| CVE-2024-28056 |
5.9 |
AWS |
Amazon AWS Amplify CLI before 12.10.1 incorrectly configures the role trust policy of IAM roles associated with Amplify projects. When the Authentication component is removed from an Amplify project, a Condition property is removed but "Effect":"Allow" remains present, and consequently sts:AssumeRoleWithWebIdentity would be available to threat actors with no conditions. Thus, if Amplify CLI had been used to remove the Authentication component from a project built between August 2019 and January 2024, an "assume role" may have occurred, and may have been leveraged to obtain unauthorized access to an organization's AWS resources. NOTE: the problem could only occur if an authorized AWS user removed an Authentication component. (The vulnerability did not give a threat actor the ability to remove an Authentication component.) However, in realistic situations, an authorized AWS user may have removed an Authentication component, e.g., if the objective were to stop using built-in Cognito resources, or move to a completely different identity provider. |
2025-06-30T14:40:14.440 |
https://cve.circl.lu/cve/CVE-2024-28056 |
| CVE-2025-2828 |
6.0 |
AWS |
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit does not enforce restrictions on requests to remote internet addresses, allowing it to also access local addresses. As a result, an attacker could exploit this flaw to perform port scans, access local services, retrieve instance metadata from cloud environments (e.g., Azure, AWS), and interact with servers on the local network. This issue has been fixed in version 0.0.28. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-2828 |
| CVE-2014-6274 |
3.6 |
AWS |
git-annex had a bug in the S3 and Glacier remotes where if embedcreds=yeswas set, and the remote used encryption=pubkey or encryption=hybrid,the embedded AWS credentials were stored in the git repositoryin (effectively) plaintext, not encrypted as they were supposed to be. This issue affects git-annex: from 3.20121126 before 5.20140919. |
2025-06-30T18:38:48.477 |
https://cve.circl.lu/cve/CVE-2014-6274 |
| CVE-2025-34062 |
N/A |
AWS |
An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext response disclosing sensitive credentials. These may include an API key, AWS IAM access and secret keys, and a base64-encoded JWT signing key used in the tenant’s SSO IdP configuration. |
2025-07-01T15:15:24.773 |
https://cve.circl.lu/cve/CVE-2025-34062 |
| CVE-2025-49549 |
1.4 |
Adobe |
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue does not require user interaction. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-49549 |
| CVE-2025-49550 |
1.4 |
Adobe |
Adobe Commerce versions 2.4.8, 2.4.7-p5, 2.4.6-p10, 2.4.5-p12, 2.4.4-p13 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized access. Exploitation of this issue requires user interaction. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-49550 |
| CVE-2023-40611 |
1.4 |
Airflow |
Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.Users should upgrade to version 2.7.1 or later which has removed the vulnerability. |
2025-06-25T14:15:21.987 |
https://cve.circl.lu/cve/CVE-2023-40611 |
| CVE-2025-50213 |
5.9 |
Airflow |
Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) vulnerability in Apache Airflow Providers Snowflake.This issue affects Apache Airflow Providers Snowflake: before 6.4.0.Sanitation of table and stage parameters were added in CopyFromExternalStageToSnowflakeOperator to prevent SQL injectionUsers are recommended to upgrade to version 6.4.0, which fixes the issue. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-50213 |
| CVE-2025-5813 |
1.4 |
Amazon |
The Amazon Products to WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcta2w_get_amazon_product_callback() function in all versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to create new produces. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-5813 |
| CVE-2025-53285 |
3.7 |
Amazon |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Website Flip Add & Replace Affiliate Links for Amazon allows Stored XSS. This issue affects Add & Replace Affiliate Links for Amazon: from n/a through 1.0.6. |
2025-06-30T18:38:48.477 |
https://cve.circl.lu/cve/CVE-2025-53285 |
| CVE-2023-26512 |
5.9 |
Apache |
CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible. |
2025-06-25T13:04:17.487 |
https://cve.circl.lu/cve/CVE-2023-26512 |
| CVE-2023-41313 |
5.9 |
Apache |
The authentication method in Apache Doris versions before 2.0.0 was vulnerable to timing attacks.Users are recommended to upgrade to version 2.0.0 + or 1.2.8, which fixes this issue. |
2025-06-30T12:14:35.607 |
https://cve.circl.lu/cve/CVE-2023-41313 |
| CVE-2024-23944 |
3.4 |
Apache |
Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical.Users are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue. |
2025-06-27T15:13:01.597 |
https://cve.circl.lu/cve/CVE-2024-23944 |
| CVE-2024-28752 |
5.8 |
Apache |
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted. |
2025-06-27T15:06:40.040 |
https://cve.circl.lu/cve/CVE-2024-28752 |
| CVE-2024-37602 |
3.6 |
Apple |
An issue was discovered in Mercedes Benz NTG (New Telematics Generation) 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP address, an attacker can connect via the internal network to the AirTunes / AirPlay service. With prepared HTTP requests, an attacker can cause the Car Play service to fail. |
2025-06-27T16:12:26.847 |
https://cve.circl.lu/cve/CVE-2024-37602 |
| CVE-2025-25953 |
5.2 |
Azure |
Serosoft Solutions Pvt Ltd Academia Student Information System (SIS) EagleR v1.0.118 was discovered to contain an Azure JWT access token exposure. This vulnerability allows authenticated attackers to escalate privileges and access sensitive information. |
2025-06-27T13:41:19.777 |
https://cve.circl.lu/cve/CVE-2025-25953 |
| CVE-2025-53013 |
4.2 |
Azure |
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. A vulnerability present in versions 0.9.10 through 0.9.16 allows a user to authenticate to a Linux host via Himmelblau using an *invalid* Linux Hello PIN, provided the host is offline. While the user gains access to the local system, Single Sign-On (SSO) fails due to the network being down and the inability to issue tokens (due to a failure to unlock the Hello key). The core issue lies in an incorrect assumption within the `acquire_token_by_hello_for_business_key` function: it was expected to return a `TPMFail` error for an invalid Hello key when offline, but instead, a preceding nonce request resulted in a `RequestFailed` error, leading the system to erroneously transition to an offline success state without validating the Hello key unlock. This impacts systems using Himmelblau for authentication when operating in an offline state with Hello PIN authentication enabled. Rocky Linux 8 (and variants) are not affected by this vulnerability. The problem is resolved in Himmelblau version 0.9.17. A workaround is available for users who cannot immediately upgrade. Disabling Hello PIN authentication by setting `enable_hello = false` in `/etc/himmelblau/himmelblau.conf` will mitigate the vulnerability. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-53013 |
| CVE-2014-2217 |
6.4 |
ASP.NET |
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value. |
2025-06-30T13:06:41.513 |
https://cve.circl.lu/cve/CVE-2014-2217 |
| CVE-2019-19790 |
5.9 |
ASP.NET |
Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler). |
2025-06-30T13:06:41.513 |
https://cve.circl.lu/cve/CVE-2019-19790 |
| CVE-2021-28141 |
5.9 |
ASP.NET |
An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attacker to gain unauthorized access to the server and execute code. To exploit, one must use the parameter _TSM_HiddenField_ and inject a command at the end of the URI. NOTE: the vendor states that this is not a vulnerability. The request's output does not indicate that a "true" command was executed on the server, and the request's output does not leak any private source code or data from the server |
2025-06-30T13:06:41.513 |
https://cve.circl.lu/cve/CVE-2021-28141 |
| CVE-2025-49520 |
5.9 |
Ansible |
A flaw was found in Ansible Automation Platform’s EDA component where user-supplied Git URLs are passed unsanitized to the git ls-remote command. This vulnerability allows an authenticated attacker to inject arguments and execute arbitrary commands on the EDA worker. In Kubernetes/OpenShift environments, this can lead to service account token theft and cluster access. |
2025-07-01T02:15:22.190 |
https://cve.circl.lu/cve/CVE-2025-49520 |
| CVE-2025-49521 |
5.9 |
Ansible |
A flaw was found in the EDA component of the Ansible Automation Platform, where user-supplied Git branch or refspec values are evaluated as Jinja2 templates. This vulnerability allows authenticated users to inject expressions that execute commands or access sensitive files on the EDA worker. In OpenShift, it can lead to service account token theft. |
2025-07-01T02:15:22.310 |
https://cve.circl.lu/cve/CVE-2025-49521 |
| CVE-2025-49493 |
1.4 |
Akamai |
Akamai CloudTest before 60 2025.06.02 (12988) allows file inclusion via XML External Entity (XXE) injection. |
2025-06-30T20:15:25.060 |
https://cve.circl.lu/cve/CVE-2025-49493 |
| CVE-2025-52491 |
1.4 |
Akamai |
Akamai CloudTest before 60 2025.06.09 (12989) allows SSRF. |
2025-06-30T20:15:25.233 |
https://cve.circl.lu/cve/CVE-2025-52491 |
| CVE-2025-30702 |
1.4 |
AMP |
Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Fleet Patching and amp; Provisioning accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). |
2025-06-26T19:14:33.750 |
https://cve.circl.lu/cve/CVE-2025-30702 |
| CVE-2022-48174 |
5.9 |
BusyBox |
There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. |
2025-06-25T14:24:41.033 |
https://cve.circl.lu/cve/CVE-2022-48174 |
| CVE-2024-27439 |
2.5 |
CSRF |
An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket.This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series.Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected.Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue. |
2025-06-27T14:43:53.587 |
https://cve.circl.lu/cve/CVE-2024-27439 |
| CVE-2024-3135 |
3.6 |
CSRF |
A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers to exhaust system resources, consume credits, and fill disk space by making numerous resource-intensive API calls, such as generating images or uploading files. The vulnerability stems from the application's acceptance of simple request content-types without requiring CSRF tokens or implementing other CSRF mitigation measures. Successful exploitation does not require network access to the vulnerable LocalAI environment. |
2025-06-27T15:58:15.920 |
https://cve.circl.lu/cve/CVE-2024-3135 |
| CVE-2025-45055 |
2.7 |
CSRF |
Silverpeas 6.4.2 contains a stored cross-site scripting (XSS) vulnerability in the event management module. An authenticated user can upload a malicious SVG file as an event attachment, which, when viewed by an administrator, executes embedded JavaScript in the admin's session. This allows attackers to escalate privileges by creating a new administrator account. The vulnerability arises from insufficient sanitization of SVG files and weak CSRF protections. |
2025-06-25T20:24:56.750 |
https://cve.circl.lu/cve/CVE-2025-45055 |
| CVE-2025-50370 |
2.5 |
CSRF |
A Cross-Site Request Forgery (CSRF) vulnerability exists in the Inquiry Management functionality /mcgs/admin/readenq.php of the Phpgurukul Medical Card Generation System 1.0. The vulnerable endpoint allows an authenticated admin to delete inquiry records via a simple GET request, without requiring a CSRF token or validating the origin of the request. |
2025-07-01T18:13:30.903 |
https://cve.circl.lu/cve/CVE-2025-50370 |
| CVE-2024-20312 |
4.0 |
Cisco |
A vulnerability in the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation when parsing an ingress IS-IS packet. An attacker could exploit this vulnerability by sending a crafted IS-IS packet to an affected device after forming an adjacency. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: The IS-IS protocol is a routing protocol. To exploit this vulnerability, an attacker must be Layer 2-adjacent to the affected device and have formed an adjacency. |
2025-06-30T15:21:14.327 |
https://cve.circl.lu/cve/CVE-2024-20312 |
| CVE-2024-20308 |
4.0 |
Cisco |
A vulnerability in the IKEv1 fragmentation code of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a heap underflow, resulting in an affected device reloading. This vulnerability exists because crafted, fragmented IKEv1 packets are not properly reassembled. An attacker could exploit this vulnerability by sending crafted UDP packets to an affected system. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. Note: Only traffic that is directed to the affected system can be used to exploit this vulnerability. This vulnerability can be triggered by IPv4 and IPv6 traffic.. |
2025-06-30T15:13:39.897 |
https://cve.circl.lu/cve/CVE-2024-20308 |
| CVE-2024-20258 |
2.7 |
Cisco |
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. |
2025-06-30T17:24:36.450 |
https://cve.circl.lu/cve/CVE-2024-20258 |
| CVE-2025-20264 |
2.7 |
Cisco |
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.This vulnerability is due to insufficient authorization enforcement mechanisms for users created by SAML SSO integration with an external identity provider. An attacker could exploit this vulnerability by submitting a series of specific commands to an affected device. A successful exploit could allow the attacker to modify a limited number of system settings, including some that would result in a system restart. In single-node Cisco ISE deployments, devices that are not authenticated to the network will not be able to authenticate until the Cisco ISE system comes back online. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-20264 |
| CVE-2025-20281 |
5.9 |
Cisco |
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. The attacker does not require any valid credentials to exploit this vulnerability.This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted API request. A successful exploit could allow the attacker to obtain root privileges on an affected device. |
2025-06-26T20:35:07.773 |
https://cve.circl.lu/cve/CVE-2025-20281 |
| CVE-2019-6693 |
3.6 |
Cryptograph |
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set). |
2025-06-26T19:31:29.797 |
https://cve.circl.lu/cve/CVE-2019-6693 |
| CVE-2025-1828 |
5.9 |
Cryptograph |
Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions.If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider.In particular, Windows versions of perl will encounter this issue by default. |
2025-06-27T16:11:22.767 |
https://cve.circl.lu/cve/CVE-2025-1828 |
| CVE-2025-6669 |
1.4 |
Cryptograph |
A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file middlewares/jwt.go. The manipulation with the input sublink leads to use of hard-coded cryptographic key . The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.9 is able to address this issue. The patch is identified as 778d26aef723daa58df98c8060c43f5bf5d1b10b. It is recommended to upgrade the affected component. |
2025-06-27T11:15:25.547 |
https://cve.circl.lu/cve/CVE-2025-6669 |
| CVE-2025-34063 |
N/A |
Cryptograph |
A cryptographic authentication bypass vulnerability exists in OneLogin AD Connector prior to 6.1.5 due to the exposure of a tenant’s SSO JWT signing key via the /api/adc/v4/configuration endpoint. An attacker in possession of the signing key can craft valid JWT tokens impersonating arbitrary users within a OneLogin tenant. The tokens allow authentication to the OneLogin SSO portal and all downstream applications federated via SAML or OIDC. This allows full unauthorized access across the victim’s SaaS environment. |
2025-07-01T15:15:24.913 |
https://cve.circl.lu/cve/CVE-2025-34063 |
| CVE-2025-6206 |
5.9 |
ChatGPT |
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_image_editor_ajax_submit' function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. In order to exploit the vulnerability, there must be a value entered for the Stability.AI API key. The value can be arbitrary. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-6206 |
| CVE-2025-3568 |
1.4 |
CRM |
A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor prepares a fix for the next major release and explains that he does not think therefore that this should qualify for a CVE. |
2025-06-26T19:21:05.930 |
https://cve.circl.lu/cve/CVE-2025-3568 |
| CVE-2025-24774 |
3.7 |
CRM |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla WPCRM - CRM for Contact form CF7 & WooCommerce allows Reflected XSS. This issue affects WPCRM - CRM for Contact form CF7 & WooCommerce: from n/a through 3.2.0. |
2025-06-30T18:38:48.477 |
https://cve.circl.lu/cve/CVE-2025-24774 |
| CVE-2024-12150 |
5.9 |
CRM |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects . NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. |
2025-06-30T18:38:23.493 |
https://cve.circl.lu/cve/CVE-2024-12150 |
| CVE-2024-0769 |
1.4 |
D-Link |
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. |
2025-06-26T19:29:56.650 |
https://cve.circl.lu/cve/CVE-2024-0769 |
| CVE-2024-57376 |
5.9 |
D-Link |
Buffer Overflow vulnerability in D-Link DSR-150, DSR-150N, DSR-250, DSR-250N, DSR-500N, DSR-1000N from 3.13 to 3.17B901C allows unauthenticated users to execute remote code execution. |
2025-07-01T15:15:40.243 |
https://cve.circl.lu/cve/CVE-2024-57376 |
| CVE-2025-45784 |
5.9 |
D-Link |
D-Link DPH-400S/SE VoIP Phone v1.01 contains hardcoded provisioning variables, including PROVIS_USER_PASSWORD, which may expose sensitive user credentials. An attacker with access to the firmware image can extract these credentials using static analysis tools such as strings or xxd, potentially leading to unauthorized access to device functions or user accounts. This vulnerability exists due to insecure storage of sensitive information in the firmware binary. |
2025-06-26T15:54:43.523 |
https://cve.circl.lu/cve/CVE-2025-45784 |
| CVE-2025-6291 |
5.9 |
D-Link |
A vulnerability, which was classified as critical, was found in D-Link DIR-825 2.03. This affects the function do_file of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. |
2025-06-26T17:00:25.153 |
https://cve.circl.lu/cve/CVE-2025-6291 |
| CVE-2025-6292 |
5.9 |
D-Link |
A vulnerability has been found in D-Link DIR-825 2.03 and classified as critical. This vulnerability affects the function sub_4091AC of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. |
2025-06-26T17:25:51.993 |
https://cve.circl.lu/cve/CVE-2025-6292 |
| CVE-2025-26331 |
5.9 |
Dell |
Dell ThinOS 2411 and prior, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. |
2025-07-01T15:08:21.283 |
https://cve.circl.lu/cve/CVE-2025-26331 |
| CVE-2025-27688 |
5.9 |
Dell |
Dell ThinOS 2408 and prior, contains an improper permissions vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. |
2025-07-01T15:08:57.517 |
https://cve.circl.lu/cve/CVE-2025-27688 |
| CVE-2025-36595 |
5.9 |
Dell |
Dell Unisphere for PowerMax vApp, version(s) 9.2.4.x, contain(s) an Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Code execution. |
2025-06-30T18:38:48.477 |
https://cve.circl.lu/cve/CVE-2025-36595 |
| CVE-2025-36593 |
5.9 |
Dell |
Dell OpenManage Network Integration, versions prior to 3.8, contains an Authentication Bypass by Capture-replay vulnerability in the RADIUS protocol. An attacker with local network access could potentially exploit this vulnerability to forge a valid protocol accept message in response to a failed authentication request. |
2025-06-30T19:15:23.580 |
https://cve.circl.lu/cve/CVE-2025-36593 |
| CVE-2025-36582 |
2.5 |
Dell |
Dell NetWorker, versions 19.12.0.1 and prior, contains a Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. |
2025-07-01T14:15:37.300 |
https://cve.circl.lu/cve/CVE-2025-36582 |
| CVE-2025-48954 |
5.2 |
Discourse |
Discourse is an open-source discussion platform. Versions prior to 3.5.0.beta6 are vulnerable to cross-site scripting when the content security policy isn't enabled when using social logins. Version 3.5.0.beta6 patches the issue. As a workaround, have the content security policy enabled. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-48954 |
| CVE-2025-49845 |
N/A |
Discourse |
Discourse is an open-source discussion platform. The visibility of posts typed `whisper` is controlled via the `whispers_allowed_groups` site setting. Only users that belong to groups specified in the site setting are allowed to view posts typed `whisper`. However, it has been discovered that users of versions prior to 3.4.6 on the `stable` branch and prior to 3.5.0.beta8-dev on the `tests-passed` branch can continue to see their own whispers even after losing visibility of posts typed `whisper`. This issue is patched in versions 3.4.6 and 3.5.0.beta8-dev. No known workarounds are available. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-49845 |
| CVE-2024-45497 |
4.7 |
Docker |
A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties. |
2025-06-26T01:15:20.083 |
https://cve.circl.lu/cve/CVE-2024-45497 |
| CVE-2025-6624 |
6.0 |
Docker |
Versions of the package snyk before 1.1297.3 are vulnerable to Insertion of Sensitive Information into Log File through local Snyk CLI debug logs. Container Registry credentials provided via environment variables or command line arguments can be exposed when executing Snyk CLI in DEBUG or DEBUG/TRACE mode.The issue affects the following Snyk commands:1. When snyk container test or snyk container monitor commands are run against a container registry, with debug mode enabled, the container registry credentials may be written into the local Snyk CLI debug log. This only happens with credentials specified in environment variables (SNYK_REGISTRY_USERNAME and SNYK_REGISTRY_PASSWORD), or in the CLI (--password/-p and --username/-u).2. When snyk auth command is executed with debug mode enabled AND the log level is set to TRACE, the Snyk access / refresh credential tokens used to connect the CLI to Snyk may be written into the local CLI debug logs.3. When snyk iac test is executed with a Remote IAC Custom rules bundle, debug mode enabled, AND the log level is set to TRACE, the docker registry token may be written into the local CLI debug logs. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-6624 |
| CVE-2014-7210 |
5.9 |
Debian |
pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backendsare not affected. |
2025-06-30T18:38:48.477 |
https://cve.circl.lu/cve/CVE-2014-7210 |
| CVE-2025-53391 |
6.0 |
Debian |
The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root. |
2025-06-30T18:38:23.493 |
https://cve.circl.lu/cve/CVE-2025-53391 |
| CVE-2024-29153 |
5.9 |
DDoS |
A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, and Exynos Modem 5300 that involves incorrect authorization of LTE NAS messages and leads to downgrading to lower network generations and repeated DDOS. |
2025-06-26T20:53:40.360 |
https://cve.circl.lu/cve/CVE-2024-29153 |
| CVE-2024-37086 |
4.2 |
ESXi |
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host. |
2025-06-27T13:39:14.217 |
https://cve.circl.lu/cve/CVE-2024-37086 |
| CVE-2023-28366 |
3.6 |
Eclipse |
The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. |
2025-06-26T14:15:28.433 |
https://cve.circl.lu/cve/CVE-2023-28366 |
| CVE-2023-5632 |
3.6 |
Eclipse |
In Eclipse Mosquito before and including 2.0.5, establishing a connection to the mosquitto server without sending data causes the EPOLLOUT event to be added, which results excessive CPU consumption. This could be used by a malicious actor to perform denial of service type attack. This issue is fixed in 2.0.6 |
2025-06-25T20:53:55.653 |
https://cve.circl.lu/cve/CVE-2023-5632 |
| CVE-2024-6763 |
1.4 |
Eclipse |
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing.The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviour of HttpURI differs from the common browsers in how it handles a URI that would be considered invalid if fully validated against the RRC. Specifically HttpURI and the browser may differ on the value of the host extracted from an invalid URI and thus a combination of Jetty and a vulnerable browser may be vulnerable to a open redirect attack or to a SSRF attack if the URI is used after passing validation checks. |
2025-06-25T13:04:03.537 |
https://cve.circl.lu/cve/CVE-2024-6763 |
| CVE-2025-52884 |
N/A |
Ethereum |
RISC Zero is a zero-knowledge verifiable general computing platform, with Ethereum integration. The risc0-ethereum repository contains Solidity verifier contracts, Steel EVM view call library, and supporting code. Prior to versions 2.1.1 and 2.2.0, the `Steel.validateCommitment` Solidity library function will return `true` for a crafted commitment with a digest value of zero. This violates the semantics of `validateCommitment`, as this does not commitment to a block that is in the current chain. Because the digest is zero, it does not correspond to any block and there exist no known openings. As a result, this commitment will never be produced by a correct zkVM guest using Steel and leveraging this bug to compromise the soundness of a program using Steel would require a separate bug or misuse of the Steel library, which is expected to be used to validate the root of state opening proofs. A fix has been released as part of `risc0-ethereum` 2.1.1 and 2.2.0. Users for the `Steel` Solidity library versions 2.1.0 or earlier should ensure they are using `Steel.validateCommitment` in tandem with zkVM proof verification of a Steel program, as shown in the ERC-20 counter example, and documentation. This is the correct usage of Steel, and users following this pattern are not at risk, and do not need to take action. Users not verifying a zkVM proof of a Steel program should update their application to do so, as this is incorrect usage of Steel. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-52884 |
| CVE-2025-21362 |
5.9 |
Excel |
Microsoft Excel Remote Code Execution Vulnerability |
2025-07-01T16:53:19.873 |
https://cve.circl.lu/cve/CVE-2025-21362 |
| CVE-2025-21364 |
5.9 |
Excel |
Microsoft Excel Security Feature Bypass Vulnerability |
2025-07-01T17:18:41.680 |
https://cve.circl.lu/cve/CVE-2025-21364 |
| CVE-2025-21381 |
5.9 |
Excel |
Microsoft Excel Remote Code Execution Vulnerability |
2025-07-01T16:59:50.610 |
https://cve.circl.lu/cve/CVE-2025-21381 |
| CVE-2025-21383 |
5.9 |
Excel |
Microsoft Excel Information Disclosure Vulnerability |
2025-07-01T16:59:03.380 |
https://cve.circl.lu/cve/CVE-2025-21383 |
| CVE-2025-21386 |
5.9 |
Excel |
Microsoft Excel Remote Code Execution Vulnerability |
2025-07-01T16:58:46.240 |
https://cve.circl.lu/cve/CVE-2025-21386 |
| CVE-2025-5366 |
5.2 |
Exchange |
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Folder-wise read mails with subject report. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-5366 |
| CVE-2025-5966 |
5.2 |
Exchange |
Zohocorp ManageEngine Exchange reporter Plus version 5722 and below are vulnerable to Stored XSS in the Attachments by filename keyword report. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-5966 |
| CVE-2025-53099 |
N/A |
Exchange |
Sentry is a developer-first error tracking and performance monitoring tool. Prior to version 25.5.0, an attacker with a malicious OAuth application registered with Sentry can take advantage of a race condition and improper handling of authorization code within Sentry to maintain persistence to a user's account. With a specially timed requests and redirect flows, an attacker could generate multiple authorization codes that could be used to exchange for access and refresh tokens. This was possible even after de-authorizing the particular application. This issue has been patched in version 25.5.0. Self-hosted Sentry users should upgrade to version 25.5.0 or higher. Sentry SaaS users do not need to take any action. |
2025-07-01T15:15:26.277 |
https://cve.circl.lu/cve/CVE-2025-53099 |
| CVE-2012-6436 |
6.9 |
Exploit |
The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the CPU to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 |
2025-06-30T22:15:28.573 |
https://cve.circl.lu/cve/CVE-2012-6436 |
| CVE-2012-6437 |
10.0 |
Exploit |
The device does not properly authenticate users and the potential exists for a remote user to upload a new firmware image to the Ethernet card, whether it is a corrupt or legitimate firmware image. Successful exploitation of this vulnerability could cause loss of availability, integrity, and confidentiality and a disruption in communications with other connected devices.Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 |
2025-06-30T22:15:28.747 |
https://cve.circl.lu/cve/CVE-2012-6437 |
| CVE-2012-6438 |
6.9 |
Exploit |
The device does not properly validate the data being sent to the buffer. An attacker can send a malformed CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP, which creates a buffer overflow and causes the NIC to crash. Successful exploitation of this vulnerability could cause loss of availability and a disruption in communications with other connected devices.Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 |
2025-06-30T22:15:28.920 |
https://cve.circl.lu/cve/CVE-2012-6438 |
| CVE-2012-6440 |
10.0 |
Exploit |
The Web server password authentication mechanism used by the products is vulnerable to a MitM and Replay attack. Successful exploitation of this vulnerability will allow unauthorized access of the product’s Web server to view and alter product configuration and diagnostics information.Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 |
2025-06-30T22:15:29.253 |
https://cve.circl.lu/cve/CVE-2012-6440 |
| CVE-2012-6441 |
2.9 |
Exploit |
An information exposure of confidential information results when the device receives a specially crafted CIP packet to Port 2222/TCP, Port 2222/UDP, Port 44818/TCP, or Port 44818/UDP. Successful exploitation of this vulnerability could cause loss of confidentiality.Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 |
2025-06-30T22:15:29.420 |
https://cve.circl.lu/cve/CVE-2012-6441 |
| CVE-2024-1522 |
5.9 |
Endpoint |
A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application. |
2025-06-30T18:56:13.953 |
https://cve.circl.lu/cve/CVE-2024-1522 |
| CVE-2024-34949 |
4.2 |
Endpoint |
SQL injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function OrderLogic::getOrderList function, exploited at the /admin/order/lists.html endpoint. |
2025-06-30T18:07:11.630 |
https://cve.circl.lu/cve/CVE-2024-34949 |
| CVE-2024-5921 |
5.9 |
Endpoint |
An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint.Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories. |
2025-06-27T16:55:15.100 |
https://cve.circl.lu/cve/CVE-2024-5921 |
| CVE-2024-45106 |
5.2 |
Endpoint |
Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false. * The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators.Users are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint. |
2025-07-01T20:29:26.263 |
https://cve.circl.lu/cve/CVE-2024-45106 |
| CVE-2025-30141 |
3.6 |
Endpoint |
An issue was discovered on G-Net Dashcam BB GONX devices. One can Remotely Dump Video Footage and the Live Video Stream. It exposes API endpoints on ports 9091 and 9092 that allow remote access to recorded and live video feeds. An attacker who connects to the dashcam's network can retrieve all stored recordings and convert them from JDR format to MP4. Additionally, port 9092's RTSP stream can be accessed remotely, allowing real-time video feeds to be extracted without the owner's knowledge. |
2025-07-01T21:04:38.610 |
https://cve.circl.lu/cve/CVE-2025-30141 |
| CVE-2024-56523 |
5.2 |
Firewall |
Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method. |
2025-07-01T20:03:38.823 |
https://cve.circl.lu/cve/CVE-2024-56523 |
| CVE-2024-56524 |
5.2 |
Firewall |
Radware Cloud Web Application Firewall (WAF) before 2025-05-07 allows remote attackers to bypass firewall filters by adding a special character to the request. |
2025-07-01T19:51:36.820 |
https://cve.circl.lu/cve/CVE-2024-56524 |
| CVE-2025-52562 |
6.0 |
Firewall |
Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafted HTTP request with malicious locale and namespace parameters. This allows the attacker to include and execute arbitrary PHP files on the server. This issue has been patched in version 4.4.1. A temporary workaround involves implementing strict Web Application Firewall (WAF) rules to incoming requests targeting the vulnerable endpoints. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-52562 |
| CVE-2025-1754 |
1.4 |
GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed unauthenticated attackers to upload arbitrary files to public projects by sending crafted API requests, potentially leading to resource abuse and unauthorized content storage. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-1754 |
| CVE-2025-2938 |
1.4 |
GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to gain elevated project privileges by requesting access to projects where role modifications during the approval process resulted in unintended permission grants. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-2938 |
| CVE-2025-3279 |
3.6 |
GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions from 10.7 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated attackers to create a DoS condition by sending crafted GraphQL requests. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-3279 |
| CVE-2025-5315 |
1.4 |
GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions from 17.2 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users with Guest role permissions to add child items to incident work items by sending crafted API requests that bypassed UI-enforced role restrictions. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-5315 |
| CVE-2025-5846 |
1.4 |
GitLab |
An issue has been discovered in GitLab EE affecting all versions from 16.10 before 17.11.5, 18.0 before 18.0.3, and 18.1 before 18.1.1 that could have allowed authenticated users to assign unrelated compliance frameworks to projects by sending crafted GraphQL mutations that bypassed framework-specific permission checks. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-5846 |
| CVE-2010-1233 |
10.0 |
Google |
Multiple integer overflows in Google Chrome before 4.1.249.1036 allow remote attackers to have an unspecified impact via vectors involving WebKit JavaScript objects. |
2025-06-25T16:55:51.240 |
https://cve.circl.lu/cve/CVE-2010-1233 |
| CVE-2023-4428 |
5.2 |
Google |
Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) |
2025-07-01T14:15:30.550 |
https://cve.circl.lu/cve/CVE-2023-4428 |
| CVE-2023-4761 |
5.2 |
Google |
Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) |
2025-06-25T15:15:21.450 |
https://cve.circl.lu/cve/CVE-2023-4761 |
| CVE-2024-6288 |
2.7 |
Google |
The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. |
2025-07-01T18:15:24.303 |
https://cve.circl.lu/cve/CVE-2024-6288 |
| CVE-2024-57996 |
3.6 |
Google |
In the Linux kernel, the following vulnerability has been resolved:net_sched: sch_sfq: don't allow 1 packet limitThe current implementation does not work correctly with a limit of1. iproute2 actually checks for this and this patch adds the check inkernel as well.This fixes the following syzkaller reported crash:UBSAN: array-index-out-of-bounds in net/sched/sch_sfq.c:210:6index 65535 is out of range for type 'struct sfq_head[128]'CPU: 0 PID: 2569 Comm: syz-executor101 Not tainted 5.10.0-smp-DEV #1Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024Call Trace: __dump_stack lib/dump_stack.c:79 [inline] dump_stack+0x125/0x19f lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:148 [inline] __ubsan_handle_out_of_bounds+0xed/0x120 lib/ubsan.c:347 sfq_link net/sched/sch_sfq.c:210 [inline] sfq_dec+0x528/0x600 net/sched/sch_sfq.c:238 sfq_dequeue+0x39b/0x9d0 net/sched/sch_sfq.c:500 sfq_reset+0x13/0x50 net/sched/sch_sfq.c:525 qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026 tbf_reset+0x3d/0x100 net/sched/sch_tbf.c:319 qdisc_reset+0xfe/0x510 net/sched/sch_generic.c:1026 dev_reset_queue+0x8c/0x140 net/sched/sch_generic.c:1296 netdev_for_each_tx_queue include/linux/netdevice.h:2350 [inline] dev_deactivate_many+0x6dc/0xc20 net/sched/sch_generic.c:1362 __dev_close_many+0x214/0x350 net/core/dev.c:1468 dev_close_many+0x207/0x510 net/core/dev.c:1506 unregister_netdevice_many+0x40f/0x16b0 net/core/dev.c:10738 unregister_netdevice_queue+0x2be/0x310 net/core/dev.c:10695 unregister_netdevice include/linux/netdevice.h:2893 [inline] __tun_detach+0x6b6/0x1600 drivers/net/tun.c:689 tun_detach drivers/net/tun.c:705 [inline] tun_chr_close+0x104/0x1b0 drivers/net/tun.c:3640 __fput+0x203/0x840 fs/file_table.c:280 task_work_run+0x129/0x1b0 kernel/task_work.c:185 exit_task_work include/linux/task_work.h:33 [inline] do_exit+0x5ce/0x2200 kernel/exit.c:931 do_group_exit+0x144/0x310 kernel/exit.c:1046 __do_sys_exit_group kernel/exit.c:1057 [inline] __se_sys_exit_group kernel/exit.c:1055 [inline] __x64_sys_exit_group+0x3b/0x40 kernel/exit.c:1055 do_syscall_64+0x6c/0xd0 entry_SYSCALL_64_after_hwframe+0x61/0xcbRIP: 0033:0x7fe5e7b52479Code: Unable to access opcode bytes at RIP 0x7fe5e7b5244f.RSP: 002b:00007ffd3c800398 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fe5e7b52479RDX: 000000000000003c RSI: 00000000000000e7 RDI: 0000000000000000RBP: 00007fe5e7bcd2d0 R08: ffffffffffffffb8 R09: 0000000000000014R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe5e7bcd2d0R13: 0000000000000000 R14: 00007fe5e7bcdd20 R15: 00007fe5e7b24270The crash can be also be reproduced with the following (with a tcrecompiled to allow for sfq limits of 1):tc qdisc add dev dummy0 handle 1: root tbf rate 1Kbit burst 100b lat 1s../iproute2-6.9.0/tc/tc qdisc add dev dummy0 handle 2: parent 1:10 sfq limit 1ifconfig dummy0 upping -I dummy0 -f -c2 -W0.1 8.8.8.8sleep 1Scenario that triggers the crash:* the first packet is sent and queued in TBF and SFQ; qdisc qlen is 1* TBF dequeues: it peeks from SFQ which moves the packet to the gso_skb list and keeps qdisc qlen set to 1. TBF is out of tokens so it schedules itself for later.* the second packet is sent and TBF tries to queues it to SFQ. qdisc qlen is now 2 and because the SFQ limit is 1 the packet is dropped by SFQ. At this point qlen is 1, and all of the SFQ slots are empty, however q->tail is not NULL.At this point, assuming no more packets are queued, when sch_dequeueruns again it will decrement the qlen for the current empty slotcausing an underflow and the subsequent out of bounds access. |
2025-06-27T11:15:24.037 |
https://cve.circl.lu/cve/CVE-2024-57996 |
| CVE-2025-50178 |
N/A |
GitHub |
GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 0.4.3 lack input validation for user provided values in certain functions. In the `GitForge.get_repo` function for GitHub, the user can provide any string for the owner and repo fields. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on api.github.com that were not intended. Version 0.4.3 contains a patch for the issue. No known workarounds are available. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-50178 |
| CVE-2025-52480 |
N/A |
GitHub |
Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious (or can be injected using upstream vulnerabilities), an argument injection is possible in the `gettreesha()` function. This can then lead to a potential remote code execution. Users should upgrade immediately to v1.9.5 to receive a patch. All prior versions are vulnerable. No known workarounds are available. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-52480 |
| CVE-2025-52483 |
N/A |
GitHub |
Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious (or can be injected using upstream vulnerabilities) a shell script injection can occur within the `withpasswd` function. Alternatively, an argument injection is possible in the `gettreesha `function. either of these can then lead to a potential RCE. Users should upgrade immediately to v1.9.5 to receive a fix. All prior versions are vulnerable. No known workarounds are available. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-52483 |
| CVE-2025-52477 |
4.0 |
GitHub |
Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which could reflect error logs with sensitive information. Upgrade to v0.5.3 to resolve this issue. This version includes patch sets to sanitize input and redact logging. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-52477 |
| CVE-2025-53104 |
5.2 |
GitHub |
gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS (NativeWind). Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields (title, body, etc.) were directly interpolated into shell commands in a run: block. An attacker could craft a malicious GitHub Discussion title or body (e.g., $(curl ...)) to execute arbitrary shell commands on the Actions runner. This issue has been fixed in commit e6b4271 where the discussion-to-slack.yml workflow was removed. Users should remove the discussion-to-slack.yml workflow if using a fork or derivative of this repository. |
2025-07-01T19:15:27.800 |
https://cve.circl.lu/cve/CVE-2025-53104 |
| CVE-2025-37092 |
5.9 |
HPE |
A command injection remote code execution vulnerability exists in HPE StoreOnce Software. |
2025-07-02T01:14:24.027 |
https://cve.circl.lu/cve/CVE-2025-37092 |
| CVE-2025-37093 |
5.9 |
HPE |
An authentication bypass vulnerability exists in HPE StoreOnce Software. |
2025-07-02T01:12:24.617 |
https://cve.circl.lu/cve/CVE-2025-37093 |
| CVE-2025-37094 |
4.2 |
HPE |
A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software. |
2025-07-02T01:10:16.433 |
https://cve.circl.lu/cve/CVE-2025-37094 |
| CVE-2025-37101 |
5.8 |
HPE |
A potential security vulnerability has been identified in HPE OneView for VMware vCenter (OV4VC). This vulnerability could be exploited allowing an attacker with read only privilege to cause Vertical Privilege Escalation (operator can perform admin actions). |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-37101 |
| CVE-2025-37097 |
3.6 |
HPE |
A vulnerability in HPE Insight Remote Support (IRS) prior to v7.15.0.646 may allow an unauthenticated denial of service |
2025-07-01T15:15:25.470 |
https://cve.circl.lu/cve/CVE-2025-37097 |
| CVE-2024-27264 |
5.9 |
IBM |
IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563. |
2025-06-30T18:15:25.157 |
https://cve.circl.lu/cve/CVE-2024-27264 |
| CVE-2025-0966 |
4.7 |
IBM |
IBM InfoSphere Information Server 11.7 vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-0966 |
| CVE-2025-36004 |
5.9 |
IBM |
IBM i 7.2, 7.3, 7.4, and 7.5 could allow a user to gain elevated privileges due to an unqualified library call in IBM Facsimile Support for i. A malicious actor could cause user-controlled code to run with administrator privilege. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-36004 |
| CVE-2025-36038 |
6.0 |
IBM |
IBM WebSphere Application Server 8.5 and 9.0 could allow a remote attacker to execute arbitrary code on the system with a specially crafted sequence of serialized objects. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-36038 |
| CVE-2025-36034 |
3.6 |
IBM |
IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-36034 |
| CVE-2022-3077 |
3.6 |
Intel |
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system. |
2025-06-27T17:40:17.870 |
https://cve.circl.lu/cve/CVE-2022-3077 |
| CVE-2025-52882 |
N/A |
Intel |
Claude Code is an agentic coding tool. Claude Code extensions in VSCode and forks (e.g., Cursor, Windsurf, and VSCodium) and JetBrains IDEs (e.g., IntelliJ, Pycharm, and Android Studio) are vulnerable to unauthorized websocket connections from an attacker when visiting attacker-controlled webpages. Claude Code for VSCode IDE extensions versions 0.2.116 through 1.0.23 are vulnerable. For Jetbrains IDE plugins, Claude Code [beta] versions 0.1.1 through 0.1.8 are vulnerable. In VSCode (and forks), exploitation would allow an attacker to read arbitrary files, see the list of files open in the IDE, get selection and diagnostics events from the IDE, or execute code in limited situations where a user has an open Jupyter Notebook and accepts a malicious prompt. In JetBrains IDEs, an attacker could get selection events, a list of open files, and a list of syntax errors. Claude released a patch for this issue on June 13th, 2025. Although Claude Code auto-updates when a user launch it and auto-updates the extensions, users should take the following steps, though the exact steps depend on one's integrated development environment (IDE). For VSCode, Cursor, Windsurf, VSCodium, and other VSCode forks, check the extension Claude Code for VSCode. Open the list of Extensions (View->Extensions), look for Claude Code for VSCode among installed extensions, update or uninstall any version prior to 1.0.24, and restart the IDE. For JetBrains IDEs including IntelliJ, PyCharm, and Android Studio, check the plugin Claude Code [Beta]. Open the Plugins list, look for Claude Code [Beta] among installed extensions, update or uninstall any version prior to 0.1.9, and restart the IDE. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-52882 |
| CVE-2025-49003 |
N/A |
Intel |
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, a threat actor may take advantage of a feature in Java in which the character "ı" becomes "I" when converted to uppercase, and the character "ſ" becomes "S" when converted to uppercase. A threat actor who uses a carefully crafted message that exploits this character conversion can cause remote code execution. The vulnerability has been fixed in v2.10.11. No known workarounds are available. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-49003 |
| CVE-2025-6765 |
3.4 |
Intel |
A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
2025-06-30T18:38:48.477 |
https://cve.circl.lu/cve/CVE-2025-6765 |
| CVE-2023-38007 |
2.7 |
Intel |
IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. |
2025-06-30T18:38:23.493 |
https://cve.circl.lu/cve/CVE-2023-38007 |
| CVE-2024-24780 |
5.9 |
IoT |
Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI.This issue affects Apache IoTDB: from 1.0.0 before 1.3.4.Users are recommended to upgrade to version 1.3.4, which fixes the issue. |
2025-07-01T19:21:39.177 |
https://cve.circl.lu/cve/CVE-2024-24780 |
| CVE-2025-26864 |
3.6 |
IoT |
Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue. |
2025-07-01T19:23:28.797 |
https://cve.circl.lu/cve/CVE-2025-26864 |
| CVE-2025-37098 |
3.6 |
Insight |
A path traversal vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. |
2025-07-01T15:15:25.643 |
https://cve.circl.lu/cve/CVE-2025-37098 |
| CVE-2025-37099 |
5.9 |
Insight |
A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646. |
2025-07-01T18:15:24.763 |
https://cve.circl.lu/cve/CVE-2025-37099 |
| CVE-2009-2466 |
10.0 |
Java |
The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT. |
2025-06-25T16:56:21.430 |
https://cve.circl.lu/cve/CVE-2009-2466 |
| CVE-2024-47226 |
2.7 |
Java |
A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties have disputed this as not a vulnerability. It is argued that the configuration revision banner feature is meant to contain unsanitized HTML in order to display notifications to users. Since these fields are intended to display unsanitized HTML, this is working as intended. |
2025-06-30T14:50:07.543 |
https://cve.circl.lu/cve/CVE-2024-47226 |
| CVE-2024-57326 |
2.7 |
Java |
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the search.php file of the Online Pizza Delivery System 1.0. The vulnerability allows an attacker to execute arbitrary JavaScript code in the browser via unsanitized input passed through the search parameter. |
2025-06-27T19:39:56.897 |
https://cve.circl.lu/cve/CVE-2024-57326 |
| CVE-2025-52875 |
2.7 |
JetBrains |
In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible |
2025-06-25T19:30:15.433 |
https://cve.circl.lu/cve/CVE-2025-52875 |
| CVE-2025-52876 |
2.7 |
JetBrains |
In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible |
2025-06-25T19:30:24.007 |
https://cve.circl.lu/cve/CVE-2025-52876 |
| CVE-2025-52877 |
2.7 |
JetBrains |
In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible |
2025-06-25T19:30:30.747 |
https://cve.circl.lu/cve/CVE-2025-52877 |
| CVE-2025-52878 |
1.4 |
JetBrains |
In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions |
2025-06-25T19:28:34.493 |
https://cve.circl.lu/cve/CVE-2025-52878 |
| CVE-2025-52879 |
2.7 |
JetBrains |
In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible |
2025-06-25T19:28:19.253 |
https://cve.circl.lu/cve/CVE-2025-52879 |
| CVE-2024-53382 |
2.7 |
JavaScript |
Prism (aka PrismJS) through 1.29.0 allows DOM Clobbering (with resultant XSS for untrusted input that contains HTML but does not directly contain JavaScript), because document.currentScript lookup can be shadowed by attacker-injected HTML elements. |
2025-06-27T13:08:24.660 |
https://cve.circl.lu/cve/CVE-2024-53382 |
| CVE-2025-25012 |
1.4 |
Kibana |
URL redirection to an untrusted site ('Open Redirect') in Kibana can lead to sending a user to an arbitrary site and server-side request forgery via a specially crafted URL. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-25012 |
| CVE-2025-26521 |
5.2 |
Kubernetes |
When an Apache CloudStack user-account creates a CKS-based Kubernetes cluster in a project, the API key and the secret key of the 'kubeadmin' user of the caller account are used to create the secret config in the CKS-based Kubernetes cluster. A member of the project who can access the CKS-based Kubernetes cluster, can also access the API key and secret key of the 'kubeadmin' user of the CKS cluster's creator's account. An attacker who's a member of the project can exploit this to impersonate and perform privileged actions that can result in complete compromise of the confidentiality, integrity, and availability of resources owned by the creator's account.CKS users are recommended to upgrade to version 4.19.3.0 or 4.20.1.0, which fixes this issue.Updating Existing Kubernetes Clusters in ProjectsA service account should be created for each project to provide limited access specifically for Kubernetes cluster providers and autoscaling. Follow the steps below to create a new service account, update the secret inside the cluster, and regenerate existing API and service keys:1. Create a New Service AccountCreate a new account using the role "Project Kubernetes Service Role" with the following details:Account Namekubeadmin-<FIRST_EIGHT_CHARACTERS_OF_PROJECT_ID>First NameKubernetesLast NameService UserAccount Type0 (Normal User)Role ID<ID_OF_SERVICE_ROLE>2. Add the Service Account to the ProjectAdd this account to the project where the Kubernetes cluster(s) are hosted.3. Generate API and Secret KeysGenerate API Key and Secret Key for the default user of this account.4. Update the CloudStack Secret in the Kubernetes ClusterCreate a temporary file `/tmp/cloud-config` with the following data: api-url = <API_URL> # For example: <MS_URL>/client/api api-key = <SERVICE_USER_API_KEY> secret-key = <SERVICE_USER_SECRET_KEY> project-id = <PROJECT_ID>Delete the existing secret using kubectl and Kubernetes cluster config: ./kubectl --kubeconfig kube.conf -n kube-system delete secret cloudstack-secretCreate a new secret using kubectl and Kubernetes cluster config: ./kubectl --kubeconfig kube.conf -n kube-system create secret generic cloudstack-secret --from-file=/tmp/cloud-configRemove the temporary file: rm /tmp/cloud-config5. Regenerate API and Secret KeysRegenerate the API and secret keys for the original user account that was used to create the Kubernetes cluster. |
2025-07-01T19:25:25.777 |
https://cve.circl.lu/cve/CVE-2025-26521 |
| CVE-2025-5731 |
3.6 |
Kubernetes |
A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found. |
2025-07-01T20:15:27.053 |
https://cve.circl.lu/cve/CVE-2025-5731 |
| CVE-2025-34047 |
N/A |
Lenovo |
A path traversal vulnerability exists in the Leadsec SSL VPN (formerly Lenovo NetGuard), allowing unauthenticated attackers to read arbitrary files on the underlying system via the ostype parameter in the /vpn/user/download/client endpoint. This flaw arises from insufficient input sanitation, enabling traversal sequences to escape the intended directory and access sensitive files. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-34047 |
| CVE-2022-26490 |
5.9 |
Linux |
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. |
2025-06-25T21:01:34.963 |
https://cve.circl.lu/cve/CVE-2022-26490 |
| CVE-2022-28390 |
5.9 |
Linux |
ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free. |
2025-06-25T21:00:27.730 |
https://cve.circl.lu/cve/CVE-2022-28390 |
| CVE-2022-3586 |
3.6 |
Linux |
A flaw was found in the Linux kernel’s networking code. A use-after-free was found in the way the sch_sfb enqueue function used the socket buffer (SKB) cb field after the same SKB had been enqueued (and freed) into a child qdisc. This flaw allows a local, unprivileged user to crash the system, causing a denial of service. |
2025-06-25T20:59:25.893 |
https://cve.circl.lu/cve/CVE-2022-3586 |
| CVE-2022-4127 |
3.6 |
Linux |
A NULL pointer dereference issue was discovered in the Linux kernel in io_files_update_with_index_alloc. A local user could use this flaw to potentially crash the system causing a denial of service. |
2025-06-25T20:57:40.540 |
https://cve.circl.lu/cve/CVE-2022-4127 |
| CVE-2025-52566 |
6.0 |
Llama |
llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation (llama_vocab::tokenize) (src/llama-vocab.cpp:3036) resulting in unintended behavior in tokens copying size comparison. Allowing heap-overflowing llama.cpp inferencing engine with carefully manipulated text input during tokenization process. This issue has been patched in version b5721. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-52566 |
| CVE-2025-53002 |
5.5 |
Llama |
LLaMA-Factory is a tuning library for large language models. A remote code execution vulnerability was discovered in LLaMA-Factory versions up to and including 0.9.3 during the LLaMA-Factory training process. This vulnerability arises because the `vhead_file` is loaded without proper safeguards, allowing malicious attackers to execute arbitrary malicious code on the host system simply by passing a malicious `Checkpoint path` parameter through the `WebUI` interface. The attack is stealthy, as the victim remains unaware of the exploitation. The root cause is that the `vhead_file` argument is loaded without the secure parameter `weights_only=True`. Version 0.9.4 contains a fix for the issue. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-53002 |
| CVE-2025-36537 |
5.9 |
MSI |
Incorrect Permission Assignment for Critical Resource in the TeamViewer Client (Full and Host) of TeamViewer Remote and Tensor prior Version 15.67 on Windows allows a local unprivileged user to trigger arbitrary file deletion with SYSTEM privileges via leveraging the MSI rollback mechanism. The vulnerability only applies to the Remote Management features: Backup, Monitoring, and Patch Management. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-36537 |
| CVE-2023-0917 |
3.4 |
Management |
A vulnerability, which was classified as critical, was found in SourceCodester Simple Customer Relationship Management System 1.0. This affects an unknown part of the file /php-scrm/login.php. The manipulation of the argument Password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221493 was assigned to this vulnerability. |
2025-06-27T19:05:16.527 |
https://cve.circl.lu/cve/CVE-2023-0917 |
| CVE-2023-24364 |
5.9 |
Management |
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel. |
2025-06-27T19:05:16.527 |
https://cve.circl.lu/cve/CVE-2023-24364 |
| CVE-2023-24651 |
2.7 |
Management |
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter on the registration page. |
2025-06-27T19:05:16.527 |
https://cve.circl.lu/cve/CVE-2023-24651 |
| CVE-2023-24652 |
5.9 |
Management |
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the Description parameter under the Create ticket function. |
2025-06-27T19:05:16.527 |
https://cve.circl.lu/cve/CVE-2023-24652 |
| CVE-2023-24653 |
5.9 |
Management |
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function. |
2025-06-27T19:05:16.527 |
https://cve.circl.lu/cve/CVE-2023-24653 |
| CVE-2025-46702 |
2.5 |
Mattermost |
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly enforce channel member management permissions when adding participants to playbook runs. This allows authenticated users with member-level permissions to bypass system admin restrictions and add or remove users to/from private channels via the playbook run participants feature, even when the 'Manage Members' permission has been explicitly removed. This can lead to unauthorized access to sensitive channel content and allow guest users to gain channel management privileges. |
2025-06-30T18:38:23.493 |
https://cve.circl.lu/cve/CVE-2025-46702 |
| CVE-2025-47871 |
1.4 |
Mattermost |
Mattermost versions 10.5.x <= 10.5.5, 9.11.x <= 9.11.15, 10.8.x <= 10.8.0, 10.7.x <= 10.7.2, 10.6.x <= 10.6.5 fail to properly validate channel membership when retrieving playbook run metadata, allowing authenticated users who are playbook members but not channel members to access sensitive information about linked private channels including channel name, display name, and participant count through the run metadata API endpoint. |
2025-06-30T18:38:23.493 |
https://cve.circl.lu/cve/CVE-2025-47871 |
| CVE-2025-21186 |
5.9 |
Microsoft |
Microsoft Access Remote Code Execution Vulnerability |
2025-07-01T16:51:32.220 |
https://cve.circl.lu/cve/CVE-2025-21186 |
| CVE-2025-21345 |
5.9 |
Microsoft |
Microsoft Office Visio Remote Code Execution Vulnerability |
2025-07-01T16:51:55.397 |
https://cve.circl.lu/cve/CVE-2025-21345 |
| CVE-2025-21346 |
5.2 |
Microsoft |
Microsoft Office Security Feature Bypass Vulnerability |
2025-07-01T16:52:19.997 |
https://cve.circl.lu/cve/CVE-2025-21346 |
| CVE-2025-21356 |
5.9 |
Microsoft |
Microsoft Office Visio Remote Code Execution Vulnerability |
2025-07-01T16:52:36.953 |
https://cve.circl.lu/cve/CVE-2025-21356 |
| CVE-2025-6706 |
3.4 |
MongoDB |
An authenticated user may trigger a use after free that may result in MongoDB Server crash and other unexpected behavior, even if the user does not have authorization to shut down a server.The crash is triggered on affected versions by issuing an aggregation framework operation using a specific combination of rarely-used aggregation pipeline expressions. This issue affects MongoDB Server v6.0 version prior to 6.0.21, MongoDB Server v7.0 version prior to 7.0.17 and MongoDB Server v8.0 version prior to 8.0.4 when the SBE engine is enabled. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-6706 |
| CVE-2025-6707 |
2.5 |
MongoDB |
Under certain conditions, an authenticated user request may execute with stale privileges following an intentional change by an authorized administrator. This issue affects MongoDB Server v5.0 version prior to 5.0.31, MongoDB Server v6.0 version prior to 6.0.24, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-6707 |
| CVE-2025-6709 |
3.6 |
MongoDB |
The MongoDB Server is susceptible to a denial of service vulnerability due to improper handling of specific date values in JSON input when using OIDC authentication. This can be reproduced using the mongo shell to send a malicious JSON payload leading to an invariant failure and server crash. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5.The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-6709 |
| CVE-2025-6710 |
3.6 |
MongoDB |
MongoDB Server may be susceptible to stack overflow due to JSON parsing mechanism, where specifically crafted JSON inputs may induce unwarranted levels of recursion, resulting in excessive stack space consumption. Such inputs can lead to a stack overflow that causes the server to crash which could occur pre-authorisation. This issue affects MongoDB Server v7.0 versions prior to 7.0.17 and MongoDB Server v8.0 versions prior to 8.0.5.The same issue affects MongoDB Server v6.0 versions prior to 6.0.21, but an attacker can only induce denial of service after authenticating. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-6710 |
| CVE-2018-14669 |
3.6 |
MySQL |
ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server. |
2025-06-25T20:48:54.637 |
https://cve.circl.lu/cve/CVE-2018-14669 |
| CVE-2025-30722 |
3.6 |
MySQL |
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Client accessible data as well as unauthorized update, insert or delete access to some of MySQL Client accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N). |
2025-06-27T16:03:10.617 |
https://cve.circl.lu/cve/CVE-2025-30722 |
| CVE-2024-27685 |
4.2 |
MySQL |
SQL Injection vulnerability in Student Record system Using PHP and MySQL v.3.20 allows a remote attacker to obtain sensitive information via a crafted payload to the $cshortname, $cfullname, and $cdate variables. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2024-27685 |
| CVE-2023-40440 |
3.6 |
MacOS |
This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted. |
2025-06-25T14:15:21.393 |
https://cve.circl.lu/cve/CVE-2023-40440 |
| CVE-2025-0135 |
1.4 |
MacOS |
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app.The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected. |
2025-06-27T16:50:37.817 |
https://cve.circl.lu/cve/CVE-2025-0135 |
| CVE-2025-4232 |
5.9 |
MacOS |
An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root. |
2025-06-27T16:47:32.383 |
https://cve.circl.lu/cve/CVE-2025-4232 |
| CVE-2025-6426 |
5.9 |
MacOS |
The executable file warning did not warn users before opening files with the `terminal` extension. *This bug only affects Firefox for macOS. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140 and Firefox ESR < 128.12. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-6426 |
| CVE-2024-46992 |
5.9 |
MacOS |
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 30.0.0-alpha.1 to before 30.0.5 and 31.0.0-alpha.1 to before 31.0.0-beta.1, Electron is vulnerable to an ASAR Integrity bypass. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specific to Windows, apps using these fuses on macOS are not impacted. Specifically this issue can only be exploited if the app is launched from a filesystem the attacker has write access too. i.e. the ability to edit files inside the .app bundle on macOS which these fuses are supposed to protect against. This issue has been patched in versions 30.0.5 and 31.0.0-beta.1. There are no workarounds for this issue. |
2025-07-01T02:15:20.977 |
https://cve.circl.lu/cve/CVE-2024-46992 |
| CVE-2024-29190 |
3.6 |
Malware |
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue. |
2025-06-30T13:10:37.367 |
https://cve.circl.lu/cve/CVE-2024-29190 |
| CVE-2024-53999 |
5.8 |
Malware |
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9. |
2025-06-27T15:16:59.273 |
https://cve.circl.lu/cve/CVE-2024-53999 |
| CVE-2024-54000 |
3.6 |
Malware |
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json" returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7. |
2025-06-27T15:17:02.040 |
https://cve.circl.lu/cve/CVE-2024-54000 |
| CVE-2025-5967 |
N/A |
Malware |
A stored cross-site scripting vulnerability in ENS HX 10.0.4 allows a malicious user to inject arbitrary HTML into the ENS HX Malware Scan Name field, resulting in the exposure of sensitive data. |
2025-07-01T04:15:34.137 |
https://cve.circl.lu/cve/CVE-2025-5967 |
| CVE-2025-6675 |
2.5 |
MFA |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Enterprise MFA - TFA for Drupal allows Authentication Bypass.This issue affects Enterprise MFA - TFA for Drupal: from 0.0.0 before 4.8.0, from 5.2.0 before 5.2.1, from 0.0.0 before 5.0.*, from 0.0.0 before 5.1.*. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-6675 |
| CVE-2022-29204 |
3.6 |
Machine Learning |
TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a positive scalar but there is no validation. Since this value is used to allocate the output tensor, a negative value would result in a `CHECK`-failure (assertion failure), as per TFSA-2021-198. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue. |
2025-06-25T21:00:03.170 |
https://cve.circl.lu/cve/CVE-2022-29204 |
| CVE-2025-6703 |
N/A |
Mozilla |
Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: from 0.4.24 through 0.13.2. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-6703 |
| CVE-2025-23264 |
5.9 |
NVIDIA |
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-23264 |
| CVE-2025-23265 |
5.9 |
NVIDIA |
NVIDIA Megatron-LM for all platforms contains a vulnerability in a python component where an attacker may cause a code injection issue by providing a malicious file. A successful exploit of this vulnerability may lead to Code Execution, Escalation of Privileges, Information Disclosure and Data Tampering. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-23265 |
| CVE-2025-23260 |
1.4 |
NVIDIA |
NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-23260 |
| CVE-2025-6565 |
5.9 |
Netgear |
A vulnerability was found in Netgear WNCE3001 1.0.0.50. It has been classified as critical. This affects the function http_d of the component HTTP POST Request Handler. The manipulation of the argument Host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-6565 |
| CVE-2023-32559 |
5.9 |
Node.js |
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. |
2025-07-01T14:15:28.967 |
https://cve.circl.lu/cve/CVE-2023-32559 |
| CVE-2025-50182 |
3.6 |
Node.js |
urllib3 is a user-friendly HTTP client library for Python. Starting in version 2.2.0 and prior to 2.5.0, urllib3 does not control redirects in browsers and Node.js. urllib3 supports being used in a Pyodide runtime utilizing the JavaScript Fetch API or falling back on XMLHttpRequest. This means Python libraries can be used to make HTTP requests from a browser or Node.js. Additionally, urllib3 provides a mechanism to control redirects, but the retries and redirect parameters are ignored with Pyodide; the runtime itself determines redirect behavior. This issue has been patched in version 2.5.0. |
2025-06-30T19:15:25.017 |
https://cve.circl.lu/cve/CVE-2025-50182 |
| CVE-2025-52573 |
5.2 |
Node.js |
iOS Simulator MCP Server (ios-simulator-mcp) is a Model Context Protocol (MCP) server for interacting with iOS simulators. Versions prior to 1.3.3 are written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server exposes the tool `ui_tap` which relies on Node.js child process API `exec` which is an unsafe and vulnerable API if concatenated with untrusted user input. LLM exposed user input for `duration`, `udid`, and `x` and `y` args can be replaced with shell meta-characters like `;` or `&&` or others to change the behavior from running the expected command `idb` to another command. When LLMs are tricked through prompt injection (and other techniques and attack vectors) to call the tool with input that uses special shell characters such as `; rm -rf /tmp;#` and other payload variations, the full command-line text will be interepted by the shell and result in other commands except of `ps` executing on the host running the MCP Server. Version 1.3.3 contains a patch for the issue. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-52573 |
| CVE-2025-36630 |
5.8 |
Nessus |
In Tenable Nessus versions prior to 10.8.5 on a Windows host, it was found that a non-administrative user could overwrite arbitrary local system files with log content at SYSTEM privilege. |
2025-07-02T00:15:22.543 |
https://cve.circl.lu/cve/CVE-2025-36630 |
| CVE-2024-49364 |
N/A |
NPM |
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a private key can be extracted on signing a malicious JSON-stringifiable object, when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer package. The Buffer.isBuffer check can be bypassed, resulting in k reuse for different messages, leading to private key extraction over a single invalid message (and a second one for which any message/signature could be taken, e.g. previously known valid one). This issue has been patched in version 1.1.7. |
2025-07-01T14:15:33.373 |
https://cve.circl.lu/cve/CVE-2024-49364 |
| CVE-2024-49365 |
N/A |
NPM |
tiny-secp256k1 is a tiny secp256k1 native/JS wrapper. Prior to version 1.1.7, a malicious JSON-stringifyable message can be made passing on verify(), when global Buffer is the buffer package. This affects only environments where require('buffer') is the NPM buffer package. Buffer.isBuffer check can be bypassed, resulting in strange objects being accepted as a message, and those messages could trick verify() into returning false-positive true values. This issue has been patched in version 1.1.7. |
2025-07-01T14:15:34.307 |
https://cve.circl.lu/cve/CVE-2024-49365 |
| CVE-2022-4128 |
3.6 |
NULL Pointer |
A NULL pointer dereference issue was discovered in the Linux kernel in the MPTCP protocol when traversing the subflow list at disconnect time. A local user could use this flaw to potentially crash the system causing a denial of service. |
2025-06-25T20:57:22.500 |
https://cve.circl.lu/cve/CVE-2022-4128 |
| CVE-2023-6622 |
3.6 |
NULL Pointer |
A null pointer dereference vulnerability was found in nft_dynset_init() in net/netfilter/nft_dynset.c in nf_tables in the Linux kernel. This issue may allow a local attacker with CAP_NET_ADMIN user privilege to trigger a denial of service. |
2025-06-25T20:52:54.067 |
https://cve.circl.lu/cve/CVE-2023-6622 |
| CVE-2024-28068 |
3.6 |
NULL Pointer |
A vulnerability was discovered in SS in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, and Exynos Modem 5300 that involves a NULL pointer dereference which can cause abnormal termination of a mobile phone via a manipulated packet. |
2025-06-26T20:53:51.280 |
https://cve.circl.lu/cve/CVE-2024-28068 |
| CVE-2023-34400 |
3.6 |
NULL Pointer |
Mercedes-Benz head-unit NTG6 contains functions to import or export profile settings over USB. In case of parsing file, service try to define header inside the file and convert it to null-terminated string. If character is missed, will return null pointer. |
2025-06-27T16:12:53.050 |
https://cve.circl.lu/cve/CVE-2023-34400 |
| CVE-2025-53021 |
2.5 |
OAuth |
A session fixation vulnerability in Moodle 3.x through 3.11.18 allows unauthenticated attackers to hijack user sessions via the sesskey parameter. The sesskey can be obtained without authentication and reused within the OAuth2 login flow, resulting in the victim's session being linked to the attacker's. Successful exploitation results in full account takeover. According to the Moodle Releases page, "Bug fixes for security issues in 3.11.x ended 11 December 2023." NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-53021 |
| CVE-2025-27587 |
3.6 |
OpenSSL |
OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based on the bit size of the extracted nonce, one can compare the signing time of full-sized nonces to signatures that used smaller nonces, via statistical tests. There is a side-channel in the P-364 curve that allows private key extraction (also, there is a dependency between the bit size of K and the size of the side channel). NOTE: This CVE is disputed because the OpenSSL security policy explicitly notes that any side channels which require same physical system to be detected are outside of the threat model for the software. The timing signal is so small that it is infeasible to be detected without having the attacking process running on the same physical system. |
2025-06-26T17:15:30.497 |
https://cve.circl.lu/cve/CVE-2025-27587 |
| CVE-2025-30708 |
3.6 |
Oracle |
Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search and Register Users). Supported versions that are affected are 12.2.4-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle User Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle User Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). |
2025-06-26T18:57:46.120 |
https://cve.circl.lu/cve/CVE-2025-30708 |
| CVE-2025-30720 |
2.7 |
Oracle |
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Configurator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Configurator accessible data as well as unauthorized read access to a subset of Oracle Configurator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). |
2025-06-27T16:04:52.240 |
https://cve.circl.lu/cve/CVE-2025-30720 |
| CVE-2025-30737 |
5.2 |
Oracle |
Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart View). The supported version that is affected is 24.200. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Smart View for Office. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Smart View for Office accessible data as well as unauthorized access to critical data or complete access to all Oracle Smart View for Office accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N). |
2025-06-27T15:57:53.103 |
https://cve.circl.lu/cve/CVE-2025-30737 |
| CVE-2025-21357 |
5.9 |
Outlook |
Microsoft Outlook Remote Code Execution Vulnerability |
2025-07-01T16:52:56.710 |
https://cve.circl.lu/cve/CVE-2025-21357 |
| CVE-2025-47176 |
5.9 |
Outlook |
'.../...//' in Microsoft Office Outlook allows an authorized attacker to execute code locally. |
2025-07-01T16:50:53.030 |
https://cve.circl.lu/cve/CVE-2025-47176 |
| CVE-2025-21365 |
5.9 |
Office |
Microsoft Office Remote Code Execution Vulnerability |
2025-07-01T17:17:15.220 |
https://cve.circl.lu/cve/CVE-2025-21365 |
| CVE-2025-21392 |
5.9 |
Office |
Microsoft Office Remote Code Execution Vulnerability |
2025-07-01T16:50:27.370 |
https://cve.circl.lu/cve/CVE-2025-21392 |
| CVE-2012-6428 |
10.0 |
PHP |
The Carlo Gavazzi EOS-Boxstores hard-coded passwords in the PHP file of the device. By using the hard-coded passwords, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access. |
2025-07-01T20:15:24.300 |
https://cve.circl.lu/cve/CVE-2012-6428 |
| CVE-2024-39884 |
3.6 |
PHP |
A regression in the core of Apache HTTP Server 2.4.60 ignores some use of the legacy content-type based configuration of handlers. "AddType" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.Users are recommended to upgrade to version 2.4.61, which fixes this issue. |
2025-07-01T20:27:13.287 |
https://cve.circl.lu/cve/CVE-2024-39884 |
| CVE-2025-0108 |
5.2 |
PHP |
An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PHP scripts does not enable remote code execution, it can negatively impact integrity and confidentiality of PAN-OS.You can greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended best practices deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .This issue does not affect Cloud NGFW or Prisma Access software. |
2025-06-27T20:39:59.717 |
https://cve.circl.lu/cve/CVE-2025-0108 |
| CVE-2025-27411 |
2.7 |
PHP |
REDAXO is a PHP-based CMS. In Redaxo before 5.18.3, the mediapool/media page is vulnerable to arbitrary file upload. This vulnerability is fixed in 5.18.3. |
2025-07-01T20:38:15.100 |
https://cve.circl.lu/cve/CVE-2025-27411 |
| CVE-2025-27412 |
2.7 |
PHP |
REDAXO is a PHP-based CMS. In Redaxo from 5.0.0 through 5.18.2, the rex-api-result parameter is vulnerable to Reflected cross-site scripting (XSS) on the page of AddOns. This vulnerability is fixed in 5.18.3. |
2025-07-01T20:38:33.160 |
https://cve.circl.lu/cve/CVE-2025-27412 |
| CVE-2025-0118 |
5.9 |
Palo Alto |
A vulnerability in the Palo Alto Networks GlobalProtect app on Windows allows a remote attacker to run ActiveX controls within the context of an authenticated Windows user. This enables the attacker to run commands as if they are a legitimate authenticated user. However, to exploit this vulnerability, the authenticated user must navigate to a malicious page during the GlobalProtect SAML login process on a Windows device.This issue does not apply to the GlobalProtect app on other (non-Windows) platforms. |
2025-06-27T16:52:34.327 |
https://cve.circl.lu/cve/CVE-2025-0118 |
| CVE-2025-0120 |
5.9 |
Palo Alto |
A vulnerability with a privilege management mechanism in the Palo Alto Networks GlobalProtect™ app on Windows devices allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY\SYSTEM. However, execution requires that the local user can also successfully exploit a race condition, which makes this vulnerability difficult to exploit. |
2025-06-27T16:51:19.773 |
https://cve.circl.lu/cve/CVE-2025-0120 |
| CVE-2025-25183 |
1.4 |
Python |
vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Prefix caching makes use of Python's built-in hash() function. As of Python 3.12, the behavior of hash(None) has changed to be a predictable constant value. This makes it more feasible that someone could try exploit hash collisions. The impact of a collision would be using cache that was generated using different content. Given knowledge of prompts in use and predictable hashing behavior, someone could intentionally populate the cache using a prompt known to collide with another prompt in use. This issue has been addressed in version 0.7.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. |
2025-07-01T20:58:00.170 |
https://cve.circl.lu/cve/CVE-2025-25183 |
| CVE-2025-27607 |
5.9 |
Python |
Python JSON Logger is a JSON Formatter for Python Logging. Between 30 December 2024 and 4 March 2025 Python JSON Logger was vulnerable to RCE through a missing dependency. This occurred because msgspec-python313-pre was deleted by the owner leaving the name open to being claimed by a third party. If the package was claimed, it would allow them RCE on any Python JSON Logger user who installed the development dependencies on Python 3.13 (e.g. pip install python-json-logger[dev]). This issue has been resolved with 3.3.0. |
2025-07-01T16:22:57.830 |
https://cve.circl.lu/cve/CVE-2025-27607 |
| CVE-2025-27520 |
5.9 |
Python |
BentoML is a Python library for building online serving systems optimized for AI apps and model inference. A Remote Code Execution (RCE) vulnerability caused by insecure deserialization has been identified in the latest version (v1.4.2) of BentoML. It allows any unauthenticated user to execute arbitrary code on the server. It exists an unsafe code segment in serde.py. This vulnerability is fixed in 1.4.3. |
2025-06-27T12:48:46.350 |
https://cve.circl.lu/cve/CVE-2025-27520 |
| CVE-2025-32385 |
3.6 |
Phishing |
EspoCRM is an Open Source Customer Relationship Management software. Prior to 9.0.5, Iframe dashlet allows user to display iframes with arbitrary URLs. As the sandbox attribute is not included in the iframe, the remote page can open popups outside of the iframe, potentially tricking users and creating a phishing risk. The iframe URL is user-defined, so an attacker would need to trick the user into specifying a malicious URL. The missing sandbox attribute also allows the remote page to send messages to the parent frame. However, EspoCRM does not make use of these messages. This vulnerability is fixed in 9.0.5. |
2025-06-27T15:51:15.417 |
https://cve.circl.lu/cve/CVE-2025-32385 |
| CVE-2025-48958 |
3.4 |
Phishing |
Froxlor is open source server administration software. Prior to version 2.2.6, an HTML Injection vulnerability in the customer account portal allows an attacker to inject malicious HTML payloads in the email section. This can lead to phishing attacks, credential theft, and reputational damage by redirecting users to malicious external websites. The vulnerability has a medium severity, as it can be exploited through user input without authentication. Version 2.2.6 fixes the issue. |
2025-06-25T17:36:43.537 |
https://cve.circl.lu/cve/CVE-2025-48958 |
| CVE-2025-6428 |
1.4 |
Phishing |
When a URL was provided in a link querystring parameter, Firefox for Android would follow that URL instead of the correct URL, potentially leading to phishing attacks.*This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox < 140. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-6428 |
| CVE-2025-49592 |
2.5 |
Phishing |
n8n is a workflow automation platform. Versions prior to 1.98.0 have an Open Redirect vulnerability in the login flow. Authenticated users can be redirected to untrusted, attacker-controlled domains after logging in, by crafting malicious URLs with a misleading redirect query parameter. This may lead to phishing attacks by impersonating the n8n UI on lookalike domains (e.g., n8n.local.evil.com), credential or 2FA theft if users are tricked into re-entering sensitive information, and/or reputation risk due to the visual similarity between attacker-controlled domains and trusted ones. The vulnerability affects anyone hosting n8n and exposing the `/signin` endpoint to users. The issue has been patched in version 1.98.0. All users should upgrade to this version or later. The fix introduces strict origin validation for redirect URLs, ensuring only same-origin or relative paths are allowed after login. |
2025-06-30T18:39:09.973 |
https://cve.circl.lu/cve/CVE-2025-49592 |
| CVE-2025-5459 |
N/A |
Puppet |
A user with specific node group editing permissions and a specially crafted class parameter could be used to execute commands as root on the primary host. It affects Puppet Enterprise versions 2018.1.8 through 2023.8.3 and 2025.3 and has been resolved in versions 2023.8.4 and 2025.4.0. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-5459 |
| CVE-2024-24474 |
5.9 |
QEMU |
QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. |
2025-06-25T19:29:42.757 |
https://cve.circl.lu/cve/CVE-2024-24474 |
| CVE-2024-45219 |
6.0 |
QEMU |
Account users in Apache CloudStack by default are allowed to upload and register templates for deploying instances and volumes for attaching them as data disks to their existing instances. Due to missing validation checks for KVM-compatible templates or volumes in CloudStack 4.0.0 through 4.18.2.3 and 4.19.0.0 through 4.19.1.1, an attacker that can upload or register templates and volumes, can use them to deploy malicious instances or attach uploaded volumes to their existing instances on KVM-based environments and exploit this to gain access to the host filesystems that could result in the compromise of resource integrity and confidentiality, data loss, denial of service, and availability of KVM-based infrastructure managed by CloudStack.Users are recommended to upgrade to Apache CloudStack 4.18.2.4 or 4.19.1.2, or later, which addresses this issue. Additionally, all user-uploaded or registered KVM-compatible templates and volumes can be scanned and checked that they are flat files that should not be using any additional or unnecessary features. For example, operators can run this on their secondary storage(s) and inspect output. An empty output for the disk being validated means it has no references to the host filesystems; on the other hand, if the output for the disk being validated is not empty, it might indicate a compromised disk.for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info. If the output is not empty, that might indicate a compromised disk; check it carefully."; qemu-img info -U $file | grep file: ; printf "\n\n"; doneThe command can also be run for the file-based primary storages; however, bear in mind that (i) volumes created from templates will have references for the templates at first and (ii) volumes can be consolidated while migrating, losing their references to the templates. Therefore, the command execution for the primary storages can show both false positives and false negatives.For checking the whole template/volume features of each disk, operators can run the following command:for file in $(find /path/to/storage/ -type f -regex [a-f0-9\-]*.*); do echo "Retrieving file [$file] info."; qemu-img info -U $file; printf "\n\n"; done |
2025-07-01T20:28:53.467 |
https://cve.circl.lu/cve/CVE-2024-45219 |
| CVE-2024-57883 |
N/A |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:mm: hugetlb: independent PMD page table shared countThe folio refcount may be increased unexpectly through try_get_folio() bycaller such as split_huge_pages. In huge_pmd_unshare(), we use refcountto check whether a pmd page table is shared. The check is incorrect ifthe refcount is increased by the above caller, and this can cause the pagetable leaked: BUG: Bad page state in process sh pfn:109324 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x66 pfn:0x109324 flags: 0x17ffff800000000(node=0|zone=2|lastcpupid=0xfffff) page_type: f2(table) raw: 017ffff800000000 0000000000000000 0000000000000000 0000000000000000 raw: 0000000000000066 0000000000000000 00000000f2000000 0000000000000000 page dumped because: nonzero mapcount ... CPU: 31 UID: 0 PID: 7515 Comm: sh Kdump: loaded Tainted: G B 6.13.0-rc2master+ #7 Tainted: [B]=BAD_PAGE Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 Call trace: show_stack+0x20/0x38 (C) dump_stack_lvl+0x80/0xf8 dump_stack+0x18/0x28 bad_page+0x8c/0x130 free_page_is_bad_report+0xa4/0xb0 free_unref_page+0x3cc/0x620 __folio_put+0xf4/0x158 split_huge_pages_all+0x1e0/0x3e8 split_huge_pages_write+0x25c/0x2d8 full_proxy_write+0x64/0xd8 vfs_write+0xcc/0x280 ksys_write+0x70/0x110 __arm64_sys_write+0x24/0x38 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x34/0x128 el0t_64_sync_handler+0xc8/0xd0 el0t_64_sync+0x190/0x198The issue may be triggered by damon, offline_page, page_idle, etc, whichwill increase the refcount of page table.1. The page table itself will be discarded after reporting the "nonzero mapcount".2. The HugeTLB page mapped by the page table miss freeing since we treat the page table as shared and a shared page table will not be unmapped.Fix it by introducing independent PMD page table shared count. Asdescribed by comment, pt_index/pt_mm/pt_frag_refcount are used for s390gmap, x86 pgds and powerpc, pt_share_count is used for x86/arm64/riscvpmds, so we can reuse the field as pt_share_count. |
2025-06-27T11:15:23.907 |
https://cve.circl.lu/cve/CVE-2024-57883 |
| CVE-2025-22119 |
N/A |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:wifi: cfg80211: init wiphy_work before allocating rfkill failssyzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1]After rfkill allocation fails, the wiphy release process will be performed,which will cause cfg80211_dev_free to access the uninitialized wiphy_workrelated data.Move the initialization of wiphy_work to before rfkill initialization toavoid this issue.[1]INFO: trying to register non-static key.The code is fine but needs lockdep annotation, or maybeyou didn't initialize this object before use?turning off the locking correctness validator.CPU: 0 UID: 0 PID: 5935 Comm: syz-executor550 Not tainted 6.14.0-rc6-syzkaller-00103-g4003c9e78778 #0Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 assign_lock_key kernel/locking/lockdep.c:983 [inline] register_lock_class+0xc39/0x1240 kernel/locking/lockdep.c:1297 __lock_acquire+0x135/0x3c40 kernel/locking/lockdep.c:5103 lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5851 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0x3a/0x60 kernel/locking/spinlock.c:162 cfg80211_dev_free+0x30/0x3d0 net/wireless/core.c:1196 device_release+0xa1/0x240 drivers/base/core.c:2568 kobject_cleanup lib/kobject.c:689 [inline] kobject_release lib/kobject.c:720 [inline] kref_put include/linux/kref.h:65 [inline] kobject_put+0x1e4/0x5a0 lib/kobject.c:737 put_device+0x1f/0x30 drivers/base/core.c:3774 wiphy_free net/wireless/core.c:1224 [inline] wiphy_new_nm+0x1c1f/0x2160 net/wireless/core.c:562 ieee80211_alloc_hw_nm+0x1b7a/0x2260 net/mac80211/main.c:835 mac80211_hwsim_new_radio+0x1d6/0x54e0 drivers/net/wireless/virtual/mac80211_hwsim.c:5185 hwsim_new_radio_nl+0xb42/0x12b0 drivers/net/wireless/virtual/mac80211_hwsim.c:6242 genl_family_rcv_msg_doit+0x202/0x2f0 net/netlink/genetlink.c:1115 genl_family_rcv_msg net/netlink/genetlink.c:1195 [inline] genl_rcv_msg+0x565/0x800 net/netlink/genetlink.c:1210 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2533 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1219 netlink_unicast_kernel net/netlink/af_netlink.c:1312 [inline] netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1338 netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1882 sock_sendmsg_nosec net/socket.c:718 [inline] __sock_sendmsg net/socket.c:733 [inline] ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2573 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2627 __sys_sendmsg+0x16e/0x220 net/socket.c:2659 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83Close: https://syzkaller.appspot.com/bug?extid=aaf0488c83d1d5f4f029 |
2025-06-27T11:15:24.310 |
https://cve.circl.lu/cve/CVE-2025-22119 |
| CVE-2025-37958 |
N/A |
QEMU |
In the Linux kernel, the following vulnerability has been resolved:mm/huge_memory: fix dereferencing invalid pmd migration entryWhen migrating a THP, concurrent access to the PMD migration entry duringa deferred split scan can lead to an invalid address access, asillustrated below. To prevent this invalid access, it is necessary tocheck the PMD migration entry and return early. In this context, there isno need to use pmd_to_swp_entry and pfn_swap_entry_to_page to verify theequality of the target folio. Since the PMD migration entry is locked, itcannot be served as the target.Mailing list discussion and explanation from Hugh Dickins: "An anon_vmalookup points to a location which may contain the folio of interest, butmight instead contain another folio: and weeding out those other folios isprecisely what the "folio != pmd_folio((*pmd)" check (and the "risk ofreplacing the wrong folio" comment a few lines above it) is for."BUG: unable to handle page fault for address: ffffea60001db008CPU: 0 UID: 0 PID: 2199114 Comm: tee Not tainted 6.14.0+ #4 NONEHardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014RIP: 0010:split_huge_pmd_locked+0x3b5/0x2b60Call Trace:<TASK>try_to_migrate_one+0x28c/0x3730rmap_walk_anon+0x4f6/0x770unmap_folio+0x196/0x1f0split_huge_page_to_list_to_order+0x9f6/0x1560deferred_split_scan+0xac5/0x12a0shrinker_debugfs_scan_write+0x376/0x470full_proxy_write+0x15c/0x220vfs_write+0x2fc/0xcb0ksys_write+0x146/0x250do_syscall_64+0x6a/0x120entry_SYSCALL_64_after_hwframe+0x76/0x7eThe bug is found by syzkaller on an internal kernel, then confirmed onupstream. |
2025-06-27T11:15:25.057 |
https://cve.circl.lu/cve/CVE-2025-37958 |
| CVE-2025-53200 |
1.4 |
Quantum |
Missing Authorization vulnerability in QuantumCloud ChatBot allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ChatBot: from n/a through 6.7.3. |
2025-06-30T18:38:48.477 |
https://cve.circl.lu/cve/CVE-2025-53200 |
| CVE-2025-6543 |
5.9 |
RDP |
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server |
2025-07-01T18:19:45.547 |
https://cve.circl.lu/cve/CVE-2025-6543 |
| CVE-2025-6705 |
N/A |
Repository |
On open-vsx.org https://open-vsx.org/ it was possible to run an arbitrary build scripts for auto-published extensions because of missing sandboxing of CI job runs. An attacker who had access to an existing extension could take over the service account of the marketplace. The issue has been fixed on June 24th, 2025 and the vulnerable code present in the publish-extension code repository. |
2025-06-30T18:38:23.493 |
https://cve.circl.lu/cve/CVE-2025-6705 |
| CVE-2024-39236 |
5.9 |
Repo |
Gradio v4.36.1 was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py. This vulnerability is triggered via a crafted input. NOTE: the supplier disputes this because the report is about a user attacking himself. |
2025-06-27T17:32:17.003 |
https://cve.circl.lu/cve/CVE-2024-39236 |
| CVE-2025-6559 |
5.9 |
SAP |
Multiple wireless router models from Sapido have an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. The affected models are out of support; replacing the device is recommended. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-6559 |
| CVE-2025-6560 |
5.9 |
SAP |
Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out of support; replacing the device is recommended. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-6560 |
| CVE-2024-51978 |
5.9 |
SNMP |
An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request. |
2025-06-27T14:15:32.593 |
https://cve.circl.lu/cve/CVE-2024-51978 |
| CVE-2012-6427 |
6.9 |
SQL |
The Carlo Gavazzi EOS-Boxdoes not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication, attackers can leak information from the device. This could allow the attacker to compromise confidentiality. |
2025-07-01T20:15:24.093 |
https://cve.circl.lu/cve/CVE-2012-6427 |
| CVE-2025-53004 |
N/A |
SSL |
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11. |
2025-07-01T01:15:28.283 |
https://cve.circl.lu/cve/CVE-2025-53004 |
| CVE-2025-53005 |
N/A |
SSL |
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's PostgreSQL Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has been patched in version 2.10.11. |
2025-07-01T14:15:40.613 |
https://cve.circl.lu/cve/CVE-2025-53005 |
| CVE-2023-6787 |
3.6 |
SES |
A flaw was found in Keycloak that occurs from an error in the re-authentication mechanism within org.keycloak.authentication. This flaw allows hijacking an active Keycloak session by triggering a new authentication process with the query parameter "prompt=login," prompting the user to re-enter their credentials. If the user cancels this re-authentication by selecting "Restart login," an account takeover may occur, as the new session, with a different SUB, will possess the same SID as the previous session. |
2025-06-30T13:49:15.333 |
https://cve.circl.lu/cve/CVE-2023-6787 |
| CVE-2024-57052 |
5.9 |
SES |
An issue in youdiancms v.9.5.20 and before allows a remote attacker to escalate privileges via the sessionID parameter in the index.php file. |
2025-06-27T19:03:32.293 |
https://cve.circl.lu/cve/CVE-2024-57052 |
| CVE-2024-12137 |
5.5 |
SES |
Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: before V.01.01. |
2025-06-27T12:15:28.977 |
https://cve.circl.lu/cve/CVE-2024-12137 |
| CVE-2024-10718 |
3.6 |
SES |
In phpipam/phpipam version 1.5.1, the Secure attribute for sensitive cookies in HTTPS sessions is not set. This could cause the user agent to send those cookies in plaintext over an HTTP session, potentially exposing sensitive information. The issue is fixed in version 1.7.0. |
2025-06-27T15:29:49.470 |
https://cve.circl.lu/cve/CVE-2024-10718 |
| CVE-2024-28836 |
2.5 |
TLS |
An issue was discovered in Mbed TLS 3.5.x before 3.6.0. When negotiating the TLS version on the server side, it can fall back to the TLS 1.2 implementation of the protocol if it is disabled. If the TLS 1.2 implementation was disabled at build time, a TLS 1.2 client could put a TLS 1.3-only server into an infinite loop processing a TLS 1.2 ClientHello, resulting in a denial of service. If the TLS 1.2 implementation was disabled at runtime, a TLS 1.2 client can successfully establish a TLS 1.2 connection with the server. |
2025-06-27T17:46:46.613 |
https://cve.circl.lu/cve/CVE-2024-28836 |
| CVE-2024-30166 |
5.2 |
TLS |
In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello. |
2025-06-27T17:46:25.570 |
https://cve.circl.lu/cve/CVE-2024-30166 |
| CVE-2025-39205 |
3.6 |
TLS |
A vulnerability exists in the IEC 61850 in MicroSCADA X SYS600 product. The certificate validation of the TLS protocol allows remote Man-in-the-Middle attack due to missing proper validation. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-39205 |
| CVE-2025-6433 |
5.9 |
TLS |
If a user visited a webpage with an invalid TLS certificate, and granted an exception, the webpage was able to provide a WebAuthn challenge that the user would be prompted to complete. This is in violation of the WebAuthN spec which requires "a secure transport established without errors". This vulnerability affects Firefox < 140. |
2025-06-26T18:58:14.280 |
https://cve.circl.lu/cve/CVE-2025-6433 |
| CVE-2025-6032 |
6.0 |
TLS |
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack. |
2025-07-01T08:15:24.757 |
https://cve.circl.lu/cve/CVE-2025-6032 |
| CVE-2024-32303 |
5.9 |
Tenda |
Tenda AC15 v15.03.20_multi, v15.03.05.19, and v15.03.05.18 firmware has a stack overflow vulnerability located via the PPW parameter in the fromWizardHandle function. |
2025-06-30T13:37:14.130 |
https://cve.circl.lu/cve/CVE-2024-32303 |
| CVE-2024-25343 |
5.2 |
Tenda |
Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords. |
2025-06-30T14:06:29.553 |
https://cve.circl.lu/cve/CVE-2024-25343 |
| CVE-2024-34338 |
5.9 |
Tenda |
Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execute arbitrary commands with root privileges. Authentication is required to exploit this vulnerability. |
2025-06-30T17:27:32.490 |
https://cve.circl.lu/cve/CVE-2024-34338 |
| CVE-2025-0566 |
5.9 |
Tenda |
A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
2025-07-01T15:11:11.800 |
https://cve.circl.lu/cve/CVE-2025-0566 |
| CVE-2025-50528 |
3.4 |
Tenda |
A buffer overflow vulnerability exists in the fromNatStaticSetting function of Tenda AC6 <=V15.03.05.19 via the page parameter. |
2025-07-01T18:14:43.080 |
https://cve.circl.lu/cve/CVE-2025-50528 |
| CVE-2025-38087 |
N/A |
TAP |
In the Linux kernel, the following vulnerability has been resolved:net/sched: fix use-after-free in taprio_dev_notifierSince taprio’s taprio_dev_notifier() isn’t protected by anRCU read-side critical section, a race with advance_sched()can lead to a use-after-free.Adding rcu_read_lock() inside taprio_dev_notifier() prevents this. |
2025-06-30T18:38:23.493 |
https://cve.circl.lu/cve/CVE-2025-38087 |
| CVE-2024-22269 |
4.0 |
VMware |
VMware Workstation and Fusion contain an information disclosure vulnerability in the vbluetooth device. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. |
2025-06-27T13:34:58.657 |
https://cve.circl.lu/cve/CVE-2024-22269 |
| CVE-2024-22270 |
4.0 |
VMware |
VMware Workstation and Fusion contain an information disclosure vulnerability in the Host Guest File Sharing (HGFS) functionality. A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. |
2025-06-27T13:36:04.077 |
https://cve.circl.lu/cve/CVE-2024-22270 |
| CVE-2025-24292 |
4.0 |
VPN |
A misconfigured query in UniFi Network (v9.1.120 and earlier) could allow users to authenticate to Enterprise WiFi or VPN Server (l2tp and OpenVPN) using a device’s MAC address from 802.1X or MAC Authentication, if both services are enabled and share the same RADIUS profile. |
2025-06-30T18:38:23.493 |
https://cve.circl.lu/cve/CVE-2025-24292 |
| CVE-2025-40710 |
N/A |
VPN |
Host Header Injection (HHI) vulnerability in the Hotspot Shield VPN client, which can induce unexpected behaviour when accessing third-party web applications through the VPN tunnel. Although such applications do not present this vulnerability per se, the use of the tunnel, together with a forged Host header, can cause the VPN client to redirect or forward HTTP requests to servers other than those originally intended, leading to consequences such as open redirects or delivery of traffic to infrastructure controlled by an attacker. This does not imply a flaw in the target applications, but in how the VPN client internally handles outgoing headers and requests. |
2025-06-30T18:38:23.493 |
https://cve.circl.lu/cve/CVE-2025-40710 |
| CVE-2025-24998 |
5.9 |
Visual Studio |
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. |
2025-07-01T19:59:22.330 |
https://cve.circl.lu/cve/CVE-2025-24998 |
| CVE-2025-25003 |
5.9 |
Visual Studio |
Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. |
2025-07-01T19:48:27.057 |
https://cve.circl.lu/cve/CVE-2025-25003 |
| CVE-2024-29212 |
6.0 |
VS Code |
Due to an unsafe de-serialization method used by the Veeam Service Provider Console(VSPC) server in communication between the management agent and its components, under certain conditions, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. |
2025-06-30T17:53:09.313 |
https://cve.circl.lu/cve/CVE-2024-29212 |
| CVE-2025-53097 |
3.6 |
VS Code |
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_files` tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent could potentially read a sensitive file and then write the information to a JSON schema. Users have the option to disable schema fetching in VS Code, but the feature is enabled by default. For users with this feature enabled, writing to the schema would trigger a network request without the user having a chance to deny. This issue is of moderate severity, since it requires the attacker to already be able to submit prompts to the agent. Version 3.20.3 fixed the issue where `search_files` did not respect the setting to limit it to the workspace. This reduces the scope of the damage if an attacker is able to take control of the agent through prompt injection or another vector. |
2025-06-30T18:38:23.493 |
https://cve.circl.lu/cve/CVE-2025-53097 |
| CVE-2025-53098 |
5.9 |
VS Code |
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would have been possible for an attacker with access to craft a prompt to ask the agent to write a malicious command to the MCP configuration file. If the user had opted-in to auto-approving file writes within the project, this would have led to arbitrary command execution. This issue is of moderate severity, since it requires the attacker to already be able to submit prompts to the agent (for instance through a prompt injection attack), for the user to have MCP enabled (on by default), and for the user to have enabled auto-approved file writes (off by default). Version 3.20.3 fixes the issue by adding an additional layer of opt-in configuration for auto-approving writing to Roo's configuration files, including all files within the `.roo/` folder. |
2025-07-01T14:15:40.843 |
https://cve.circl.lu/cve/CVE-2025-53098 |
| CVE-2025-52889 |
1.4 |
Virtual Machine |
Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus version 6.12 and 6.13 generates nftables rules for local services (DHCP, DNS...) that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to DHCP pool exhaustion and opens the door for other attacks. A patch is available at commit 2516fb19ad8428454cb4edfe70c0a5f0dc1da214. |
2025-06-26T18:57:43.670 |
https://cve.circl.lu/cve/CVE-2025-52889 |
| CVE-2024-31215 |
3.4 |
Windows |
Mobile Security Framework (MobSF) is a security research platform for mobile applications in Android, iOS and Windows Mobile.A SSRF vulnerability in firebase database check logic. The attacker can cause the server to make a connection to internal-only services within the organization’s infrastructure. When a malicious app is uploaded to Static analyzer, it is possible to make internal requests. This vulnerability has been patched in version 3.9.8. |
2025-06-30T13:04:19.583 |
https://cve.circl.lu/cve/CVE-2024-31215 |
| CVE-2024-3566 |
5.9 |
Windows |
A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied. |
2025-06-25T20:24:12.743 |
https://cve.circl.lu/cve/CVE-2024-3566 |
| CVE-2024-22014 |
5.9 |
Windows |
An issue discovered in 360 Total Security Antivirus through 11.0.0.1061 for Windows allows attackers to gain escalated privileges via Symbolic Link Follow to Arbitrary File Delete. |
2025-06-30T14:26:28.500 |
https://cve.circl.lu/cve/CVE-2024-22014 |
| CVE-2024-33673 |
5.9 |
Windows |
An issue was discovered in Veritas Backup Exec before 22.2 HotFix 917391. Improper access controls allow for DLL Hijacking in the Windows DLL Search path. |
2025-06-30T14:22:57.057 |
https://cve.circl.lu/cve/CVE-2024-33673 |
| CVE-2018-20977 |
2.7 |
WordPress |
The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page. |
2025-06-27T16:28:06.207 |
https://cve.circl.lu/cve/CVE-2018-20977 |
| CVE-2021-36875 |
3.7 |
WordPress |
Cross-site Scripting (XSS) vulnerability in Stylemix Directory Listings WordPress plugin – uListing allows Reflected XSS.This issue affects Directory Listings WordPress plugin – uListing: from n/a through 2.0.5. |
2025-07-01T21:15:25.257 |
https://cve.circl.lu/cve/CVE-2021-36875 |
| CVE-2024-1316 |
3.6 |
WordPress |
The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review, pw-protected, and trashed events). |
2025-06-27T14:13:27.050 |
https://cve.circl.lu/cve/CVE-2024-1316 |
| CVE-2024-1564 |
1.4 |
WordPress |
The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode |
2025-06-27T15:31:56.910 |
https://cve.circl.lu/cve/CVE-2024-1564 |
| CVE-2022-38057 |
2.5 |
WordPress |
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1. |
2025-06-30T18:51:07.507 |
https://cve.circl.lu/cve/CVE-2022-38057 |
| CVE-2019-3578 |
2.7 |
XSS |
MyBB 1.8.19 has XSS in the resetpassword function. |
2025-06-30T16:52:10.097 |
https://cve.circl.lu/cve/CVE-2019-3578 |
| CVE-2024-30192 |
3.4 |
XSS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2. |
2025-07-01T14:08:00.410 |
https://cve.circl.lu/cve/CVE-2024-30192 |
| CVE-2024-29217 |
2.5 |
XSS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: before 1.3.0.XSS attack when user changes personal website. A logged-in user, when modifying their personal website, can input malicious code in the website to create such an attack.Users are recommended to upgrade to version [1.3.0], which fixes the issue. |
2025-06-30T13:41:02.870 |
https://cve.circl.lu/cve/CVE-2024-29217 |
| CVE-2024-36347 |
5.9 |
X86 |
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment. |
2025-06-30T18:38:23.493 |
https://cve.circl.lu/cve/CVE-2024-36347 |
| CVE-2023-39912 |
3.6 |
Zoho |
Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed. |
2025-06-26T15:15:21.010 |
https://cve.circl.lu/cve/CVE-2023-39912 |
| CVE-2021-4457 |
5.2 |
Zoom |
The ZoomSounds plugin before 6.05 contains a PHP file allowing unauthenticated users to upload an arbitrary file anywhere on the web server. |
2025-07-01T19:15:24.787 |
https://cve.circl.lu/cve/CVE-2021-4457 |
