Reddit NetSec

CVE Database V5

AlienVault OTX General

Reddit InfoSec News

Exploit-DB RSS Feed

CIRCL OSINT Feed

ThreatFox MISP Feed

AlienVault OTX Vulnerabilities

AlienVault OTX Malware

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

Source: https://securityaffairs.com/180368/security/unpatched-flaw-in-eol-lg-lnv5110r-cameras-lets-hackers-gain-admin-access.html

The security threat concerns an unpatched vulnerability in the LG LNV5110R camera model, which has reached its end-of-life (EoL) status. This flaw allows attackers to gain administrative access to the device without proper authorization. The vulnerability remains unpatched, meaning no official fix or update has been released by the vendor to address the issue. The LG LNV5110R is a network-connected surveillance camera, and administrative access typically grants full control over the device, including configuration changes, firmware updates, and access to video streams. Exploiting this flaw could enable attackers to manipulate camera settings, disable security features, or intercept sensitive video feeds. The source of this information is a Reddit post referencing a security news article on securityaffairs.com, indicating minimal discussion and no known exploits currently in the wild. The vulnerability is rated as medium severity, reflecting a significant but not critical risk. However, since the device is EoL, users are unlikely to receive patches, increasing the risk over time. The lack of a CVSS score necessitates an independent severity assessment based on the potential impact and exploitability. The flaw does not require user interaction or authentication to exploit, making it more accessible to attackers with network access to the device. The scope is limited to LG LNV5110R cameras, but these devices are often deployed in various environments, including corporate, retail, and public infrastructure settings.

Detailed information about Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access. Get real-time updates, technical details, and mitigation st

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access - Live Threat Intelligence - Threat Radar | OffSeq.com

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

Reddit Discussion: Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.php. The manipulation of the argument fname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

CVE-2025-8167 is a cross-site scripting (XSS) vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically affecting the /admin/edit_members.php file. The vulnerability arises from improper sanitization or validation of the 'fname' parameter, which can be manipulated by an attacker to inject malicious scripts. This vulnerability is exploitable remotely without requiring authentication, although it does require some level of privilege (PR:L) and user interaction (UI:P) according to the CVSS vector. The attack vector is network-based (AV:N), and the vulnerability impacts the integrity and limited confidentiality of the system. The disclosed exploit allows attackers to execute arbitrary JavaScript in the context of the victim's browser session, potentially leading to session hijacking, defacement, or redirection to malicious sites. Other parameters in the same or related functionality might also be vulnerable, increasing the attack surface. The vulnerability has a CVSS 4.0 base score of 5.1, categorizing it as medium severity. No official patches have been published yet, and no known exploits are currently observed in the wild, but public disclosure increases the risk of exploitation. Given that the affected system is a donation management platform used by churches, the vulnerability could be leveraged to target administrative users, potentially compromising sensitive donor information or disrupting donation processes.

Detailed information about CVE-2025-8167: Cross Site Scripting in code-projects Church Donation System affecting code-projects Church Donation System. Get real-

CVE-2025-8167: Cross Site Scripting in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8167: Cross Site Scripting in code-projects Church Donation System

Cross Site Scripting vulnerability in grav v.1.7.48, v.1.7.47 and v.1.7.46 allows an attacker to execute arbitrary code via the onerror attribute of the img element

CVE-2025-46198 is a Cross Site Scripting (XSS) vulnerability identified in the Grav CMS versions 1.7.46, 1.7.47, and 1.7.48. Grav is a flat-file content management system widely used for building websites without a traditional database backend. The vulnerability arises from improper sanitization of user-supplied input that is reflected in the onerror attribute of the HTML img element. An attacker can craft a malicious payload embedded within an image tag's onerror attribute, which executes arbitrary JavaScript code when the image fails to load or triggers the error event. This type of XSS is classified as a reflected or stored XSS depending on how the payload is injected and rendered. Exploiting this vulnerability allows an attacker to execute arbitrary scripts in the context of the victim's browser session, potentially leading to session hijacking, credential theft, defacement, or redirection to malicious sites. The vulnerability affects specific Grav versions, indicating that the issue likely stems from a regression or insufficient input validation in these releases. No official patch links or CVSS score have been published yet, and there are no known exploits in the wild at the time of this report. However, given the nature of XSS vulnerabilities, exploitation is generally straightforward if the attacker can control input that is reflected in the vulnerable attribute. The lack of a CVSS score suggests that the vulnerability is newly disclosed and pending further assessment.

Detailed information about CVE-2025-46198: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-46198: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-46198: n/a

A vulnerability was found in code-projects Church Donation System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php of the component HTTP POST Request Handler. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8166 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within the /admin/index.php file's HTTP POST request handler. The vulnerability arises from improper sanitization or validation of the 'Username' parameter, which can be manipulated by an attacker to inject malicious SQL commands. This flaw allows remote attackers to execute arbitrary SQL queries on the backend database without requiring authentication or user interaction. Exploiting this vulnerability could lead to unauthorized data access, data modification, or even complete compromise of the underlying database. The CVSS 4.0 score is 6.9 (medium severity), reflecting the ease of exploitation (network attack vector, no privileges or user interaction needed) but limited impact on confidentiality, integrity, and availability (low to medium impact). Although no public exploits are currently known in the wild, the vulnerability has been publicly disclosed, increasing the risk of exploitation. The affected product is niche software used primarily by religious organizations to manage donations, and the vulnerability exists in a core administrative component, potentially exposing sensitive donor and financial data if exploited.

Detailed information about CVE-2025-8166: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-8166: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8166: SQL Injection in code-projects Church Donation System

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salesforce Tableau Server on Windows, Linux (tabdoc api - duplicate-data-source modules) allows Absolute Path Traversal. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

CVE-2025-52452 is a path traversal vulnerability (CWE-22) identified in Salesforce Tableau Server, specifically affecting the tabdoc API's duplicate-data-source modules on both Windows and Linux platforms. This vulnerability allows an attacker to perform absolute path traversal by improperly limiting the pathname to restricted directories. Essentially, the application fails to adequately sanitize or validate user-supplied input that specifies file paths, enabling an attacker to access files and directories outside the intended restricted scope. This can lead to unauthorized access to sensitive files on the server's filesystem. The affected versions include all Tableau Server releases prior to 2025.1.3, 2024.2.12, and 2023.3.19, indicating that multiple release branches are impacted. No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication. However, path traversal vulnerabilities are generally considered serious because they can lead to information disclosure, potential privilege escalation, or further exploitation depending on the files accessed and the server configuration. Since Tableau Server is a widely used enterprise analytics platform, exploitation could expose sensitive business intelligence data or configuration files, potentially compromising confidentiality and integrity of organizational data.

Detailed information about CVE-2025-52452: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Salesforce Tableau Server af

CVE-2025-52452: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Salesforce Tableau Server - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-52452: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Salesforce Tableau Server

Server-Side Request Forgery (SSRF) vulnerability in Salesforce Tableau Server on Windows, Linux (Amazon S3 Connector modules) allows Resource Location Spoofing. This issue affects Tableau Server: before 2025.1.3, before 2024.2.12, before 2023.3.19.

CVE-2025-52454 is a Server-Side Request Forgery (SSRF) vulnerability identified in Salesforce Tableau Server, specifically affecting the Amazon S3 Connector modules on Windows and Linux platforms. SSRF vulnerabilities occur when an attacker can manipulate a server to send crafted requests to unintended locations, potentially accessing internal resources or external systems that are otherwise inaccessible. In this case, the vulnerability allows Resource Location Spoofing, meaning an attacker could trick Tableau Server into making unauthorized requests to arbitrary locations. This could lead to unauthorized access to internal services, data exfiltration, or further network reconnaissance. The affected versions include all Tableau Server releases prior to 2025.1.3, 2024.2.12, and 2023.3.19, indicating that multiple release branches are impacted. The vulnerability is categorized under CWE-918, which covers SSRF issues. No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication. The vulnerability was reserved in mid-June 2025 and published in late July 2025. The lack of a patch link suggests that fixes may be included in the referenced version updates but are not explicitly linked in the provided data. Given the nature of Tableau Server as a widely used enterprise analytics platform, exploitation could allow attackers to pivot into internal networks or access sensitive data repositories connected via the Amazon S3 Connector, which is commonly used for cloud storage integration.

Detailed information about CVE-2025-52454: CWE-918 Server-Side Request Forgery (SSRF) in Salesforce Tableau Server affecting Salesforce Tableau Server. Get real

CVE-2025-52454: CWE-918 Server-Side Request Forgery (SSRF) in Salesforce Tableau Server - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-52454: CWE-918 Server-Side Request Forgery (SSRF) in Salesforce Tableau Server

Cross Site Scripting vulnerability in grav v.1.7.48 and before allows an attacker to execute arbitrary code via a crafted script to the form fields

CVE-2025-46199 is a critical Cross Site Scripting (XSS) vulnerability affecting Grav CMS version 1.7.48 and earlier. Grav is a flat-file content management system widely used for building websites without a traditional database backend. This vulnerability allows an attacker to inject and execute arbitrary scripts within form fields, exploiting insufficient input sanitization or output encoding. Because the vulnerability is classified under CWE-79, it involves improper neutralization of input during web page generation, enabling malicious scripts to run in the context of the victim's browser. The CVSS 3.1 score of 9.8 indicates an extremely severe issue with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction needed (UI:N), and impacts confidentiality, integrity, and availability (C:H/I:H/A:H). An attacker can remotely exploit this vulnerability without authentication or user interaction, potentially leading to session hijacking, data theft, defacement, or further exploitation of the affected system or its users. Although no known exploits are currently reported in the wild, the high severity and ease of exploitation make this a significant threat to any Grav CMS deployment that has not been patched or mitigated. The absence of patch links suggests that a fix may not yet be publicly available, increasing the urgency for administrators to apply any forthcoming updates or implement temporary mitigations.

Detailed information about CVE-2025-46199: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-46199: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-46199: n/a

A vulnerability has been found in code-projects Public Chat Room 1.0 and classified as critical. This vulnerability affects unknown code of the file send_message.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8164 is a SQL Injection vulnerability identified in version 1.0 of the code-projects Public Chat Room application, specifically within the send_message.php file. The vulnerability arises from improper sanitization or validation of the 'ID' parameter, which is used in SQL queries. An attacker can remotely manipulate this parameter to inject malicious SQL code, potentially altering the intended database queries. This can lead to unauthorized access, data leakage, modification, or deletion of database records. The vulnerability does not require user interaction or authentication, increasing its exploitability. The CVSS 4.0 score is 5.3 (medium severity), reflecting the fact that while the attack vector is network-based and requires no privileges or user interaction, the impact on confidentiality, integrity, and availability is limited to low levels. No known exploits are currently reported in the wild, and no official patches have been released yet. However, the public disclosure of the vulnerability increases the risk of exploitation by attackers. The vulnerability affects only version 1.0 of the Public Chat Room product, which is a web-based chat application, likely used for real-time communication in various organizational contexts.

Detailed information about CVE-2025-8164: SQL Injection in code-projects Public Chat Room affecting code-projects Public Chat Room. Get real-time updates, techn

CVE-2025-8164: SQL Injection in code-projects Public Chat Room - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8164: SQL Injection in code-projects Public Chat Room

A vulnerability, which was classified as critical, was found in deerwms deer-wms-2 up to 3.3. This affects an unknown part of the file /system/role/list. The manipulation of the argument params[dataScope] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8163 is a SQL Injection vulnerability identified in the deerwms deer-wms-2 software versions up to 3.3. The vulnerability exists in an unspecified component related to the /system/role/list file path, where the argument params[dataScope] is improperly sanitized, allowing an attacker to inject malicious SQL code. This injection flaw can be exploited remotely without requiring user interaction or authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The vulnerability allows partial compromise of confidentiality, integrity, and availability of the affected system, though the impact is limited (VC:L/VI:L/VA:L). The CVSS 4.0 base score is 5.3, categorizing it as a medium severity issue. While the exploit has been publicly disclosed, there are no known exploits actively used in the wild at this time. The vulnerability arises from insufficient input validation on the dataScope parameter, which could allow attackers to manipulate backend SQL queries, potentially leading to unauthorized data access, data modification, or denial of service. The requirement of low privileges (PR:L) means an attacker must have some level of access, but no user interaction or elevated privileges are necessary. The lack of patches or mitigation links suggests that remediation may still be pending or requires manual intervention.

Detailed information about CVE-2025-8163: SQL Injection in deerwms deer-wms-2 affecting deerwms deer-wms-2. Get real-time updates, technical details, and mitiga

CVE-2025-8163: SQL Injection in deerwms deer-wms-2 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-8163: SQL Injection in deerwms deer-wms-2

A vulnerability, which was classified as critical, has been found in deerwms deer-wms-2 up to 3.3. Affected by this issue is some unknown functionality of the file /system/dept/list. The manipulation of the argument params[dataScope] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-8162 is a medium-severity SQL Injection vulnerability found in deerwms deer-wms-2 versions up to 3.3. The vulnerability exists in an unspecified functionality within the /system/dept/list endpoint, where the parameter params[dataScope] is improperly sanitized, allowing an attacker to inject malicious SQL code. This flaw enables remote attackers to manipulate backend database queries without requiring authentication or user interaction, potentially leading to unauthorized data access or modification. The vulnerability has a CVSS 4.0 base score of 5.3, reflecting a network attack vector with low complexity and no privileges or user interaction needed. The impact on confidentiality, integrity, and availability is rated low individually but combined can lead to significant data exposure or corruption. Although no public exploits have been observed in the wild yet, the vulnerability has been publicly disclosed, increasing the risk of exploitation. The lack of available patches or mitigations from the vendor at this time further elevates the threat. Organizations using deer-wms-2 versions 3.0 through 3.3 should consider this vulnerability critical to address promptly to prevent potential SQL injection attacks that could compromise sensitive data or disrupt operations.

Detailed information about CVE-2025-8162: SQL Injection in deerwms deer-wms-2 affecting deerwms deer-wms-2. Get real-time updates, technical details, and mitiga

Title	Severity	Type	Source	Date

Threats Affecting Belgium

Filter Threats

Threats Affecting Belgium

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility