Lucene search
K

54847 matches found

CVE
CVE
added 2025/12/04 9:48 p.m.13 views

CVE-2025-6946

WatchGuard Fireware OS contains a Stored XSS vulnerability in the IPS module that requires an authenticated administrator session on a locally managed Firebox. Affected software is Firebox firmware versions 12.0 through 12.11.2. Root cause is improper input handling during web page generation. Th...

4.8CVSS5AI score0.00152EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/12/04 6:30 p.m.7 views

GHSA-F58C-GQ56-VJJF Apache Tika has XXE vulnerability

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

10CVSS5.9AI score0.79807EPSS
Exploits6References4
vulnersOsv
vulnersOsv
added 2025/12/04 6:30 p.m.10 views

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +324 more potentially affected by CVE-2025-54988 +1 more via org.apache.tika:tika-parser-pdf-module (>=2.0.0 <=3.2.1)

org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988, CVE-2025-66516 Source advisory: OSV:GHSA-F58C-GQ56-VJJF...

9.8CVSS7.5AI score0.79807EPSS
Exploits6
NVD
NVD
added 2025/12/04 5:15 p.m.11 views

CVE-2025-66516

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

9.8CVSS0.79807EPSS
Exploits5References2
OSV
OSV
added 2025/12/04 5:15 p.m.7 views

DEBIAN-CVE-2025-66516

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

9.8CVSS8AI score0.79807EPSS
Exploits5References1
OSV
OSV
added 2025/12/04 5:15 p.m.2 views

UBUNTU-CVE-2025-66516

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

10CVSS7.3AI score0.79807EPSS
Exploits6References5
GithubExploit
GithubExploit
added 2025/12/04 4:34 p.m.182 views

rsc-rce-poc

React Server Actions RCE Vulnerability - Proof of Concept Cre...

8AI score
Exploits0
Debian CVE
Debian CVE
added 2025/12/04 4:17 p.m.6 views

CVE-2025-66516

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

9.8CVSS8AI score0.79807EPSS
Exploits5
EUVD
EUVD
added 2025/12/04 4:17 p.m.8 views

EUVD-2025-201189

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

10CVSS8.4AI score0.79807EPSS
Exploits6References3
CVE
CVE
added 2025/12/04 4:17 p.m.404 views

CVE-2025-66516

CVE-2025-66516 is a critical XXE in Apache Tika affecting tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5). The root cause is XML External Entity injection triggered by a crafted XFA file in a PDF, allowing an attacker to access sensitive data or trigger intern...

9.8CVSS8.3AI score0.79807EPSS
Exploits5References2Affected Software1
CVE
CVE
added 2025/12/04 4:8 p.m.21 views

CVE-2025-40264

The CVE-2025-40264 issue affects the Linux kernel be2net code path with OS2BMC. be_insert_vlan_in_pkt() could dereference a NULL wrb_params at the be_send_pkt_to_bmc() call site, due to the wrb_params not being passed from be_xmit(); this could lead to a NULL pointer dereference. The fix involves...

6AI score0.00182EPSS
Exploits0References9
CVE
CVE
added 2025/12/04 3:31 p.m.27 views

CVE-2025-40231

CVE-2025-40231 (Linux kernel) relates to a vsock lock inversion in vsock_assign_transport() where vsock_register_mutex is held during a call that may call vsock_linger(). The commit adding vsock_register_mutex around transport-&gt;release() around sk_lock can create circular dependency when vsock...

6AI score0.00173EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/12/04 3:31 p.m.18 views

CVE-2025-40231 vsock: fix lock inversion in vsock_assign_transport()

In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsockassigntransport Syzbot reported a potential lock inversion deadlock between vsockregistermutex and sklock-AFVSOCK when vsocklinger is called. The issue was introduced by commit 687aa0c5581b "vsoc...

0.00173EPSS
Exploits0References7
EUVD
EUVD
added 2025/12/04 3:31 p.m.3 views

EUVD-2025-201228

In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsockassigntransport Syzbot reported a potential lock inversion deadlock between vsockregistermutex and sklock-AFVSOCK when vsocklinger is called. The issue was introduced by commit 687aa0c5581b "vsoc...

5.9AI score0.00173EPSS
Exploits0References8
OSV
OSV
added 2025/12/04 3:31 p.m.4 views

CVE-2025-40231 vsock: fix lock inversion in vsock_assign_transport()

In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsockassigntransport Syzbot reported a potential lock inversion deadlock between vsockregistermutex and sklock-AFVSOCK when vsocklinger is called. The issue was introduced by commit 687aa0c5581b "vsoc...

6.3AI score0.00173EPSS
Exploits0References10
RedHat Linux
RedHat Linux
added 2025/12/04 12:50 p.m.3 views

kernel: wifi: cfg80211: fix use-after-free in cmp_bss()

A use after free vulnerbility exists in the linux kernel wifi module in the cmpbss function,an attacker could create a crafted payload to trigger, leading to damage availability and integrity of the system...

7.8CVSS5.8AI score0.00152EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/12/04 12:50 p.m.3 views

kernel: vsock: Fix transport_* TOCTOU

In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport TOCTOU Transport assignment may race with module unload. Protect newtransport from becoming a stale pointer. This also takes care of an insecure call in vsockuselocaltransport; add a lockdep assert. BUG: unab...

4.7CVSS5.7AI score0.00113EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/12/04 12:38 p.m.9 views

CVE-2025-40215

In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x-tunnel as we delete x The ipcomp fallback tunnels currently get deleted from the various lists and hashtables as the last user state that needed that fallback is destroyed not deleted. If a reference to that user...

5.3AI score0.00176EPSS
Exploits0
Snyk
Snyk
added 2025/12/04 12:31 p.m.2 views

Insertion of Sensitive Information into Log File

Overview ansible is a simple IT automation system. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the community.general.keycloakuser module due to exposing the credentials.value field in verbose output. An attacker can obtain sensitive...

6.8CVSS6.8AI score0.00115EPSS
Exploits0References2
CVE
CVE
added 2025/12/04 9:51 a.m.22 views

CVE-2025-14010

CVE-2025-14010 affects the Ansible Community General collection, where a flaw in ansible-collection-community-general can cause information exposure of sensitive credentials (plaintext passwords) via verbose output when Ansible runs with debug. This means attackers with access to logs could poten...

5.5CVSS6AI score0.00115EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder