Astra Linux - уязвимость в libmodbus

A issue was discovered in libmodbus before versions 3.0.7 and 3.1.x, prior to 3.1.5. There is a buffer overflow vulnerability in the MODBUSFCWRITEMULTIPLECOILS case, also known as VD-1302...

Exploit for CVE-2025-1302

Research: jsonpath-plus RCE CVE-2025-1302 Analysis !Securi...

ROOT-APP-NPM-CVE-2025-1302 CVE-2025-1302 in @rootio/jsonpath-plus - Patched by Root

Root has patched CVE-2025-1302 in the @rootio/jsonpath-plus package for Root:npm. Multiple fixed versions available...

CVE-2026-1302

creationtimestamp| type| source ---|---|--- 2026-01-24 10:31:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3md5z4lvsye2r...

CVE-2026-1302

CVE-2026-1302 — Meta-box GalleryMeta (WordPress) is a stored cross-site scripting (XSS) vulnerability affecting versions up to 3.0.1 via admin/settings input, exploitable by authenticated users with Editor+ privileges. Impact is limited to multisite installs and sites where unfiltered_html is dis...

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in jsonpath-plus-10.2.0.tgz

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of jsonpath-plus-10.2.0.tgz Vulnerability Details CVEID:CVE-2025-1302 DESCRIPTION: Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacke...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791)

Summary IBM App Connect Enterprise runtime, IBM App Connect Enterprise Discovery Connectors and IBM App Connect Enterprise Connector Discovery and OpenAPI Editor are vulnerable to Remote Code Execution RCE and improper preservation of permissions due to jsonpath-plus & snowflake-sdk. Vulnerabilit...

CVE-2020-1302

An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege...

CVE-2019-15815

ZyXEL P-1302-T10D v3 devices with firmware version 2.00ABBX.3 and earlier do not properly enforce access control and could allow an unauthorized user to access certain pages that require admin privileges...

Security Bulletin:IBM Event Streams is vulnerable to Remote Code Execution (RCE) attack due to the jsonpath-plus ( CVE-2025-1302).

Summary IBM Event Streams is vulnerable to Remote Code Execution RCE due to the jsonpath-plus package, which is typically used for querying and extracting specific data from complex JSON documents, helping in parsing message payloads, filtering data within topics, and extracting specific fields f...

Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution [CVE-2025-1302]

Summary Node.js module jsonpath-plus is used by IBM App Connect Enterprise Certified Container for processing JSON data. IBM App Connect Enterprise Certified Container operands are vulnerable to remote code execution. This bulletin provides patch information to address the reported vulnerability ...

Exploit for CVE-2025-1302

CVE-2025-1302 ★ CVE-2025-1302 JSONPath-plus RCE PoC ★ https...

@0xc/serverless-offline-aws-sqs (>=1.0.0 <=2.0.3), @1eg/cert-manager-to-azion (>=0.0.1 <=0.2.0) +3062 more potentially affected by CVE-2024-21534 +1 more via jsonpath-plus (>=0.12.0 <=10.2.0)

jsonpath-plus NPM version =0.12.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1-alpha, =0.4.0-next.10, =0.7.0, =0.0.1, =1.0.0, =1.0.98-alpha.0, =1.3.65-alpha.0, =1.27.0, =0.0.1, =1.0.0-atomist-update-latest-1544450968007.20181210141037, =1.0.0-atomist-update-latest-1544451015596.20181210141150,...

CVE-2025-1302 vulnerabilities

Vulnerabilities for packages: prism, kubeflow-centraldashboard, kubeflow-pipelines...

CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

CVE-2025-1302

creationtimestamp| type| source ---|---|--- 2025-02-15 05:06:08+00:00| seen| https://infosec.exchange/users/cve/statuses/114006161366925881 2025-02-15 05:15:34+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li6xkquhej27 2025-02-15 06:48:21+00:00| seen|...

CVE-2025-1302

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution RCE due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. Note: This is caused by an incomplete fix for...

CentOS 7 : thunderbird (RHSA-2022:1302)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:1302 advisory. - NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free a...

RHEL 8 : mod_http2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - httpd: Use-after-free on HTTP/2 stream shutdown CVE-2018-1302 Note that Nessus has not tested for this issue but ha...

Oracle Linux 8 : httpd:2.4 (ELSA-2024-3121)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-3121 advisory. - Resolves: RHEL-14448 - httpd: modmacro: out-of-bounds read vulnerability CVE-2023-31122 - Resolves: RHEL-29817 - httpd:2.4/modhttp2: httpd:...