Jenkins plugin Cadence vManager 跨站请求伪造漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security vulnerability...

CVE-2025-4443

creationtimestamp| type| source ---|---|--- 2025-05-09 00:25:00+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/15647 2025-05-09 01:15:01+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lop5uf3hggr2 2025-05-09...

Receive Remote rsyslog Messages Only on A Specified Log Host

By default, rsyslog does not listen on log messages from a remote system. Log message listening via TCP is performed in a similar way to log message listening via UDP, both requiring rsyslog to load a module, that is, the imtcp.so module and the imudp.so module respectively. The TCP/UDP port to b...

The vulnerability of Fortinet’s software products lies in the insufficient restriction of communication channels for specific endpoints, which allows attackers to carry out MITM attacks.

The vulnerability of Fortinet software products is related to insufficient restrictions on communication channels for specified endpoints. Exploiting this vulnerability allows a remote attacker to carry out a Middleware-In-The-Middle MITM attack...

CVE-2025-31120

creationtimestamp| type| source ---|---|--- 2025-04-18 16:59:24+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12504 2025-04-18 17:32:17+00:00| seen| https://bsky.app/profile/Minecraft.activitypub.awakari.com.ap.brid.gy/post/3ln45mklycpf2 2025-04-18 19:05:05+00:00| seen|...

CVE-2025-30984

creationtimestamp| type| source ---|---|--- 2025-04-15 22:44:18+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmv5o3qyk32h 2025-04-15 22:56:02+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/11956 2025-04-16 01:48:48+00:00| seen|...

PT-2025-16031 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns a Cross-Site Request Forgery in the Apache HTTP Server. No information is provided about the estimated number of potentially affected devices worldwide or...

Moodle 4.0.x < 4.0.8 SQL injection

According to its self-reported version, the Moodle install hosted on the remote host is prior to 3.9.21, 3.11.x prior to 3.11.14, 4.0.x prior to 4.0.8 or 4.1.x prior to 4.1.3. It is, therefore, affected by a limited SQL injection in functionality used by the Wiki activity when listing pages. Note...

PT-2025-15562 · Microsoft · Windows Kernel +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel affected versions not specified Description: The issue is related to an untrusted pointer dereference in the Windows Kernel, allowing an authorized attacker to elevate privileges locally. Recommendations: At the moment, there i...

PT-2025-15319 · Isherlock · Isherlock

Name of the Vulnerable Software and Affected Versions: iSherlock affected versions not specified Description: The iSherlock web service has an issue that allows remote attackers to inject and execute arbitrary system commands on the server. This is possible due to an OS command injection flaw,...

PT-2025-15559 · Microsoft · Windows Power Dependency Coordinator +1

Name of the Vulnerable Software and Affected Versions: Windows Power Dependency Coordinator affected versions not specified Description: The issue allows an authorized attacker to disclose sensitive information locally due to the exposure of sensitive information to an unauthorized actor...

BIT-DOLIBARR-2022-0174 Improper Validation of Specified Quantity in Input in dolibarr/dolibarr

Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr...

PT-2025-16697

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the handling of cached destination counters in the dst release function. When CONFIG DST CACHE is enabled and Open vSwit...

PT-2025-14459 · Assetview +1 · Assetview +1

Name of the Vulnerable Software and Affected Versions: AssetView and AssetView CLOUD affected versions not specified Description: The issue concerns acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated...

Denial Of Service (DoS)

ai.h2o, h2o-core is vulnerable to Denial Of Service DoS. The vulnerability is due to the /3/Parse endpoint constructing a regular expression from a user-specified string, which is then applied to another user-specified string, allowing an attacker to send multiple simultaneous requests and exhaus...

PT-2025-12844 · Bdrive · Bdrive Netdrive

Name of the Vulnerable Software and Affected Versions: Bdrive NetDrive affected versions not specified Description: The issue is related to an uncontrolled search path element, which can lead to local privilege escalation. Recommendations: At the moment, there is no information about a newer...

H2O Vulnerable to Denial of Service (DoS) via `/3/Parse` Endpoint

A vulnerability in the /3/Parse endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service DoS attack. The endpoint uses a user-specified string to construct a regular expression, which is then applied to another user-specified string. By sending multiple simultaneous requests, an...

CVE-2025-27160

Acrobat Reader versions 24.001.30225, 20.005.30748, 25.001.20428 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious...

PT-2025-8685

Name of the Vulnerable Software and Affected Versions Essential Addons for Elementor affected versions not specified Description A critical XSS flaw has been identified in the Essential Addons for Elementor WordPress plugin, potentially placing over two million websites in jeopardy. This...

PT-2025-7712 · Gliffy · Gliffy

Name of the Vulnerable Software and Affected Versions: Gliffy affected versions not specified Description: A flaw in the application results in broken authentication through the reset functionality. Recommendations: At the moment, there is no information about a newer version that contains a fix...