CVE-2025-62713

Kottster is a self-hosted Node.js admin panel. A pre-authentication remote code execution (RCE) vulnerability exists in development mode for versions 3.2.0–before 3.3.2; production deployments are unaffected. The issue allows code execution via development-mode behaviors, and has been fixed in ve...

CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode

Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...

Access Control Bypass

Overview @kottster/server is an Instant admin panel for your project Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands by...

Access Control Bypass

Overview @kottster/cli is a CLI for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands by repeatedly triggering...

EUVD-2025-35701

Kottster app reinitialization can be re-triggered allowing command injection in development mode...

Access Control Bypass

Overview @kottster/common is a Common types and utilities for Kottster Affected versions of this package are vulnerable to Access Control Bypass via the initApp and installPackagesForDataSource actions. An attacker can gain unauthorized administrative access and execute arbitrary system commands ...

GHSA-J3W7-9QC3-G96P Kottster app reinitialization can be re-triggered allowing command injection in development mode

Impact Development mode only. Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. The vulnerability combines two issues: 1. The initApp action can be called repeatedly without checking if the app is already initialized, allowing attacke...

Kottster app reinitialization can be re-triggered allowing command injection in development mode

Impact Development mode only. Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. The vulnerability combines two issues: 1. The initApp action can be called repeatedly without checking if the app is already initialized, allowing attacke...

Kottster 访问控制错误漏洞

Kottster is an instant Node.js admin panel from kottster open source. It is secure, self-hosted and easy to set up. An access control error vulnerability exists in Kottster versions 3.2.0 through prior to 3.3.2, which stems from a pre-authenticated remote code execution vulnerability in developme...

RHEL 7 : java-1.8.0-openjdk (RHSA-2025:18814)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18814 advisory. The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security...

PT-2025-43531

Name of the Vulnerable Software and Affected Versions Kottster versions 3.2.0 through 3.3.1 Description Kottster is a self-hosted Node.js admin panel. Versions 3.2.0 through 3.3.1 contain a pre-authentication remote code execution RCE vulnerability when running in development mode. Production...

RHEL 10 / 8 / 9 : java-21-openjdk (RHSA-2025:18824)

The remote Redhat Enterprise Linux 10 / 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18824 advisory. The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security...

Moderate: Red Hat Security Advisory: OpenJDK 17.0.17 Security Update for Portable Linux Builds

An update is now available for OpenJDK. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the References...

Ask What Your Country Can Do for You: Towards a Public Red Teaming Model

AI systems have the potential to produce both benefits and harms, but without rigorous and ongoing adversarial evaluation, AI actors will struggle to assess the breadth and magnitude of the AI risk surface. Researchers from the field of systems design have developed several effective sociotechnic...

CVE-2025-61755

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi...

UBUNTU-CVE-2025-53066

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle...

EUVD-2025-35254

Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE component: Compiler. Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromi...

CVE-2025-53057

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracl...

Node.js Express DevMode Enabled

Node.js Express installed on the remote host is configured to operate in development mode devMode. While this environment can help speed up development of web applications, it can leak information about the underlying web applications as well as the installation of Express, Node.js. No source dat...