11228 matches found
CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0
An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...
CVE-2024-13089 Authenticated RCE in update functionality in Guardian/CMC before 24.6.0
An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these...
Apache Kafka Deserialization of Untrusted Data vulnerability
A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...
CVE-2025-27819
In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...
CVE-2025-27819
In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...
CVE-2025-27818
A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...
CVE-2025-27819 Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration
In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...
CVE-2025-27819 Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration
In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...
CVE-2025-27818
Summary of CVE-2025-27818 (Apache Kafka): The issue involves an authenticated operator who, via alterConfig on a cluster resource (or Kafka Connect worker) and by modifying connector configs through the REST API, can set sasl.jaas.config on Kafka clients to an LDAP/JndiLoginModule path (e.g., com...
CVE-2025-27818 Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration
A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...
CVE-2025-27818 Apache Kafka: Possible RCE attack via SASL JAAS LdapLoginModule configuration
A possible security vulnerability has been identified in Apache Kafka. This requires access to a alterConfig to the cluster resource, or Kafka Connect worker, and the ability to create/modify connectors on it with an arbitrary Kafka client SASL JAAS config and a SASL-based security protocol, whic...
PT-2025-24620
Name of the Vulnerable Software and Affected Versions Apache Kafka versions 2.0.0 through 3.9.0 Apache Kafka versions 3.0.0 through 3.9.0, where users are allowed to specify properties in connector configurations for Kafka Connect clusters running with out-of-the-box configurations Apache Kafka...
GIMP Integer Overflow RCE Vulnerability (Jun 2025) - Windows
GIMP is prone to an integer overflow remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
FreeBSD : Post-Auth Remote Code Execution found in Roundcube Webmail (0d6094a2-4095-11f0-8c92-00d861a0e66d)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0d6094a2-4095-11f0-8c92-00d861a0e66d advisory. Roundcube Webmail reports: Fix Post-Auth RCE via PHP Object Deserialization reported by firs0v Tenable...
CVE-2025-48999 Dataease Redshift Data Source JDBC Connection Parameters Not Verified Leads to RCE Vulnerability
DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, getUrlType retrieves hostName. Since the judgment statement returns false, it will not enter the if statement and will not ...
Exploit for Improper Protection of Alternate Path in Vbulletin
Description: RCE for Vbullettin versions between 5.0.0 - 5...
SUSE SLED15 / SLES15 Security Update : gstreamer-plugins-bad (SUSE-SU-2025:01737-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:01737-1 advisory. - CVE-2025-3887: Fixed possible RCE vulnerability via buffer overflow in H265 Codec Parsing bsc1242809. Tenable has...
SUSE-SU-2025:01729-1 Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following issues: - CVE-2025-3887: Fixed possible RCE vulnerability via buffer overflow in H265 Codec Parsing bsc1242809...
Malicious code in wallet-connector-rce (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7da34a4136664074d4841726a150a99a3bc33e88c131fc32766950633e0f9558 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
May
MayLinux Patch Wednesday. This time: 1091 vulnerabilities. Of those, 716 are in the Linux Kernel. 5 vulnerabilities are exploited in the wild: RCE - PHP CSS Parser CVE-2020-13756. In AttackerKB, an exploit exists. DoS - Apache ActiveMQ CVE-2025-27533. In AttackerKB, an exploit exists. SFB -...