Apache Tomcat Rewrite Rule Bypass Vulnerability (Apr 2025) - Linux

Apache Tomcat is prone to a rewrite rule bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; if...

CVE-2024-11917

The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. This is due to improper configurations in the 'jobsearchxingresponsedatacallback', 'setaccesstokes', and 'googlecallback' functions. This makes it possible for...

CVE-2025-43922

The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM...

CVE-2024-11917 JobSearch WP Job Board <= 2.9.2 - Authentication Bypass via Social Logins

The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. This is due to improper configurations in the 'jobsearchxingresponsedatacallback', 'setaccesstokes', and 'googlecallback' functions. This makes it possible for...

CVE-2024-11917 JobSearch WP Job Board <= 2.9.2 - Authentication Bypass via Social Logins

The JobSearch WP Job Board plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.9.2. This is due to improper configurations in the 'jobsearchxingresponsedatacallback', 'setaccesstokes', and 'googlecallback' functions. This makes it possible for...

LightDSA: a Python-Based Hybrid Digital Signature Library and Performance Analysis of RSA, DSA, ECDSA and EdDSA in Variable Configurations, Elliptic Curve Forms and Curves

Digital signature algorithms DSAs are fundamental to cryptographic security, ensuring data integrity and authentication. While RSA, DSA, ECDSA, and EdDSA are widely used, their performance varies significantly depending on key sizes, hash functions, and elliptic curve configurations. In this pape...

Quantum StorNext Web GUI API 信任管理问题漏洞

The Quantum StorNext Web GUI API is a high-performance file sharing and data management interface from Quantum. A security vulnerability exists in the Quantum StorNext Web GUI API prior to version 7.2.4, which stems from possible access to internal configurations and modification of software...

USN-7431-2 haproxy vulnerability

USN-7431-1 fixed a vulnerability in HAProxy. This update provides the corresponding update for Ubuntu 25.04. Original advisory details: Aleandro Prudenzano and Edoardo Geraci discovered that HAProxy incorrectly handled certain uncommon configurations that replace multiple short patterns with a...

CVE-2025-1731

An incorrect permission assignment vulnerability in the PostgreSQL commands of the Zyxel USG FLEX H series uOS firmware versions from V1.20 through V1.31 could allow an authenticated local attacker with low privileges to gain access to the Linux shell and escalate their privileges by crafting...

CVE-2025-43922

The FileWave Windows client before 16.0.0, in some non-default configurations, allows an unprivileged local user to escalate privileges to SYSTEM...

FileWave Windows client 安全漏洞

FileWave Windows client is an end-to-end management software client from FileWave Switzerland. A security vulnerability exists in FileWave Windows client versions prior to 16.0.0, which stems from certain non-default configurations that could cause a local user to elevate privileges to SYSTEM...

Dell Common Event Enabler Unauthorized Access Vulnerability

Dell Common Event Enabler is a framework from Dell USA. An unauthorized access vulnerability exists in Dell Common Event Enabler, which arises from the use of insecure default values when initializing resources, and can be exploited by an attacker to cause unauthorized access...

PT-2025-32193

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions prior to the April 2025 Hot Fix Description A high-severity vulnerability CVE-2025-53786 exists in Microsoft Exchange Server hybrid deployments. This vulnerability allows attackers with administrative access ...

Growatt Cloud Applications 安全漏洞

Growatt Cloud Applications is a monitoring platform from Growatt in China. A security bypass vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by unauthenticated attackers to send configuration settings and potentially perform physical...

FreeBSD : jenkins -- multiple vulnerabilities (45276ea6-1653-4240-9986-ccfc6fec7ece)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 45276ea6-1653-4240-9986-ccfc6fec7ece advisory. Jenkins Security Advisory: Missing permission check allows retrieving agent configurations...

CVE-2025-23008

An improper privilege management vulnerability in the SonicWall NetExtender Windows 32 and 64 bit client allows a low privileged attacker to modify configurations...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere due to improper handling of database unavailability. An attacker can access sensitive filter configurations by exploiting the fallback mechanisms when the centra...

USN-7431-1 haproxy vulnerability

Aleandro Prudenzano and Edoardo Geraci discovered that HAProxy incorrectly handled certain uncommon configurations that replace multiple short patterns with a longer one. A remote attacker could use this issue to cause HAProxy to crash, resulting in a denial of service, or possibly execute...

PT-2025-23104

Name of the Vulnerable Software and Affected Versions Kea versions 2.4.0 through 2.4.1 Kea versions 2.6.0 through 2.6.2 Kea versions 2.7.0 through 2.7.8 Description Kea configuration and API directives can be used to load a malicious hook library. Many common configurations run Kea as root, leave...

CVE-2025-32373 DNN allows a registered user to enumerate and access files they should not have access to

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8...