CVE-2025-14088

CVE-2025-14088 affects ketr JEPaaS up to version 7.2.8. The vulnerability targets an unknown functionality at the file path /je/load, where manipulation of the Authorization argument leads to improper authorization. It is exploitable remotely and has publicly disclosed exploit material. Multiple ...

CVE-2025-14088 ketr JEPaaS load improper authorization

A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been public...

CVE-2025-14088 ketr JEPaaS load improper authorization

A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been public...

PT-2025-49246

A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been public...

CVE-2025-61729 vulnerabilities

Vulnerabilities for packages: gostatsd, helm-set-status, smarter-device-manager, knative-operator, kubernetes-csi-external-snapshotter, kbld, prometheus-adapter, secrets-store-csi-driver-provider-aws, spire-controller-manager, pgpool2exporter, nova, boring-registry, ingress-nginx-controller,...

CVE-2025-66453 Rhino vulnerable high CPU usage and potential DoS when passing specific numbers to toFixed() function

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

EUVD-2025-201013

Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small...

Denial Of Service (DoS)

org.keycloak, keycloak-quarkus-dist is vulnerable to a Denial of Service DoS. The vulnerability is due to the default JDK setting that permits client-initiated TLS 1.2 renegotiation, which allows an attacker to repeatedly trigger renegotiation requests to exhaust server CPU resources...

CVE-2025-66448

vLLM (prior to 0.11.1) contains a remote code execution vulnerability in Nemotron_Nano_VL_Config where, during model loading, an auto_map entry can cause get_class_from_dynamic_module to fetch and execute code from a remote repository, bypassing trust_remote_code checks. This can enable an attack...

CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

DEBIAN-CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

UBUNTU-CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

Important: Red Hat Security Advisory: haproxy security update

An update for haproxy is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

CVE-2025-49643

An authenticated Zabbix user including Guest is able to cause disproportionate CPU load on the webserver by sending specially crafted parameters to /imgstore.php, leading to potential denial of service...

PT-2025-48444

Name of the Vulnerable Software and Affected Versions Zabbix affected versions not specified Description An authenticated Zabbix user, including a Guest user, can cause a disproportionate CPU load on the webserver. This is achieved by sending specially crafted parameters to the /imgstore.php API...

Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent Hunyuan3D-1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

ASB-A-442540376

In pkvmloadtracing of trace.c, there is a possible out-of-bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

EUVD-2025-199877

Netskope was notified about a potential gap in its agent NS Client on Windows systems. If this gap is successfully exploited, a local, authenticated user with Administrator privileges can improperly load the driver as a generic kernel service. This triggers the flaw, causing a system crash...