Lucene search
K

1655 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/07/07 6:39 p.m.8 views

Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods.

Summary Security Bulletin: Maximo AI Service Component Component uses Spring Security Aspects may not correctly locate method security annotations on private methods.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-22233...

5.3CVSS7AI score0.00631EPSS
Exploits1Affected Software1
GithubExploit
GithubExploit
added 2025/07/06 9:15 p.m.167 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 - Sudo Privilege Escalation A privilege escala...

9.3CVSS10AI score0.47467EPSS
Exploits70
RedhatCVE
RedhatCVE
added 2025/07/04 6:1 a.m.4 views

CVE-2025-5372

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...

8.8CVSS6.2AI score0.00407EPSS
Exploits0References3
GithubExploit
GithubExploit
added 2025/06/26 9:24 a.m.529 views

Exploit for CVE-2025-1974

IngressNightmare: CVE-2025-1974 - Unauthenticated Remote Code...

9.8CVSS9.5AI score0.99098EPSS
Exploits21
OSV
OSV
added 2025/06/24 8:10 p.m.6 views

CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface

Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...

10CVSS7.7AI score0.00619EPSS
Exploits0References4
Elastic
Elastic
added 2025/06/24 5:1 p.m.10 views

Kibana 7.17.29, 8.17.8, 8.18.3, 9.0.3 Security Update (ESA-2025-10)

Kibana Open Redirect ESA-2025-10 URL redirection to an untrusted site 'Open Redirect' in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL. Affected Versions: Kibana versions up to and including 7.17.28, 8.0.0 up to and including...

5.4CVSS6.8AI score0.0039EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/06/24 1:50 p.m.7 views

CVE-2025-6032

A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack. Mitigation Download the VM image manually with another tool that verifies the TLS certificate and...

8.3CVSS7AI score0.00397EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/06/23 8:39 a.m.3 views

CVE-2025-23172

The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged ...

7.2CVSS8.6AI score0.00945EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/06/23 12:0 a.m.9 views

Amazon Linux 2023 : aws-kinesis-agent (ALAS2023-2025-1024)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1024 advisory. Jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in...

4CVSS7.6AI score0.00314EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/06/22 3:58 p.m.440 views

Exploit for PHP Remote File Inclusion in Wpplugins Hide_My_Wp_Ghost

CVE-2025-26909 Vulnerability Scanner A Python-based scanner a...

9.8CVSS9.6AI score0.0067EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/06/19 2:20 p.m.6 views

CVE-2025-31698

A flaw was found in trafficserver. Access control lists ACLs configured within ipallow.config or remap.config incorrectly utilize IP addresses, failing to account for those provided by the PROXY protocol. This can allow an attacker to bypass intended access restrictions by manipulating the source...

7.5CVSS7.3AI score0.00448EPSS
Exploits0References4
NVD
NVD
added 2025/06/19 12:15 a.m.15 views

CVE-2025-23170

The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to execu...

6.7CVSS0.00623EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/18 11:30 p.m.10 views

CVE-2025-23170

The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to execu...

6.7CVSS0.00623EPSS
Exploits0References5
OSV
OSV
added 2025/06/16 6:30 p.m.5 views

CVE-2025-6087 SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint

A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...

7.8CVSS7.2AI score0.00832EPSS
Exploits0References4
CVE
CVE
added 2025/06/16 6:30 p.m.86 views

CVE-2025-6087

CVE-2025-6087 affects @opennextjs/cloudflare (OpenNext Cloudflare adapter) and enables SSRF by proxying arbitrary remote content through the /_next/image endpoint due to an unimplemented feature. Affected deployments using the Cloudflare adapter for Open Next are at risk of loading remote resourc...

9.1CVSS7AI score0.00832EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2025/06/12 10:15 p.m.11 views

CVE-2025-41234

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

6.5CVSS0.00533EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/06/12 9:14 p.m.29 views

CVE-2025-41234 RFD Attack via “Content-Disposition” Header Sourced from Request

Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...

6.5CVSS0.00533EPSS
Exploits0References3
CVE
CVE
added 2025/06/12 9:14 p.m.238 views

CVE-2025-41234

CVE-2025-41234 : In Spring Framework, versions 6.0.x up to 6.0.28, 6.1.x up to 6.1.20, and 6.2.x up to 6.2.7 are vulnerable to a reflected file download (RFD) attack when a response header uses non-ASCII charset in the filename derived from user input via ContentDisposition.Builder#filename(Strin...

6.5CVSS6.7AI score0.00533EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2025/06/11 12:0 a.m.5 views

Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2025-1589)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.2AI score0.00315EPSS
Exploits0References2
OSV
OSV
added 2025/06/10 7:44 p.m.9 views

GHSA-GR67-PWCV-76GF GeoServer Infinite Loop Vulnerability in Jiffle process

Summary Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. Details The Jiffle language supports multiple loop constructs that will cause its code block...

7.5CVSS7.1AI score0.00432EPSS
Exploits0References5
Rows per page
Query Builder