Lucene search
K

54845 matches found

Cvelist
Cvelist
added 2025/12/05 1:40 p.m.77 views

CVE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...

Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue...

0.015EPSS
Exploits0References1
OSV
OSV
added 2025/12/05 11:13 a.m.10 views

BIT-PYTHON-2025-13837 Out-of-memory when loading Plist

When loading a plist file, the plistlib module reads data in size specified by the file itself, meaning a malicious file can cause OOM and DoS issues...

5.5CVSS6.9AI score0.00193EPSS
Exploits0References10
CVE
CVE
added 2025/12/05 11:2 a.m.556 views

CVE-2025-66200

CVE-2025-66200 affects Apache HTTP Server 2.4.7–2.4.65. A mod_userdir+suexec bypass via AllowOverride FileInfo lets users with htaccess access to the RequestHeader directive cause some CGI scripts to execute under an unexpected userid. Connected advisories confirm the fix is in 2.4.66 (e.g., Debi...

5.4CVSS6.6AI score0.00569EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/05 11:0 a.m.10 views

CVE-2025-66516

A XML External Entity XXE injection vulnerability was found in the Apache Tika framework's PDF parsing functionality. It could allow a remote, unauthenticated attacker to exploit the system by providing a specially crafted PDF containing an XFA XML Forms Architecture file. This flaw could lead to...

10CVSS8.7AI score0.79807EPSS
Exploits6References5
GithubExploit
GithubExploit
added 2025/12/05 3:2 a.m.163 views

Exploit for CVE-2025-55182

CVE-2025-55182 This repository contains a PoC reproduction of...

10CVSS8.2AI score0.99562EPSS
Exploits372
Fedora
Fedora
added 2025/12/05 2:42 a.m.9 views

[SECURITY] Fedora 42 Update: python-kdcproxy-1.1.0-1.fc42

This package contains a Python WSGI module for proxying KDC requests over HTTP by following the MS-KKDCP protocol. It aims to be simple to deploy, with minimal configuration...

8.6CVSS6.9AI score0.00463EPSS
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/12/05 2:42 a.m.5 views

Malicious code in module-listener (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d17f403951ae366e78ffa76ef093fdbeb3bd4fa3de3b9753c8d7b56fea6bede2 The package module-listener was found to contain malicious code. Source: ghsa-malware c922f84811ce200feff2b048957a9b81b6e78d33db6abc439c1ce9ef7a0950a...

6.9AI score
Exploits0References1
EUVD
EUVD
added 2025/12/05 2:42 a.m.2 views

EUVD-2025-201332

Malicious code in module-listener npm...

6.6AI score
Exploits0References1
OSV
OSV
added 2025/12/05 2:42 a.m.2 views

MAL-2025-192308 Malicious code in module-listener (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d17f403951ae366e78ffa76ef093fdbeb3bd4fa3de3b9753c8d7b56fea6bede2 The package module-listener was found to contain malicious code. Source: ghsa-malware c922f84811ce200feff2b048957a9b81b6e78d33db6abc439c1ce9ef7a0950a...

6.8AI score
Exploits0References1
EUVD
EUVD
added 2025/12/05 12:31 a.m.5 views

EUVD-2025-201303

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS Tigerpaw Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025.1 ...

4.8CVSS5.7AI score0.00151EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/12/05 12:25 a.m.2 views

SUSE CVE-2025-40231

In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsockassigntransport Syzbot reported a potential lock inversion deadlock between vsockregistermutex and sklock-AFVSOCK when vsocklinger is called. The issue was introduced by commit 687aa0c5581b "vsoc...

5.5CVSS6.4AI score0.00173EPSS
Exploits0References20
RedhatCVE
RedhatCVE
added 2025/12/05 12:9 a.m.9 views

CVE-2025-62173

Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API...

8.6CVSS7.9AI score0.00238EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 10:15 p.m.4 views

CVE-2025-6946

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS allows Stored XSS via the IPS module. This vulnerability requires an authenticated administrator session to a locally managed Firebox. This issue affects Firebox: from...

4.8CVSS5.8AI score0.00152EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 10:15 p.m.1 views

CVE-2025-13937

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WatchGuard Fireware OS ConnectWise Technology Integration module allows Stored XSS.This issue affects Fireware OS 12.4 up to and including 12.11.4, 12.5 up to and including 12.5.13, and 2025...

6.1CVSS5.7AI score0.00151EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/04 10:10 p.m.18 views

CVE-2025-66509 LaraDashboard: 1-Click Pre-Auth RCE via Host Header + Module Installation Chain

LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process ...

9.3CVSS0.00345EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/04 10:10 p.m.2 views

CVE-2025-66509 LaraDashboard: 1-Click Pre-Auth RCE via Host Header + Module Installation Chain

LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process ...

9.3CVSS7.5AI score0.00345EPSS
Exploits0References2
CVE
CVE
added 2025/12/04 10:10 p.m.17 views

CVE-2025-66509

LaraDashboard vulnerability CVE-2025-66509 affects version 2.3.0 and earlier. The password reset flow trusts the Host header, enabling an attacker to redirect the administrator’s reset token to a remote server. When combined with the module installation process, this can trigger ServiceProvider::...

9.8CVSS7.5AI score0.00345EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2025/12/04 10:10 p.m.3 views

EUVD-2025-201292

LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process ...

9.3CVSS7.3AI score0.00345EPSS
Exploits0References2
OSV
OSV
added 2025/12/04 10:10 p.m.3 views

CVE-2025-66509 LaraDashboard: 1-Click Pre-Auth RCE via Host Header + Module Installation Chain

LaraDashboard is an all-In-one solution to start a Laravel Application. In 2.3.0 and earlier, the password reset flow trusts the Host header, allowing attackers to redirect the administrator’s reset token to an attacker-controlled server. This can be combined with the module installation process ...

9.3CVSS7.8AI score0.00345EPSS
Exploits0References4
CVE
CVE
added 2025/12/04 9:48 p.m.13 views

CVE-2025-6946

WatchGuard Fireware OS contains a Stored XSS vulnerability in the IPS module that requires an authenticated administrator session on a locally managed Firebox. Affected software is Firebox firmware versions 12.0 through 12.11.2. Root cause is improper input handling during web page generation. Th...

4.8CVSS5AI score0.00152EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder