CVE-2025-32952

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...

CVE-2025-42604

creationtimestamp| type| source ---|---|--- 2025-04-23 11:20:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13022 2025-04-23 13:15:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnibm3xc6y2j 2025-04-23 14:28:52+00:00| seen| https://t.me/cvedetector/23583...

CVE-2025-23249

creationtimestamp| type| source ---|---|--- 2025-04-22 19:09:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lngewdfpyi24 2025-04-22 20:54:52+00:00| seen| https://t.me/cvedetector/23535 2025-04-23 04:03:52+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13001 2025-04-23...

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32959 CUBA Vulnerable to Denial of Service (DoS) in the File Storage

CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run...

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

XSS in the /files Endpoint of the Generic REST API

Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...

CVE-2025-3805

creationtimestamp| type| source ---|---|--- 2025-04-19 16:43:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ln6lf273k62a 2025-04-19 17:02:27+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12588 2025-04-19 19:19:34+00:00| seen|...

CVE-2025-25983

creationtimestamp| type| source ---|---|--- 2025-04-18 20:33:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ln4hrg4wbm2g 2025-04-18 20:59:23+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12540 2025-04-18 23:16:06+00:00| seen|...

CVE-2025-3760

creationtimestamp| type| source ---|---|--- 2025-04-17 14:49:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmze2iqxhi2y 2025-04-17 17:09:31+00:00| seen| https://t.me/cvedetector/23228...

CVE-2025-22040

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbdsessionsderegister. The session can be freed before the connection is added to channel list of session. This...

python-lxml-doc-5.3.2-1.1 on GA media (moderate)

python-lxml-doc-5.3.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:14999-1 Rating: moderate Cross-References: CVE-2025-24928 CVSS scores: CVE-2025-24928 SUSE : 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L CVE-2025-24928 SUSE : 6.8...

OPENSUSE-SU-2025:14999-1 python-lxml-doc-5.3.2-1.1 on GA media

These are all security issues fixed in the python-lxml-doc-5.3.2-1.1 package on the GA media of openSUSE Tumbleweed...

Echo 安全漏洞

Echo is an open source community system with no separation of front and back end for Veal98 individual developers. A security vulnerability exists in Echo version 4.2, which stems from an improper authorization issue in the documentation...

CVE-2025-3114

creationtimestamp| type| source ---|---|--- 2025-04-09 17:47:52+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11127 2025-04-09 18:02:58+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114309318425843110 2025-04-09 20:57:10+00:00| seen|...

uberAgent is unable to read encrypted credentials stored in Windows Credential Store

Customer is attempting to store encrypted credentials in the Windows Credentials Store as described in the uberAgent documentation https://docs.citrix.com/en-us/uberagent/7-3-1/uxm-features-configuration/username-and-configuration-setting-encryption-2.html, but uberAgent is unable to read the...

CVE-2025-31332

creationtimestamp| type| source ---|---|--- 2025-04-08 07:46:15+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10858 2025-04-08 09:18:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmc5ect2ru2i 2025-04-08 11:28:59+00:00| seen| https://t.me/cvedetector/22414...

PT-2025-15375 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager version 7.1 Description: The issue is caused by a missing authorization check, allowing an authenticated attacker to upload a file as a template for solution documentation. This can lead to limited impact on the integrity...

Exploit for CVE-2024-44308

cve-2024-44308 Michael Goppert, Michael Jennings, and John...