Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

25 matches found

GitLab Advisory Database
GitLab Advisory Databaseadded 2026/03/25 12:0 a.m.3 views

Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

The v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the SSRF protection introduced by the fix for CVE-2025-25194 GHSA-7723-35v7-qcxw, and reac...

6.5CVSS5.9AI score0.00023EPSS
Exploits2References6Affected Software1
Circl
Circladded 2026/03/06 2:51 p.m.2 views

CVE-2018-25194

creationtimestamp| type| source ---|---|--- 2026-03-06 14:51:31+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mgfks6m2qf2u...

8.8CVSS5.8AI score0.00254EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.3 views

EUVD-2025-25194

Malicious code in bioql PyPI...

6.1CVSS4.8AI score0.00041EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2025/02/10 10:14 p.m.3 views

CVE-2025-25194 Server-Side Request Forgery (SSRF) in activitypub_federation

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. This vulnerability, which is present in versions 0.6.2 and prior of activitypubfederation and versions 0.19...

4CVSS4.5AI score0.00054EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/02/10 10:14 p.m.10 views

CVE-2025-25194 Server-Side Request Forgery (SSRF) in activitypub_federation

Lemmy, a link aggregator and forum for the fediverse, is vulnerable to server-side request forgery via a dependency on activitypubfederation, a framework for ActivityPub federation in Rust. This vulnerability, which is present in versions 0.6.2 and prior of activitypubfederation and versions 0.19...

4CVSS0.00054EPSS
Exploits0References1
CVE
CVEadded 2025/02/10 10:14 p.m.48 views

CVE-2025-25194

CVE-2025-25194 describes a Server-Side Request Forgery (SSRF) in Lemmy linked to the activitypub_federation Rust library. The vulnerability allows an attacker to craft a Webfinger-based request that may bypass hardcoded URL/path restrictions and trigger an arbitrary GET to any Host, Port, and URL...

4CVSS4.4AI score0.00054EPSS
Exploits0References1
Circl
Circladded 2025/02/10 6:41 p.m.8 views

CVE-2025-25194

creationtimestamp| type| source ---|---|--- 2025-02-10 18:41:43+00:00| published-proof-of-concept| https://github.com/LemmyNet/lemmy/security/advisories/GHSA-7723-35v7-qcxw 2025-02-10 23:15:40+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhublkatf42q 2025-02-11...

4CVSS5.7AI score0.00054EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletinsadded 2025/02/07 10:50 a.m.22 views

Security Bulletin: Vulnerabilities in Apache Kafke affect watsonx.data

Summary Apache Kafka is vulnerable to denial of service attacks and to arbitrary code executed on the system attacks. This could affect watsonx.data. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By...

8.8CVSS7.7AI score0.94055EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2024/02/01 1:36 p.m.31 views

Security Bulletin: There is a vulnerability in kafka-clients-2.8.2.jar used by IBM Maximo Asset Management application (CVE-2023-25194)

Summary There is a vulnerability in kafka-clients-2.8.2.jar used by IBM Maximo Asset Management application. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserializatio...

8.8CVSS8.8AI score0.94055EPSS
Exploits7Affected Software1
GithubExploit
GithubExploitadded 2023/12/28 4:24 a.m.422 views

Exploit for Deserialization of Untrusted Data in Apache Kafka_Connect

This tool is intended for security testing purposes only. Do not...

8.8CVSS8.4AI score0.94055EPSS
Exploits7
IBM Security Bulletins
IBM Security Bulletinsadded 2023/07/24 7:46 p.m.72 views

Security Bulletin: Apache Kafka is vulnerable to CVE-2022-34917 and CVE-2023-25194 used in IBM Maximo Application Suite - Monitor Component

Summary IBM Maximo Application Suite - Monitor Component uses Apache Kafka which is vulnerable to CVE-2022-34917 and CVE-2023-25194. Vulnerability Details CVEID:CVE-2022-34917 DESCRIPTION: Apache Kafka is vulnerable to a denial of service, caused by improper input validation. By sending a...

8.8CVSS8.6AI score0.94055EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2023/05/17 9:22 p.m.61 views

Security Bulletin: IBM InfoSphere Information Server is affected but not classified as vulnerable to a code execution vulnerability in Apache Kafka (CVE-2023-25194)

Summary A code execution vulnerability in Apache Kafka used byIBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe...

8.8CVSS8.9AI score0.94055EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2023/04/04 8:57 a.m.34 views

Security Bulletin: IBM Event Streams is affected by a vulnerability in Apache Kafka (CVE-2023-25194)

Summary This security vulnerability affects Apache Kafka that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization when configurin...

8.8CVSS8.9AI score0.94055EPSS
Exploits7Affected Software1
IBM Security Bulletins
IBM Security Bulletinsadded 2023/03/31 1:48 p.m.59 views

Security Bulletin: Vulnerability in Apache Kafka may affect IBM Business Automation Workflow - CVE-2023-25194

Summary IBM Business Automation Workflow packages a copy Apache Kafka client library. A security vulnerability has been reported for the same version of Apache Kafka. Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could allow a remote authenticated attacker to execute...

8.8CVSS8.9AI score0.94055EPSS
Exploits7Affected Software2
IBM Security Bulletins
IBM Security Bulletinsadded 2023/03/29 3:5 a.m.39 views

Security Bulletin: IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library is affected by vulnerability in Apache Kafka (CVE-2023-25194)

Summary Apache Kafka is used by IBM Tivoli Netcool/OMNIbus Transport Module Common Integration Library as part of the Kafka integration. The latest patch includes Apache Kafka 3.4.0 to fix the vulnerability. CVE-2023-25194 Vulnerability Details CVEID:CVE-2023-25194 DESCRIPTION: Apache Kafka could...

8.8CVSS8.9AI score0.94055EPSS
Exploits7Affected Software3
IBM Security Bulletins
IBM Security Bulletinsadded 2023/03/09 2:8 p.m.33 views

Security Bulletin: z/Transaction Processing Facility is affected by vulnerabilities in the Apache Kafka (kafka-clients) and cryptography packages

Summary The Apache Kafka and cryptography packages are used by the z/TPF system in runtime metrics collection and the z/TPF real-time insights dashboard starter kit. The z/TPF system was updated to address the vulnerabilities in these packages described by CVE-2023-25194 and CVE-2023-23931...

8.8CVSS8.1AI score0.94055EPSS
Exploits8Affected Software1
Circl
Circladded 2023/02/14 6:59 a.m.7 views

CVE-2023-25194

creationtimestamp| type| source ---|---|--- 2023-02-14 06:59:01+00:00| published-proof-of-concept| Telegram/UgjyfN33Nakq6MmMsTBw0rSSkp77M7XZKGq62f2fQ8miTg 2023-02-14 19:43:14+00:00| published-proof-of-concept| https://t.me/malwar3s/32 2023-02-20 06:51:35+00:00| seen| https://t.me/cKure/10688...

8.8CVSS6.3AI score0.94055EPSS
Exploits7References17
CNVD
CNVDadded 2022/02/25 12:0 a.m.16 views

Radare2 Resource Management Error Vulnerability (CNVD-2022-25194)

radare2 is a set of libraries and tools for working with binary files. A resource management error vulnerability exists in radare2, which can be exploited by an attacker to trigger a denial of service via a MIPS ELF64 binary by triggering an overload of Radare2...

7.5CVSS6.5AI score0.00436EPSS
Exploits1References1
NVD
NVDadded 2022/02/15 5:15 p.m.16 views

CVE-2022-25194

A cross-site request forgery CSRF vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials...

8.8CVSS0.00055EPSS
Exploits0References1
Cvelist
Cvelistadded 2022/02/15 4:11 p.m.11 views

CVE-2022-25194

A cross-site request forgery CSRF vulnerability in Jenkins autonomiq Plugin 1.15 and earlier allows attackers to connect to an attacker-specified URL server using attacker-specified credentials...

8.9AI score0.00055EPSS
Exploits0References1
Rows per page
Query Builder