CVE-2019-25581

creationtimestamp| type| source ---|---|--- 2026-03-21 15:16:02+00:00| seen| https://www.incibe.es/incibe-cert/alerta-temprana/vulnerabilidades/cve-2019-25581 2026-03-21 16:34:01+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mhlhjasryz2e 2026-03-24 22:20:09+00:00| seen|...

@es-joy/jsoe (>=0.0.1 <=0.16.0) potentially affected by CVE-2026-25581 via sceditor (=3.2.0)

sceditor NPM version =3.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on sceditor and may be impacted: - @es-joy/jsoe =0.0.1, =0.16.0 Source cves: CVE-2026-25581 Source advisory: SNYK:JS-SCEDITOR-15248349...

CVE-2026-25581

creationtimestamp| type| source ---|---|--- 2026-02-06 02:23:54+00:00| published-proof-of-concept| https://github.com/samclarke/SCEditor/security/advisories/GHSA-25fq-6qgg-qpj8...

CVE-2020-25581

In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jailremove2 implementation, it may fail to kill some of the processes...

Fedora 41 : dnsdist (2024-73b41ae8e5)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-73b41ae8e5 advisory. Update to latest upstream Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested f...

Exploit for CVE-2023-25581

This Python script demonstrates the exploitation of the CVE-2023...

CVE-2023-25581

creationtimestamp| type| source ---|---|--- 2024-10-10 19:16:56+00:00| seen| https://t.me/cvedetector/7615 2024-10-21 15:07:33+00:00| seen| MISP/274f594a-8ba7-4c6e-bf6a-c52c14842867...

CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...

FreeBSD : dnsdist -- Transfer requests received over DoH can lead to a denial of service (f2d8342f-1134-11ef-8791-6805ca2fa271)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f2d8342f-1134-11ef-8791-6805ca2fa271 advisory. - When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to...

CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

DEBIAN-CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

CVE-2024-25581

creationtimestamp| type| source ---|---|--- 2024-05-13 20:27:54+00:00| seen| https://t.me/HackingInsights/388...

CVE-2024-25581 Transfer requests received over DoH can lead to a denial of service in DNSdist

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

CVE-2024-25581

DNSDIST vulnerability CVE-2024-25581: When DNS over HTTPS is enabled (nghttp2 provider) and queries are routed to a tcp-only or DoT backend, an attacker can trigger an assertion failure by requesting a zone transfer (AXFR/IXFR) over DoH, causing the process to crash and a DoS. DoH is not enabled ...

CVE-2024-25581

When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer AXFR or IXFR over DNS over HTTPS, causing the process to stop...

CVE-2022-25581

Classcms v2.5 and below contains an arbitrary file upload via the component \class\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file...

CVE-2022-25581

CVE-2022-25581 affects Classcms v2.5 and earlier. The issue is an arbitrary file upload via the class\classupload component, which can allow code execution through a crafted .txt file. The vulnerability is documented across multiple feeds (NVD/Red Hat/OSV etc.) with no publicly provided patch det...

CVE-2020-25581

CVE-2020-25581 describes a race condition in jail_remove(2) in FreeBSD that may fail to terminate all processes inside a jail. Affected: FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4, and 11.4-RELEASE before p8. Impact: potential to leave jailed processes ...