Lucene search
K

7849 matches found

RedhatCVE
RedhatCVE
added 2025/10/17 5:39 p.m.2 views

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS6.3AI score0.00365EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/17 5:39 p.m.3 views

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

5.3CVSS6.8AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/17 4:55 p.m.4 views

CVE-2025-41253

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS6.8AI score0.00435EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/17 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2025-61907

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could...

7.1CVSS5.8AI score0.00365EPSS
Exploits0References3
AlpineLinux
AlpineLinux
added 2025/10/16 6:15 p.m.6 views

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS6.4AI score0.00365EPSS
Exploits0References2
NVD
NVD
added 2025/10/16 6:15 p.m.3 views

CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS0.00365EPSS
Exploits0References2
OSV
OSV
added 2025/10/16 6:15 p.m.3 views

DEBIAN-CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

6.5CVSS5.3AI score0.00365EPSS
Exploits0References1
OSV
OSV
added 2025/10/16 6:15 p.m.7 views

UBUNTU-CVE-2025-61907

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS5.8AI score0.00365EPSS
Exploits0References5
OSV
OSV
added 2025/10/16 5:15 p.m.7 views

DEBIAN-CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

6.5CVSS5.2AI score0.00331EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/16 5:11 p.m.3 views

CVE-2025-61907 Icinga 2 API users could access restricted values in filter expressions

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS5.9AI score0.00365EPSS
Exploits0References2
OSV
OSV
added 2025/10/16 5:11 p.m.3 views

CVE-2025-61907 Icinga 2 API users could access restricted values in filter expressions

Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information tha...

7.1CVSS6.4AI score0.00365EPSS
Exploits0References4
CVE
CVE
added 2025/10/16 5:11 p.m.27 views

CVE-2025-61907

CVE-2025-61907 affects Icinga 2. Versions 2.4–2.15.0 allow authenticated API users to exploit filter expressions on /v1/objects endpoints to access variables and objects that should be restricted by permissions. The root cause is improper exposure of hidden data through filter evaluation, enablin...

7.1CVSS5.9AI score0.00365EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/10/16 5:0 p.m.8 views

CVE-2025-61789 Icinga DB Web hidden/protected custom variables are prone to filter enumeration

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

5.3CVSS0.00331EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/16 5:0 p.m.1 views

CVE-2025-61789 Icinga DB Web hidden/protected custom variables are prone to filter enumeration

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

5.3CVSS6.4AI score0.00331EPSS
Exploits0References2
OSV
OSV
added 2025/10/16 5:0 p.m.7 views

CVE-2025-61789 Icinga DB Web hidden/protected custom variables are prone to filter enumeration

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

5.3CVSS6.9AI score0.00331EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/16 5:0 p.m.4 views

EUVD-2025-34795

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

5.3CVSS6.2AI score0.00331EPSS
Exploits0References2
CVE
CVE
added 2025/10/16 5:0 p.m.24 views

CVE-2025-61789

Icinga DB Web (before 1.1.4 and 1.2.3) allows an authorized user to use a custom variable in a filter that is protected or hidden to guess its values; versions 1.1.4 and 1.2.3 return an error when such a variable is used. Affected product: Icinga DB Web; root cause: filter-enumeration of hidden/p...

6.5CVSS6.4AI score0.00331EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/10/16 3:30 p.m.4 views

GHSA-FWXX-WV44-7QFG Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS5.9AI score0.00435EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/16 3:30 p.m.4 views

EUVD-2025-34761

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection...

7.5CVSS6.7AI score0.00435EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/10/16 3:30 p.m.10 views

Spring Cloud Gateway Server Webflux is vulnerable to Expression Language Injection

The following versions of Spring Cloud Gateway Server Webflux may be vulnerable to the ability to expose environment variables and system properties to attackers. An application should be considered vulnerable when all the following are true: The application is using Spring Cloud Gateway Server...

7.5CVSS6.8AI score0.00435EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder