CVE-2026-25122 vulnerabilities

Vulnerabilities for packages: dagdotdev...

SUSE CVE-2026-25122

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

CVE-2026-25122

apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copyio.Discard, gzi without explicit bounds. With an attacker-controlled input stream, this can force lar...

CVE-2018-25122

creationtimestamp| type| source ---|---|--- 2025-10-31 13:55:03+00:00| seen| Telegram/Q2bKXQpOf5LmvyABsZOfWl30xxORdOX7kbdWGl1lH9WOVY...

CVE-2018-25122 Nagios XI < 5.4.13 Component Download Page RCE

Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component Download page. The download/import handler used unsafe command construction with attacker-controlled input and lacked sufficient validation and output encoding, allowing an authenticated user to inje...

CVE-2025-25122

Path Traversal: '.../...//' vulnerability in hashshop WizShop wizshop allows Path Traversal.This issue affects WizShop: from n/a through = 3.0.2...

CVE-2025-25122 WordPress WizShop Plugin <= 3.0.2 - Local File Inclusion vulnerability

Path Traversal vulnerability in NotFound WizShop allows PHP Local File Inclusion. This issue affects WizShop: from n/a through 3.0.2...

CVE-2025-25122 WordPress WizShop Plugin <= 3.0.2 - Local File Inclusion vulnerability

Path Traversal: '.../...//' vulnerability in hashshop WizShop wizshop allows Path Traversal.This issue affects WizShop: from n/a through = 3.0.2...

CVE-2024-25122

sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, bu...

USN-6943-1: Tomcat vulnerabilities

It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code. This issue only affected tomcat8 for Ubuntu 18.04 LTS CVE-2020-9484 It was discovered that Tomcat...

Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS : Tomcat vulnerabilities (USN-6943-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6943-1 advisory. It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. ...

CVE-2024-25122 Cross-site Scripting sidekiq-unique-jobs UI server vulnerability

sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, bu...

CVE-2024-25122

CVE-2024-25122 affects sidekiq-unique-jobs (admin UI) with a Cross-Site Scripting vulnerability exploitable via crafted GET parameters to /changelogs, /locks, or /expiring_locks. Public reports (GHSA, OSV, Red Hat, NVD) describe a reflected XSS that could exfiltrate cookies, sessions, or localSto...

CVE-2024-25122

creationtimestamp| type| source ---|---|--- 2024-02-13 03:59:29+00:00| published-proof-of-concept| https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38 2024-02-13 20:22:21+00:00| seen| https://t.me/ctinow/184146...

Amazon Linux 2 : tomcat, --advisory ALAS2TOMCAT8.5-2023-009 (ALASTOMCAT8.5-2023-009)

The version of tomcat installed on the remote host is prior to 8.5.63-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT8.5-2023-009 advisory. A flaw was found in Apache Tomcat. When responding to new h2c connection requests, Apache Tomcat could duplicate...

CVE-2023-25122

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

CVE-2023-25122

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

CVE-2023-25122

CVE-2023-25122 affects Milesight UR32L v32.3.0.5 (vtysh_ubus) with multiple buffer-overflow flaws caused by unsafe sprintf usage that propagates data from JSON blobmsg parsing into vtysh_command_buffer. A high-privileged attacker can trigger via crafted HTTP requests to the UR32L device, potentia...

CVE-2023-25122

Multiple buffer overflow vulnerabilities exist in the vtyshubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these...

CLSA-2023-1687469807 Fix CVE(s): CVE-2021-41079, CVE-2021-25122

SECURITY UPDATE: Apache Tomcat h2c request mix-up - debian/patches/CVE-2021-25122.patch: Simplify the code and fix an edge case for BZ 64830 - CVE-2021-25122 SECURITY UPDATE: Denial of Service for NIO+OpenSSL or NIO2+OpenSSL TLS configurations - debian/patches/CVE-2021-41079.patch: Improve...