Exploit for CVE-2022-25765

CVE-2022-25765 — Command Injection in pdfkit Descripción...

CVE-2026-25765 affecting package rubygem-faraday for versions less than 2.7.10-2

CVE-2026-25765 affecting package rubygem-faraday for versions less than 2.7.10-2. A patched version of the package is available...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Orchestrator

Summary Multiple vulnerabilities were addressed in IBM Aspera Orchestrator 4.1.3 Vulnerability Details CVEID:CVE-2025-13213 DESCRIPTION: IBM Aspera Orchestrator is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to...

CVE-2026-25765 vulnerabilities

Vulnerabilities for packages: cinc-auditor, logstash, kube-logging-operator, kube-fluentd-operator...

CVE-2026-25765 vulnerabilities

Vulnerabilities for packages: logstash, kube-fluentd-operator, cinc-auditor, gitlab-cng, kube-logging-operator...

Photon OS 5.0: Rubygem PHSA-2026-5.0-0762

An update of the rubygem package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0762. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2026-25765

creationtimestamp| type| source ---|---|--- 2026-02-09 21:10:05+00:00| seen| https://gist.github.com/alon710/cacea6a42bc4c1130907055ca55331a4 2026-05-18 15:58:50+00:00| seen| https://t.me/poxek/6119...

CVE-2026-25765

CVE-2026-25765 affects Faraday (an HTTP client abstraction). The vulnerability arises in build_exclusive_url (lib/faraday/connection.rb) which uses URI#merge; protocol-relative URLs (e.g., //evil.com/…) override the base URL’s host, enabling potential SSRF if user-controlled input is passed to ge...

CVE-2024-25765

creationtimestamp| type| source ---|---|--- 2025-09-01 21:00:04+00:00| published-proof-of-concept| Telegram/nfGTp2xTn4QGBhVuPNna78NmZEMmW41bwCC35jvxvcYjBw...

CVE-2025-25765

creationtimestamp| type| source ---|---|--- 2025-02-21 18:18:48+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/4935 2025-02-21 19:46:36+00:00| seen| https://t.me/cvedetector/18666...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

CVE-2025-25765

MRCMS v3.1.2 was discovered to contain an arbitrary file write vulnerability via the component /file/save.do...

CVE-2025-25765

CVE-2025-25765 affects MRCMS v3.1.2, with a vulnerability in the /file/save.do component that permits arbitrary file write. Descriptions collected across multiple feeds consistently name the affected product and the vulnerable endpoint, indicating an impact on the ability to write files locally. ...

Fedora 37 : rubygem-pdfkit (2022-c0d55cd527)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-c0d55cd527 advisory. New version 0.8.7.2 is released. ---- New version 0.8.7.1 is released. ---- Update to 0.8.7. This new release fixes CVE-2022-25765. Tenable has extracted the...

pdfkit 0.8.7.2 Command Injection

!/usr/bin/env python3 Exploit Title: pdfkit v0.8.7.2 - Command Injection Date: 02/23/2023 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pdfkit.org/ Software Link: https://github.com/pdfkit/pdfkit Version: 0.0.0-0.8.7.2 Tested on: pdfkit 0.8.6 CVE: CVE-2022–25765 Source:...

pdfkit v0.8.7.2 - Command Injection

!/usr/bin/env python3 Exploit Title: pdfkit v0.8.7.2 - Command Injection Date: 02/23/2023 Exploit Author: UNICORD NicPWNs & Dev-Yeoj Vendor Homepage: https://pdfkit.org/ Software Link: https://github.com/pdfkit/pdfkit Version: 0.0.0-0.8.7.2 Tested on: pdfkit 0.8.6 CVE: CVE-2022–25765 Source:...

CVE-2023-25765

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

CVE-2023-25765

In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller J...

CVE-2023-25765

CVE-2023-25765 affects Jenkins Email Extension Plugin up to version 2.93, where templates defined in folders were not protected by Script Security, allowing an attacker to bypass the sandbox and execute arbitrary code in the Jenkins controller JVM. The CVSS 3.1 vector shows network access, low co...