CLSA-2025-1742737069 Fix CVE(s): CVE-2025-24813

SECURITY UPDATE: path Equivalence Vulnerability - debian/patches/CVE-2025-24813.patch: enhance lifecycle of temporary files used by partial PUT to delete temporary file right after finishing request processing - CVE-2025-24813...

CLSA-2025-1742577759 Fix CVE(s): CVE-2025-24813

SECURITY UPDATE: path Equivalence leading to Remote Code Execution and/or Information disclosure in Apache Tomcat - debian/patches/CVE-2025-24813.patch: Enhance lifecycle of temporary files used by partial PUT - CVE-2025-24813...

CVE-2024-12880

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

PYSEC-2025-92

An unauthenticated Denial of Service DoS vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups...

CVE-2024-12880

The CVE-2024-12880 entry concerns infiniflow/ragflow (RAGFlow-0.13.0) with a vulnerability in tenant ID handling that enables partial account takeover. If a user has access to multiple tenants, they can manipulate tenant access to query and obtain other tenants’ API tokens via endpoints: /v1/syst...

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow

A vulnerability in infiniflow/ragflow version RAGFlow-0.13.0 allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user has access to multiple tenants, they can manipulate their tenant access to query and acce...

RAGFlow 授权问题漏洞

RAGFlow is an open source RAG engine based on deep document understanding from InfiniFlow Open Source. An authorization issue vulnerability exists in RAGFlow version 0.13.0, which stems from not handling tenant IDs correctly and could lead to partial account takeover...

PT-2025-12154 · Unknown · Infiniflow/Ragflow

Name of the Vulnerable Software and Affected Versions: infiniflow/ragflow version RAGFlow-0.13.0 Description: A vulnerability in infiniflow/ragflow allows for partial account takeover via insecure data querying. The issue arises from the way tenant IDs are handled in the application. If a user ha...

Apache Tomcat CVE-2025-24813: What You Need to Know

Here at Rapid7, our usual bar for calling a vulnerability an emergent threat is either known exploitation at scale, or likelihood of exploitation at scale. Apache Tomcat CVE-2025-24813 fulfills neither of these criteria, despite a variety of news headlines alleging broad exploitation in the wild...

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

The vulnerability of the microprogrammed software of industrial routers SCALANCE M-800 and industrial switches SCALANCE SC-600, related to partial comparison, allows a intruder to influence the integrity of the protected information.

The vulnerability of the microprogrammed software of industrial routers SCALANCE M-800 and industrial switches SCALANCE SC-600 is related to a partial comparison. Exploiting this vulnerability could allow an attacker operating remotely to influence the integrity of the protected information...

xorg: xwayland: Use of uninitialized pointer in compRedirectWindow()

An access to an uninitialized pointer flaw was found in X.Org and Xwayland. The function compCheckRedirect may fail if it cannot allocate the backing pixmap. In that case, compRedirectWindow will return a BadAlloc error without validating the window tree marked just before, which leaves the...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

利用条件 + DefaultServlet 写入功能启用：需在 web.xml 中配置 readonly=false...

VulnCheck KEV: CVE-2025-24813

Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request...

SUSE CVE-2025-24813

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

GHSA-83QJ-6FR2-VHQG Apache Tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...

Security Bulletin: IBM Cognos Command Center has addressed vulnerabilities IBM® Semeru Java™ and Eclipse Jetty

Summary There are vulnerabilities in IBM® Semeru Java™ and Eclipse Jetty used by IBM Cognos Command Center. Please refer to the table in the Related Information section for vulnerability impact. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos Comman...

UBUNTU-CVE-2025-24813

Path Equivalence: 'file.Name' Internal Dot leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through...