1655 matches found
Security Bulletin: Maximo AI Service Component: Spring Security Aspects may not correctly locate method security annotations on private methods.
Summary Security Bulletin: Maximo AI Service Component Component uses Spring Security Aspects may not correctly locate method security annotations on private methods.This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-22233...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
CVE-2025-32463 - Sudo Privilege Escalation A privilege escala...
CVE-2025-5372
A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the sshkdf function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenl...
Exploit for CVE-2025-1974
IngressNightmare: CVE-2025-1974 - Unauthenticated Remote Code...
CVE-2025-52572 Hikka vulnerable to RCE through dangling web interface
Hikka, a Telegram userbot, has vulnerability affects all users on all versions of Hikka. Two scenarios are possible. 1. Web interface does not have an authenticated session: attacker can use his own Telegram account to gain RCE to the server by authorizing in the dangling web interface. 2. Web...
Kibana 7.17.29, 8.17.8, 8.18.3, 9.0.3 Security Update (ESA-2025-10)
Kibana Open Redirect ESA-2025-10 URL redirection to an untrusted site 'Open Redirect' in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL. Affected Versions: Kibana versions up to and including 7.17.28, 8.0.0 up to and including...
CVE-2025-6032
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack. Mitigation Download the VM image manually with another tool that verifies the TLS certificate and...
CVE-2025-23172
The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged ...
Amazon Linux 2023 : aws-kinesis-agent (ALAS2023-2025-1024)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1024 advisory. Jackson-core contains core low-level incremental streaming parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in...
Exploit for PHP Remote File Inclusion in Wpplugins Hide_My_Wp_Ghost
CVE-2025-26909 Vulnerability Scanner A Python-based scanner a...
CVE-2025-31698
A flaw was found in trafficserver. Access control lists ACLs configured within ipallow.config or remap.config incorrectly utilize IP addresses, failing to account for those provided by the PROXY protocol. This can allow an attacker to bypass intended access restrictions by manipulating the source...
CVE-2025-23170
The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to execu...
CVE-2025-23170
The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to execu...
CVE-2025-6087 SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint
A Server-Side Request Forgery SSRF vulnerability was identified in the @opennextjs/cloudflare package. The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed unauthenticated users to proxy arbitrary remote content via the /next/image endpoint...
CVE-2025-6087
CVE-2025-6087 affects @opennextjs/cloudflare (OpenNext Cloudflare adapter) and enables SSRF by proxying arbitrary remote content through the /_next/image endpoint due to an unimplemented feature. Affected deployments using the Cloudflare adapter for Open Next are at risk of loading remote resourc...
CVE-2025-41234
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...
CVE-2025-41234 RFD Attack via “Content-Disposition” Header Sourced from Request
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download RFD attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input...
CVE-2025-41234
CVE-2025-41234 : In Spring Framework, versions 6.0.x up to 6.0.28, 6.1.x up to 6.1.20, and 6.2.x up to 6.2.7 are vulnerable to a reflected file download (RFD) attack when a response header uses non-ASCII charset in the filename derived from user input via ContentDisposition.Builder#filename(Strin...
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2025-1589)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
GHSA-GR67-PWCV-76GF GeoServer Infinite Loop Vulnerability in Jiffle process
Summary Malicious Jiffle scripts can be executed by GeoServer, either as a rendering transformation in WMS dynamic styles or as a WPS process, that can enter an infinite loop to trigger denial of service. Details The Jiffle language supports multiple loop constructs that will cause its code block...