4 matches found
CVE-2025-30064 Possibility to generate a session for any user via the "ex:action" parameter after obtaining access to the JWT key
An insufficiently secured internal function allows session generation for arbitrary users. The decodeParam function checks the JWT but does not verify which signing algorithm was used. As a result, an attacker can use the "ex:action" parameter in the VerifyUserByThrustedService function to genera...
The vulnerability of the Ceph storage system driver (net/ceph/messenger_v2.c) in Linux operating systems allows a hacker to execute arbitrary code or cause service interruptions.
The vulnerability in the Ceph storage system driver net/ceph/messengerv2.c of Linux operating systems arises from the operation of pushing data out of the buffer into memory when processing segment length with the parameter cephdecode32. Exploiting this vulnerability allows a remote attacker to...
Glazed Lists 代码问题漏洞
Glazed Lists is Glazed Lists open source an open source list conversion for Java. A security vulnerability exists in Glazed Lists v1.11.0. An attacker exploiting this vulnerability can execute arbitrary code via the BeanXMLByteCoder.decode parameter...
MS Windows Metafile (WMF) Remote File Download Exploit Generator
Exploit for unknown platform in category remote exploits ================================================================ MS Windows Metafile WMF Remote File Download Exploit Generator ================================================================ / \ / WMF nDay download Exploit Generator \ by...