Navigating the API Security Landscape: Your Definitive API Security Buyer’s Guide for 2025

APIs power today’s digital economy—connecting customers, partners, and internal services at breakneck speed. But with that agility comes risk: in 2024 alone, API vulnerabilities cost organizations a staggering$2.5 billion in remediation, fines, and lost revenue. As APIs proliferate, traditional...

Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.

Summary Multiple vulnerabilities were addressed in IBM Business Automation Manager Open Editions 8.0.8. Vulnerability Details CVEID:CVE-2025-53506 DESCRIPTION: Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an HTTP/2 client did not acknowledge the initial settings frame that...

Linux Distros Unpatched Vulnerability : CVE-2025-27610

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specifi...

📄 Ghost CMS Path Traversal

Ghost CMS versions prior to 5.42.1 contain a path traversal vulnerability that allows remote attackers to read arbitrary files within the active theme's folder structure. !/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.42.1 - Path Traversal Date: 2023-06-15 Exploit...

VulnCheck KEV: CVE-2025-44177

A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences...

Ghost CMS 5.42.1 - Path Traversal

!/usr/bin/env python3 -- coding: utf-8 -- """ Exploit Title: Ghost CMS 5.42.1 - Path Traversal Date: 2023-06-15 Exploit Author:ibrahimsql https://github.com/ibrahimsql Vendor Homepage: https://ghost.org Software Link: https://github.com/TryGhost/Ghost Version: =2.28.1 """ import requests import s...

Linux Distros Unpatched Vulnerability : CVE-2020-27618

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The iconv function in the GNU C Library aka glibc or libc6 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388,...

curl: Vulnerability Report: Local File Disclosure via file:// Protocol in cURL

Summary A security vulnerability has been identified that allows unauthorized local file system access via the file:// protocol in cURL, particularly when executed with elevated privileges e.g., sudo. This could lead to sensitive data exposure, including password hashes stored in /etc/shadow. Ste...

Linux Distros Unpatched Vulnerability : CVE-2024-50349

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to...

Linux Distros Unpatched Vulnerability : CVE-2019-11478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP...

Linux Distros Unpatched Vulnerability : CVE-2025-32873

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 4.2 before 4.2.21, 5.1 before 5.1.9, and 5.2 before 5.2.1. The django.utils.html.striptags function is vulnerable to a potenti...

curl: Path Traversal in SFTP QUOTE command leads to Arbitrary File Write and potential RCE

Description Summary libcurl is vulnerable to a path traversal attack when processing SFTP QUOTE commands. The internal function Curlgetpathname in lib/vssh/curlpath.c fails to sanitize user-provided paths for traversal sequences ../. An attacker who can control the SFTP QUOTE commands can leverag...

Directory Traversal

Overview tiny-scientist is an A lightweight framework for building research agents Affected versions of this package are vulnerable to Directory Traversal via the reviewpaper function in the backend/app.py file. An attacker can access arbitrary PDF files on the server by supplying crafted file...

K000152924: Apache HTTP Server vulnerability CVE-2024-43204

Security Advisory Description SSRF in Apache HTTP Server with modproxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where modheaders is configured to modify the Content-Type request or response header with a valu...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF006 (July 2025)

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 24.0.0-IF006. Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript...

From Chrome renderer code exec to kernel with MSG_OOB

Posted by Jann Horn, Google Project Zero Introduction In early June, I was reviewing a new Linux kernel feature when I learned about the MSGOOB feature supported by stream-oriented UNIX domain sockets. I reviewed the implementation of MSGOOB, and discovered a security bug CVE-2025-38236 affecting...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFixes for July 2025.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.1-IF004 and 24.0.0-IF006 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 t...

The vulnerability of the SMTP protocol implementation in the software platform for managing identification and access control in Keycloak allows a perpetrator to execute arbitrary commands.

The vulnerability of the SMTP protocol implementation for managing identities and access control in Keycloak relates to the failure to neutralize CRLF sequences. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

ROS-20250807-06

Vulnerability in vim text editor is related to input validation errors when processing directory traversal sequences in the tar.vim plugin. Exploitation of the vulnerability could allow an attacker to execute arbitrary code Vulnerability in vim text editor is related to input validation errors wh...

Linux Distros Unpatched Vulnerability : CVE-2025-51480

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Path Traversal vulnerability in onnx.externaldatahelper.saveexternaldata in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted...