19144 matches found
CVE-2025-14701 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...
EUVD-2025-203860
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...
CVE-2025-14701
CVE-2025-14701 affects Crafty Controller’s Server MOTD component. The issue is improper input neutralization that enables a remote, unauthenticated attacker to perform stored XSS by modifying the server MOTD. CVSS v3.1 base score 7.1 (HIGH) with network attack vector, no privileges required, user...
CVE-2025-14701 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafty Controller
An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...
PT-2025-51794
Name of the Vulnerable Software and Affected Versions Crafty Controller version 4.6.1 Description An input neutralization issue exists within the Webhook Template component of Crafty Controller. This allows a remote, authenticated attacker to execute code on the system through Server Side Templat...
PT-2025-51952
Name of the Vulnerable Software and Affected Versions UliCMS version 2023.1 Description An authentication bypass allows unauthenticated attackers to create administrative users. This is possible through mass assignment in the UserController by sending a crafted POST request to the ''index.php''...
PT-2025-51795
Name of the Vulnerable Software and Affected Versions Crafty Controller affected versions not specified Description A flaw exists in the Server MOTD component of Crafty Controller that allows a remote, unauthenticated attacker to inject malicious code through modification of the server MOTD. This...
PT-2025-51836
Name of the Vulnerable Software and Affected Versions NGINX Ingress Controller affected versions not specified Description A security issue exists in the NGINX Ingress Controller's nginx.org/rewrite-target annotation validation. The issue concerns validation of the annotation. Software versions...
PT-2025-51961
Name of the Vulnerable Software and Affected Versions UliCMS version 2023.1 Description An unauthenticated attacker can create administrative accounts through the UserController endpoint. By sending a crafted POST request to the /dist/admin/index.php endpoint with specific parameters, an attacker...
Crafty Controller 跨站脚本漏洞
Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A cross-site scripting vulnerability exists in Crafty Controller that stems from improper neutralization of inputs to the Server MOTD component, which could lead to a stored cross-site scripting attack by modifying the...
F5 NGINX Ingress Controller 路径遍历漏洞
F5 NGINX Ingress Controller is a traffic management solution from F5 USA for cloud-native applications in Kubernetes and containerized environments. A path traversal vulnerability exists in F5 NGINX Ingress Controller, which stems from improper validation of the nginx.org/rewrite-target annotatio...
Crafty Controller 安全漏洞
Crafty Controller is a Minecraft server control panel/launcher for Arcadia. A security vulnerability exists in Crafty Controller that stems from improper input neutralization of the Webhook Template component, which could lead to remote code execution via server-side template injection...
RHEL 9 : kernel (RHSA-2025:23426)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23426 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: scsi: qla2xxx: Wait for io...
The Fake Domain Controller You Didn’t See Coming: Detecting DCShadow Attacks Using Trellix NDR
The Fake Domain Controller You Didn’t See Coming: Detecting DCShadow Attacks Using Trellix NDR By Maulik Maheta and Chao Sun · December 17, 2025 Executive summary DCShadow is a covert post-exploitation technique that enables an attacker to impersonate a domain controller and make unauthorized,...
CVE-2025-14722
A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...
GO-2025-4240 Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes
Half-blind Server Side Request Forgery in kube-controller-manager through in-tree Portworx StorageClass in k8s.io/kubernetes...
CVE-2025-68287
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3removerequests call paths This patch addresses a race condition caused by unsynchronized execution of multiple call paths invoking dwc3removerequests, leading to premature...
EUVD-2025-203749
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...
EUVD-2025-203720
In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdnspcie::ops before using it cdnspcie::ops might not be populated by all the Cadence glue drivers. This is going to be true for the upcoming Sophgo platform which doesn't set the ops...
CVE-2025-68265
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...