20 matches found
org.apache.nifi:nifi-framework-nar (>=1.1.0 <=1.9.2), org.apache.nifi:nifi-jetty (>=1.1.0 <=1.9.2) +3 more potentially affected by CVE-2026-25903 via org.apache.nifi:nifi-web-api (>=1.1.0 <=2.7.2)
org.apache.nifi:nifi-web-api MAVEN version =1.1.0, =1.1.0, =1.1.0, =2.0.0, =1.20.0, =1.20.0, =2.7.2 Source cves: CVE-2026-25903 Source advisory: OSV:GHSA-C5W7-M8WF-XC77...
org.apache.nifi:nifi-framework-nar (>=1.1.0 <=1.9.2), org.apache.nifi:nifi-jetty (>=1.1.0 <=1.9.2) +3 more potentially affected by CVE-2026-25903 via org.apache.nifi:nifi-web-api (>=1.1.0 <=2.7.2)
org.apache.nifi:nifi-web-api MAVEN version =1.1.0, =1.1.0, =1.1.0, =2.0.0, =1.20.0, =1.20.0, =2.7.2 Source cves: CVE-2026-25903 Source advisory: SNYK:JAVA-ORGAPACHENIFI-15304459...
CVE-2026-25903 Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates
Apache NiFi 1.1.0 through 2.7.2 are missing authorization when updating configuration properties on extension components that have specific Required Permissions based on the Restricted annotation. The Restricted annotation indicates additional privileges required to add the annotated component to...
CVE-2026-25903
Summary: CVE-2026-25903 affects Apache NiFi 1.1.0–2.7.2, where updating configuration properties on extension components with Restricted annotation permissions bypasses some authorization checks. This can allow a user with lower privileges to modify properties for components that require higher p...
CVE-2026-25903
creationtimestamp| type| source ---|---|--- 2026-02-17 05:13:37+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mezsl5ath324 2026-02-17 10:29:45+00:00| seen| https://bsky.app/profile/blackhatnews.tokyo/post/3mf2eaghizk2z 2026-02-17 11:30:46+00:00| seen|...
PT-2026-8394
Name of the Vulnerable Software and Affected Versions Apache NiFi versions 1.1.0 through 2.7.2 Description Apache NiFi installations are affected by a missing authorization check when updating configuration properties on extension components with specific Required Permissions based on the...
CVE-2024-25903
creationtimestamp| type| source ---|---|--- 2024-03-17 18:21:39+00:00| seen| https://t.me/ctinow/210008 2024-03-17 18:26:49+00:00| seen| https://t.me/ctinow/210015...
CVE-2024-25903
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7...
CVE-2024-25903
CVE-2024-25903 affects the WordPress Frontend File Manager plugin (Frontend File Manager). Public documentation indicates an information-disclosure vulnerability where unauthenticated actors can access user-uploaded files, with affected versions up to 22.7. The issue stems from exposure of sensit...
WordPress Frontend File Manager Plugin <= 22.7 is vulnerable to Sensitive Data Exposure
Software Frontend File Manager Type Plugin Vulnerable versions = 22.7 Fixed in 22.8 OWASP Top 10 A4: Insecure Design Classification Sensitive Data Exposure CVE CVE-2024-25903 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID cda7ef951c90 Credits Joshua Chan Required privileg...
CVE-2023-25903
creationtimestamp| type| source ---|---|--- 2023-03-29 00:40:08+00:00| seen| https://t.me/cibsecurity/60944...
CVE-2023-25903 Adobe Dimension USDZ files Integer Overflow or Wraparound Arbitrary code execution
Adobe Dimension versions 3.4.7 and earlier is affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2023-25903
Summary: CVE-2023-25903 affects Adobe Dimension up to version 3.4.7. The issue is an Integer Overflow/Wraparound in USDZ handling that can lead to arbitrary code execution in the context of the current user when a malicious file is opened. Exploitation requires user interaction. Impact: arbitrary...
Adobe Dimension < 3.4.8 Multiple Vulnerabilities (APSB23-20) (macOS)
The version of Adobe Dimension installed on the remote macOS host is prior to 3.4.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-20 advisory. - Adobe Dimension versions 3.4.7 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could...
CVE-2022-25903
creationtimestamp| type| source ---|---|--- 2022-08-24 12:22:21+00:00| seen| https://t.me/cibsecurity/48628...
CVE-2022-25903
Summary of CVE-2022-25903 / OPC UA Rust crate : A DoS via unlimited nesting in ExtensionObjects and Variants, leading to a stack overflow even when message size is below the limit. Affected versions are 0.0.0 through 0.11.0. Remediation: upgrade to 0.11.0 or higher (as cited by Snyk/OPC UA mainta...
CVE-2022-25903 Denial of Service (DoS)
The package opcua from 0.0.0 are vulnerable to Denial of Service DoS via the ExtensionObjects and Variants objects, when it allows unlimited nesting levels, which could result in a stack overflow even if the message size is less than the maximum allowed...
CVE-2021-25903
An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced...
CVE-2021-25903
The CVE-2021-25903 entry concerns the Rust cache crate, where a raw pointer is dereferenced. Multiple connected sources (RustSec advisory RUSTSEC-2021-0006, OSV/NVD listings, Red Hat/RH CVE pages, and related advisories) describe a null/dereferenced-pointer issue in versions through 2021-01-01, c...
CVE-2021-25903
An issue was discovered in the cache crate through 2021-01-01 for Rust. A raw pointer is dereferenced...