Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the alteration of the JDBC connection configuration. An attacker can execute arbitrary code by modifying the JDBC settings if they gain system or project admin permissions. Remediation Upgrade...

RHSA-2025:2879

creationtimestamp| type| source ---|---|--- 2025-03-27 04:25:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9006 2025-03-27 04:25:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9007 2025-03-27 04:25:51+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9008 2025-03-27 04:25:52+00:00...

Grafana -- Authorization bypass in data source proxy API

Grafana Labs reports: This vulnerability, which was discovered while reviewing a pull request from an external contributor, effects Grafana’s data source proxy API and allows authorization checks to be bypassed by adding an extra slash character / in the URL path. Among Grafana-maintained data...

CVE-2025-1635

Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic...

CVE-2024-44228

creationtimestamp| type| source ---|---|--- 2025-03-13 17:45:03+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7448 2025-10-01 18:11:57+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6 2025-10-08 21:59:29+00:00| seen| MISP/af790da0-9e28-4cb7-bd4e-46ad005115c6...

CVE-2025-1635

Exposure of sensitive information in hub data source export feature in Devolutions Remote Desktop Manager 2024.3.29 and earlier on Windows allows a user exporting a hub data source to include his authenticated session in the export due to faulty business logic...

CVE-2025-22623

Ad Inserter - Ad Manager and AdSense Ads 2.8.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/includes/dst/dst.php...

CVE-2021-37787

creationtimestamp| type| source ---|---|--- 2025-03-08 04:00:07+00:00| published-proof-of-concept| Telegram/WK-d7rHew0RoUjunO6vRsF762k6XwiwPjLRMSoANXZ7zahs 2025-03-11 17:39:43+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/7183 2025-03-20 21:02:03+00:00| seen|...

CVE-2024-13835

creationtimestamp| type| source ---|---|--- 2025-03-08 02:35:24+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6913 2025-03-08 04:29:58+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ljtosilano2e 2025-03-08 04:37:51+00:00| seen|...

CVE-2025-2032

creationtimestamp| type| source ---|---|--- 2025-03-06 19:41:32+00:00| seen| https://t.me/cvedetector/19715 2025-08-18 13:31:23+00:00| seen| MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3 2025-08-19 02:47:43+00:00| seen| MISP/4937e86f-f5bd-4d09-8bda-88a7440077f3...

CVE-2025-1905

creationtimestamp| type| source ---|---|--- 2025-03-04 05:30:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6341 2025-03-04 08:18:31+00:00| seen| https://t.me/cvedetector/19470 2025-08-18 18:31:00+00:00| seen| MISP/fc16b923-3a13-4e9d-9aac-10a57cac12c7...

CVE-2025-1902

creationtimestamp| type| source ---|---|--- 2025-03-04 04:34:18+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6316 2025-03-04 06:01:30+00:00| published-proof-of-concept| Telegram/macVH0v7i2nzlHDG3843dn9M-u-r9AI0mgz7c0Lv52YB4Bs 2025-08-19 13:26:46+00:00| seen|...

CVE-2025-22624 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 - Reflected cross-site scripting (XSS)

FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry and Carousel 2.4.29 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/extensions/albums/admin/class-meta boxes.php...

CVE-2024-6261

creationtimestamp| type| source ---|---|--- 2025-02-27 06:24:54+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/5654 2025-02-27 08:42:04+00:00| seen| https://t.me/cvedetector/19019 2025-08-22 14:52:22+00:00| seen| MISP/24306fae-b16b-4478-9297-d2973cdb583c...

WordPress plugin FooGallery 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site...

CVE-2024-53573

creationtimestamp| type| source ---|---|--- 2025-02-26 22:24:30+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5632 2025-02-26 23:33:21+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lj4jzthcqz2c 2025-02-27 00:19:21+00:00| seen| https://t.me/cvedetector/18...

CVE-2024-22341

IBM Watson Query on Cloud Pak for Data 4.0.0 through 4.0.9, 4.5.0 through 4.5.3, 4.6.0 through 4.6.6, 4.7.0 through 4.7.4, and 4.8.0 through 4.8.7 could allow unauthorized data access from a remote data source object due to improper privilege management...

CVE-2024-37363

The CVE-2024-37363 entry concerns Hitachi Vantara Pentaho Business Analytics Server. Affected versions include before 10.2.0.0 and before 9.3.0.8, including 8.3.x. The root cause is an improper authorization check in the data source management service (CWE-862), allowing actors to access resource...

CVE-2023-50740

In Apache Linkis =1.4.0, The password is printed to the log when using the Oracle data source of the Linkis data source module. We recommend users upgrade the version of Linkis to version 1.5.0...

CVE-2023-29216

In Apache Linkis =1.3.1, because the parameters are not effectively filtered, the attacker uses the MySQL data source and malicious parameters to configure a new data source to trigger a deserialization vulnerability, eventually leading to remote code execution. Versions of Apache Linkis = 1.3.0...