iTerm2 < 3.6.10 / < 3.7.0beta1 Arbitrary Code Execution (CVE-2026-41253)

The version of iTerm2 installed on the remote host is prior to 3.6.10, or prior to 3.7.0beta1. It is, therefore, affected by an arbitrary code execution vulnerability: - Displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious...

CVE-2026-41253

creationtimestamp| type| source ---|---|--- 2026-04-18 08:28:07+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjqzg6uaxw2k...

CVE-2026-41253

In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...

Security Bulletin: Security vulnerabilities have been found in IBM Library Support for Spring 2.7.29 and 3.2.17 (CVE-2025-41253, CVE-2025-41254)

Summary IBM Library Support for Spring has addressed these vulnerabilities with an update Vulnerability Details CVEID:CVE-2025-41254 DESCRIPTION: STOMP over WebSocket applications may be vulnerable to a security bypass that allows an attacker to send unauthorized messages. Affected Spring Product...

CVE-2025-41253

creationtimestamp| type| source ---|---|--- 2025-10-17 05:23:41+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3m3ejrvy2cn27 2025-10-21 03:36:37+00:00| seen| https://bsky.app/profile/getpokemon7.bsky.social/post/3m3ofo2fqmc27 2025-11-10 21:36:06+00:00| seen|...

ch.nexsol-tech.gateway:sample-gateway (>=1.2.0 <=1.3.1), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=1.2.0 <=1.3.1) +37 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.3.0 <=4.3.1)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.3.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =3.0.0, =1.8.9, =0.12.1, =0.12.1, =0.12.10, =3.10.0, =3.11.0 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...

ch.nexsol-tech.gateway:sample-gateway (>=0.0.1 <=1.1.0), ch.nexsol-tech.gateway:spring-cloud-gateway-database (>=0.0.1 <=1.1.0) +45 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.2.0 <=4.2.5)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =15.13-RELEASE, =2.0.0, =1.0.0, =0.11.1, =0.11.1, =1.6.0, =3.4.5, =3.4.6 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...

cc.cc4414:cc-spring-cloud-starter-gateway (=0.8.0), cn.acyou:leo-gateway (>=1.0.0.RELEASE <=1.1.1.RELEASE) +99 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=2.2.10.RELEASE <=3.1.10)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =2.2.10.RELEASE, =1.0.0.RELEASE, =1.1.0, =8.1.0.286, =8.1.0.286, =2.0.1, =1.1.93, =1.1.121 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +87 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.1.9)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =0.2.0, =1.0.0, =1.0.0, =2023.4.1.0, =1.0.5, =1.0.4, =15.0-RELEASE, =1.0.0, =0.1.0, =4.0.5, =0.9.0, =0.9.0, =0.11.0 and more Source cves: CVE-2025-41253 Source advisory: OSV:GHSA-FWXX-WV44-7QFG...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +107 more potentially affected by CVE-2025-41253 via org.springframework.cloud:spring-cloud-gateway-server (>=4.0.0 <=4.2.5)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.0.0, =0.2.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =2023.4.1.0, =1.0.5, =1.0.4, =1.0.11 - cn.openjava:openjava-spring-cloud-gateway-starter =jdk17-0.0.1 - cn.warpin.maven-central:common-gateway-security =0.0....

CVE-2024-41253

goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component...

CVE-2024-41253

creationtimestamp| type| source ---|---|--- 2024-08-01 00:21:58+00:00| seen| https://t.me/cvedetector/2177...

CVE-2024-41253

goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component...

CVE-2023-41253

creationtimestamp| type| source ---|---|--- 2023-10-10 16:16:49+00:00| seen| https://t.me/cibsecurity/71926...

CVE-2023-41253

When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-41253

CVE-2023-41253 affects BIG-IP DNS and BIG-IP LTM when DNS Services license is enabled. A TSIG key created on these systems is logged in plaintext in the audit log due to a disclosure in the control plane. The vulnerability can allow an authenticated user with auditor privileges to view the TSIG k...

K98334513: BIG-IP DNS TSIG key vulnerability CVE-2023-41253

Security Advisory Description When a BIG-IP DNS or BIG-IP LTM system is enabled with the DNS Services license, and a TSIG key is created, the key is logged in plaintext in the audit log. CVE-2023-41253 Impact An authenticated attacker with at least auditor role privileges can view the TSIG key in...

FreeBSD : zydis -- heap buffer overflow (d487d4fc-43a8-11ed-8b01-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the d487d4fc-43a8-11ed-8b01-b42e991fc52e advisory. - Zydis is an x86/x86-64 disassembler library. Users of Zydis versions v3.2.0 and older that use the...

CVE-2022-41253

creationtimestamp| type| source ---|---|--- 2022-09-21 20:41:10+00:00| seen| https://t.me/cibsecurity/50200...

CVE-2022-41253

A cross-site request forgery CSRF vulnerability in Jenkins CONS3RT Plugin 1.0.0 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...