CVE-2025-8792 LitmusChaos Litmus client-side enforcement of server-side security

A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2025-8792 LitmusChaos Litmus client-side enforcement of server-side security

A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

PT-2025-32466 · Unknown · Litmuschaos

Name of the Vulnerable Software and Affected Versions: LitmusChaos versions up to 3.19.0 Description: A problematic issue exists in LitmusChaos. The manipulation leads to client-side enforcement of server-side security. This issue is potentially exploitable remotely. The exploit has been publicly...

Security Bulletin: IBM HTTP Server is affected by a security bypass vulnerability due to the included Apache HTTP Server (CVE-2025-54090)

Summary IBM HTTP Server used by IBM WebSphere Application Server is affected by a security bypass vulnerability due to the included Apache HTTP Server. This affects IBM HTTP Server with IFPH67153 installed. Vulnerability Details CVEID:CVE-2025-54090 DESCRIPTION: A bug in Apache HTTP Server 2.4.64...

Security Bulletin: Multiple Vulnerabilities have been identified in IBM Db2 shipped with IBM WebSphere Remote Server

Summary IBM Db2 is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM Db2 have been published in security bulletins Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions Affected...

CVE-2025-55135

In Agora Foundation Agora fall23-Alpha1 before 690ce56, there is XSS via a profile picture to server/controller/userController.js. Formats other than PNG, JPEG, and WEBP are permitted by server/routes/userRoutes.js; this includes SVG...

CVE-2025-48393

CVE-2025-48393 affects Eaton G4 PDU where the server identity check during firmware upgrade via command shell is insecure, enabling potential MITM disruption. The issue, documented across multiple feeds (NVD, Red Hat, CVE list, CNVD, etc.), states that a fix is available in the latest Eaton firmw...

Linux Distros Unpatched Vulnerability : CVE-2022-36760

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent Interpretation of HTTP Requests 'HTTP Request Smuggling' vulnerability in modproxyajp of Apache HTTP Server allows an attacker to smuggle requests ...

CVE-2012-10024

CVE-2012-10024 affects XBMC 11 and earlier builds up to 2012-11-04 nightly, where the embedded HTTP server is vulnerable to path traversal due to improper URI input sanitization when accessed with HTTP Basic Authentication. An authenticated attacker can request files outside the document root, po...

CVE-2025-2611

The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are know...

CVE-2025-54424

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

RHEL 6 : tigervnc (RHSA-2025:12751)

The remote Redhat Enterprise Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:12751 advisory. Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine...

CVE-2025-54424 1Panel Agent Bypasses Certificate Verification Leading to Arbitrary Command Execution

1Panel is a web interface and MCP Server that manages websites, files, containers, databases, and LLMs on a Linux server. In versions 2.0.5 and below, the HTTPS protocol used for communication between the Core and Agent endpoints has incomplete certificate verification during certificate...

IBM Aspera Faspex Access Control Error Vulnerability

IBM Aspera Faspex is IBM's high-performance file transfer solution designed for fast, secure transfer of large-volume data. A security vulnerability exists in IBM Aspera Faspex versions 5.0.0 through 5.0.12.1, which originates from a client not properly implementing server-side security mechanism...

nginx:1.24 security update

An update is available for nginx, module.nginx. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list nginx is a web and proxy server supporting HTTP and other...

CVE-2025-54451

Improper Control of Generation of Code 'Code Injection' vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0...

SAMSUNG MagicINFO 9 Server 安全漏洞

SAMSUNG MagicINFO 9 Server is an enterprise-class digital signage content management and device monitoring platform from Samsung Korea. A security vulnerability exists in SAMSUNG MagicINFO 9 Server, which stems from the use of hard-coded credentials, and can be exploited by an attacker to cause...

Apache 2.4.x < 2.4.65

The version of Apache httpd installed on the remote host is prior to 2.4.65. It is, therefore, affected by a vulnerability as referenced in the 2.4.65 advisory. - A bug in Apache HTTP Server 2.4.64 results in all RewriteCond expr ... tests evaluating as true. Users are recommended to upgrade to...

CVE-2025-7371

Okta On-Premises Provisioning OPP agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You...

CVE-2025-41675

CVE-2025-41675 concerns MB CONNECT LINE mbNET.mini and Helmholz/mbNET.mini gateways where an OS command injection arises from improper neutralization of special elements in OS commands. The vulnerability allows a high-privilege remote attacker to trigger arbitrary system commands via GET requests...