Lucene search
K

20 matches found

vulnersOsv
vulnersOsv
added 2026/02/17 12:31 p.m.8 views

org.apache.nifi:nifi-framework-nar (>=1.1.0 <=1.9.2), org.apache.nifi:nifi-jetty (>=1.1.0 <=1.9.2) +3 more potentially affected by CVE-2026-25903 via org.apache.nifi:nifi-web-api (>=1.1.0 <=2.7.2)

org.apache.nifi:nifi-web-api MAVEN version =1.1.0, =1.1.0, =1.1.0, =2.0.0, =1.20.0, =1.20.0, =2.7.2 Source cves: CVE-2026-25903 Source advisory: OSV:GHSA-C5W7-M8WF-XC77...

8.7CVSS7.4AI score0.0075EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/02/17 10:54 a.m.9 views

org.apache.nifi:nifi-framework-nar (>=1.1.0 <=1.9.2), org.apache.nifi:nifi-jetty (>=1.1.0 <=1.9.2) +3 more potentially affected by CVE-2026-25903 via org.apache.nifi:nifi-web-api (>=1.1.0 <=2.7.2)

org.apache.nifi:nifi-web-api MAVEN version =1.1.0, =1.1.0, =1.1.0, =2.0.0, =1.20.0, =1.20.0, =2.7.2 Source cves: CVE-2026-25903 Source advisory: SNYK:JAVA-ORGAPACHENIFI-15304459...

8.7CVSS7.4AI score0.0075EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/17 9:54 a.m.3 views

CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates

Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...

8.7CVSS5.6AI score0.0075EPSS
Exploits0References1
CVE
CVE
added 2026/02/17 9:54 a.m.37 views

CVE-2026-25903

Summary: CVE-2026-25903 affects Apache NiFi 1.1.0–2.7.2, where updating configuration properties on extension components with Restricted annotation permissions bypasses some authorization checks. This can allow a user with lower privileges to modify properties for components that require higher p...

8.7CVSS5.6AI score0.0075EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2026/02/17 5:13 a.m.8 views

CVE-2026-25903

creationtimestamp| type| source ---|---|--- 2026-02-17 05:13:37+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mezsl5ath324 2026-02-17 10:29:45+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3mf2eaghizk2z 2026-02-17 11:30:46+00:00| seen|...

8.7CVSS5AI score0.0075EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/02/16 12:0 a.m.8 views

PT-2026-8394

Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.1.0 through 2.7.2 Description Apache NiFi installations are affected by a missing authorization check when updating configuration properties on extension components with specific Required Permissions based on the...

8.7CVSS5.3AI score0.0075EPSS
Exploits0References20
Circl
Circl
added 2024/03/17 6:21 p.m.6 views

CVE-2024-25903

creationtimestamp| type| source ---|---|--- 2024-03-17 18:21:39+00:00| seen| https://t.me/ctinow/210008 2024-03-17 18:26:49+00:00| seen| https://t.me/ctinow/210015...

7.5CVSS8.7AI score0.00453EPSS
Exploits0References2
NVD
NVD
added 2024/03/17 5:15 p.m.20 views

CVE-2024-25903

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7...

7.5CVSS5.2AI score0.00453EPSS
Exploits0References1
CVE
CVE
added 2024/03/17 4:17 p.m.87 views

CVE-2024-25903

CVE-2024-25903 affects the WordPress Frontend File Manager plugin (Frontend File Manager). Public documentation indicates an information-disclosure vulnerability where unauthenticated actors can access user-uploaded files, with affected versions up to 22.7. The issue stems from exposure of sensit...

7.5CVSS8.5AI score0.00453EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/02/12 12:0 a.m.11 views

WordPress Frontend File Manager Plugin <= 22.7 is vulnerable to Sensitive Data Exposure

Software Frontend File Manager Type Plugin Vulnerable versions = 22.7 Fixed in 22.8 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-25903 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cda7ef951c90 Credits Joshua Chan Required privileg...

7.5CVSS6.5AI score0.00453EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2023/03/29 12:40 a.m.8 views

CVE-2023-25903

creationtimestamp| type| source ---|---|--- 2023-03-29 00:40:08+00:00| seen| https://t.me/cibsecurity/60944...

7.8CVSS7.5AI score0.00353EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/28 12:0 a.m.6 views

CVE-2023-25903 Adobe Dimension USDZ files Integer Overflow or Wraparound Arbitrary code execution

Adobe Dimension versions 3.4.7 and earlier is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.5AI score0.00353EPSS
Exploits0References1
CVE
CVE
added 2023/03/28 12:0 a.m.56 views

CVE-2023-25903

Summary: CVE-2023-25903 affects Adobe Dimension up to version 3.4.7. The issue is an Integer Overflow/Wraparound in USDZ handling that can lead to arbitrary code execution in the context of the current user when a malicious file is opened. Exploitation requires user interaction. Impact: arbitrary...

7.8CVSS7.8AI score0.00353EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/16 12:0 a.m.30 views

Adobe Dimension < 3.4.8 Multiple Vulnerabilities (APSB23-20) (macOS)

The version of Adobe Dimension installed on the remote macOS host is prior to 3.4.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-20 advisory. - Adobe Dimension versions 3.4.7 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could...

7.8CVSS7.5AI score0.00437EPSS
Exploits0References59
Circl
Circl
added 2022/08/24 12:22 p.m.4 views

CVE-2022-25903

creationtimestamp| type| source ---|---|--- 2022-08-24 12:22:21+00:00| seen| https://t.me/cibsecurity/48628...

7.5CVSS7.3AI score0.01114EPSS
Exploits0References1
CVE
CVE
added 2022/08/24 5:0 a.m.54 views

CVE-2022-25903

Summary of CVE-2022-25903 / OPC UA Rust crate : A DoS via unlimited nesting in ExtensionObjects and Variants, leading to a stack overflow even when message size is below the limit. Affected versions are 0.0.0 through 0.11.0. Remediation: upgrade to 0.11.0 or higher (as cited by Snyk/OPC UA mainta...

7.5CVSS7.6AI score0.01114EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2022/08/24 5:0 a.m.20 views

CVE-2022-25903 Denial of Service (DoS)

The package opcua from 0.0.0 are vulnerable to Denial of Service DoS via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed...

7.5CVSS7.8AI score0.01114EPSS
Exploits0References3
OSV
OSV
added 2021/01/26 6:16 p.m.4 views

CVE-2021-25903

An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced...

7.5CVSS7.1AI score0.01397EPSS
Exploits1References1
CVE
CVE
added 2021/01/22 9:2 a.m.52 views

CVE-2021-25903

The CVE-2021-25903 entry concerns the Rust cache crate, where a raw pointer is dereferenced. Multiple connected sources (RustSec advisory RUSTSEC-2021-0006, OSV/NVD listings, Red Hat/RH CVE pages, and related advisories) describe a null/dereferenced-pointer issue in versions through 2021-01-01, c...

7.5CVSS7.5AI score0.01397EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/01/22 9:2 a.m.26 views

CVE-2021-25903

An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced...

7.7AI score0.01397EPSS
Exploits1References1
Rows per page
Query Builder