CVE-2025-25182 Stroom Authentication/Authorization Bypass when using AWS ALB

Stroom is a data processing, storage and analysis platform. A vulnerability exists starting in version 7.2-beta.53 and prior to versions 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2 that allows authentication bypass to a Stroom system when configured with ALB and installed in a way that the...

Concrete CMS: Authenticated path traversal to RCE

crayons Description The bFilename parameter in the scenario index.php/ccm/system/dialogs/block/design/submit is vulnerable to remote code execution via path traversal vulnerability. Authenticated attacker with rights to edit web application pages can upload malicious PNG file containing PHP code...

Fedora 29 : php (2019-187ae3128d)

PHP version 7.2.24 24 Oct 2019 Core: - Fixed bug php78535 autodetectlineendings value not parsed as bool. bugreportuser - Fixed bug php78620 Out of memory error. cmb, Nikita Exif: - Fixed bug php78442 'Illegal component' on exifreaddata since PHP7 Kalle FPM: - Fixed bug php78599 envpathinfo...

PowerShell LTS v7.2.24 (x64)

PowerShell LTS v7.2.24 x64...