneyDeposit/moneyWithdraw. The manipulation leads to business logic er... code-projects.org/

Source Code & Projects

Code Projects offers tutorials, source code, and projects for beginners. Join us to learn, collaborate, and access free open-source projects.

code-projects.org
32
$Jacob@CVEtracker
28 Apr 2025
CVE-2025-46690 04/27/2025 10:15:15 PM BaseSeverity: MEDIUM Ververica Platform 2.14.0 allows low-privileged users to access SQL connectors via a direct namespaces/default/formats request. github.com/gozan10/cve/issue…

CVE_3_Ververica_2.14.0 · Issue #18 · gozan10/cve

Exploit Title: Broken Access Control Vulnerability in Ververica Platform Version: 2.14.0 Date: 14/03/2025 Exploit Author: Gozan Contact: https://github.com/gozan10 Product: Ververica Platform (http...

github.com
27
$Jacob@CVEtracker
28 Apr 2025
CVE-2025-3995 04/28/2025 02:15:14 AM BaseSeverity: MEDIUM A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an un... github.com/fizz-is-on-the-wa…
40
$Jacob@CVEtracker
28 Apr 2025
CVE-2025-3987 04/27/2025 10:15:14 PM BaseSeverity: MEDIUM A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as critical. This issue affects some unknown processing of the ... github.com/fizz-is-on-the-wa…
43
$Jacob@CVEtracker
28 Apr 2025
CVE-2025-46687 04/27/2025 08:15:15 PM BaseSeverity: MEDIUM quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected. bellard.org/quickjs/Changelo…
64
$Jacob@CVEtracker
27 Apr 2025
CVE-2025-46654 04/26/2025 09:15:15 PM BaseSeverity: MEDIUM CodiMD through 2.2.0 has a CSP-based protection mechanism against XSS through uploaded JavaScript content, but it can be bypassed by uploading a .html file that references... github.com/hackmdio/codimd/i…

Insecure File Upload Vulnerability · Issue #1910 · hackmdio/codimd

Summary During a comprehensive security assessment of CodiMD's open-source codebase, ZAST.AI identified an insecure file upload vulnerability affecting all versions. Notable implementation diff...

github.com
65
$Jacob@CVEtracker
27 Apr 2025
CVE-2025-46575 04/27/2025 02:15:15 AM BaseSeverity: MEDIUM There is an information disclosure vulnerability in the GoldenDB database product. Attackers can exploit error messages to obtain t... support.zte.com.cn/zte-iccp-…
55
$Jacob@CVEtracker
27 Apr 2025
CVE-2025-3954 04/26/2025 10:15:16 PM BaseSeverity: MEDIUM A vulnerability, which was classified as problematic, has been found in ChurchCRM 5.16.0. Affected by this issue is some unknown functionality of the... everydaysparkling.com/p/2c56…

SSRF via Referrer field in ChurchCRM v5.16.0

ChurchCRM doesn't validate the referrer properly and sends a HEAD request to the provided referrer. When a user is logged in and does a GET request to the Dashboard for example with an external...

everydaysparkling.com
73
$Jacob@CVEtracker
26 Apr 2025
CVE-2025-3915 04/26/2025 06:15:16 AM BaseSeverity: MEDIUM The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability ch... plugins.trac.wordpress.org/b…
47
$Jacob@CVEtracker
26 Apr 2025
CVE-2024-13808 04/26/2025 05:15:51 AM BaseSeverity: HIGH The Xpro Elementor Addons - Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.4.9 via the custom PHP widget. This is due to their only be... elementor.wpxpro.com

Xpro Elementor Addons: Top-rated addons for WordPress

Xpro Addons for Elementor website builder offer 140 Elementor widgets including 50 Free Widgets, Theme Builder, and 400 themes & templates.

elementor.wpxpro.com
76
Load more