{
"Source": "CVE FEED",
"Title": "CVE-2025-48990 - NeKernal Heap Overflow",
"Content": "CVE ID : CVE-2025-48990
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len` equals the size of the destination buffer (256 bytes), that extra `'\0'` write overruns the buffer by one byte. To avoid breaking existing callers or changing the public API, the patch in commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee takes a minimal approach: it simply removes the overflow-causing line without adding bounds checks or altering the function signature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48990 - NeKernal Heap Overflow",
"Content": "CVE ID : CVE-2025-48990
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : NeKernal is a free and open-source operating system stack. Version 0.0.2 has a 1-byte heap overflow in `rt_copy_memory`, which unconditionally wrote a null terminator at `dst[len]`. When `len` equals the size of the destination buffer (256 bytes), that extra `'\0'` write overruns the buffer by one byte. To avoid breaking existing callers or changing the public API, the patch in commit fb7b7f658327f659c6a6da1af151cb389c2ca4ee takes a minimal approach: it simply removes the overflow-causing line without adding bounds checks or altering the function signature.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48495 - Gokapi Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-48495
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48495 - Gokapi Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-48495
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-46807 - SSLH File Descriptor Exhaustion Denial of Service",
"Content": "CVE ID : CVE-2025-46807
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-46807 - SSLH File Descriptor Exhaustion Denial of Service",
"Content": "CVE ID : CVE-2025-46807
Published : June 2, 2025, 12:15 p.m. | 1 hour, 37 minutes ago
Description : A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh before 2.2.4.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37095 - HPE StoreOnce Directory Traversal Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-37095
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37095 - HPE StoreOnce Directory Traversal Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-37095
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37096 - HPE StoreOnce Command Injection RCE",
"Content": "CVE ID : CVE-2025-37096
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37096 - HPE StoreOnce Command Injection RCE",
"Content": "CVE ID : CVE-2025-37096
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-44172 - Tenda AC6 Stack Overflow",
"Content": "CVE ID : CVE-2025-44172
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-44172 - Tenda AC6 Stack Overflow",
"Content": "CVE ID : CVE-2025-44172
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-20001 - FontCreator Font Out-of-Bounds Read Information Disclosure",
"Content": "CVE ID : CVE-2025-20001
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-20001 - FontCreator Font Out-of-Bounds Read Information Disclosure",
"Content": "CVE ID : CVE-2025-20001
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-48877 - Microsoft Xls2csv Heap Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2024-48877
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-48877 - Microsoft Xls2csv Heap Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2024-48877
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-52035 - Catdoc OLE Document File Allocation Table Parser Integer Overflow Heap Corruption Vulnerability",
"Content": "CVE ID : CVE-2024-52035
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-52035 - Catdoc OLE Document File Allocation Table Parser Integer Overflow Heap Corruption Vulnerability",
"Content": "CVE ID : CVE-2024-52035
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-54028 - Catdoc OLE Document DIFAT Parser Integer Underflow Heap-Based Memory Corruption",
"Content": "CVE ID : CVE-2024-54028
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-54028 - Catdoc OLE Document DIFAT Parser Integer Underflow Heap-Based Memory Corruption",
"Content": "CVE ID : CVE-2024-54028
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5447 - Linksys Wireless Router OS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5447
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5447 - Linksys Wireless Router OS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5447
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37091 - HPE StoreOnce Command Injection Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-37091
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37091 - HPE StoreOnce Command Injection Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-37091
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37092 - HPE StoreOnce Command Injection Remote Code Execution",
"Content": "CVE ID : CVE-2025-37092
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37092 - HPE StoreOnce Command Injection Remote Code Execution",
"Content": "CVE ID : CVE-2025-37092
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37093 - HPE StoreOnce Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-37093
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : An authentication bypass vulnerability exists in HPE StoreOnce Software.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37093 - HPE StoreOnce Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-37093
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : An authentication bypass vulnerability exists in HPE StoreOnce Software.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37094 - HPE StoreOnce Directory Traversal File Deletion Vulnerability",
"Content": "CVE ID : CVE-2025-37094
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37094 - HPE StoreOnce Directory Traversal File Deletion Vulnerability",
"Content": "CVE ID : CVE-2025-37094
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37090 - HPE StoreOnce Server-Side Request Forgery Vulnerability",
"Content": "CVE ID : CVE-2025-37090
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A server-side request forgery vulnerability exists in HPE StoreOnce Software.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37090 - HPE StoreOnce Server-Side Request Forgery Vulnerability",
"Content": "CVE ID : CVE-2025-37090
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A server-side request forgery vulnerability exists in HPE StoreOnce Software.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37089 - HPE StoreOnce Command Injection Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-37089
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37089 - HPE StoreOnce Command Injection Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-37089
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-57783 - "Dot Desktop XSS Command Execution"",
"Content": "CVE ID : CVE-2024-57783
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-57783 - "Dot Desktop XSS Command Execution"",
"Content": "CVE ID : CVE-2024-57783
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5036 - Autodesk Revit Use-After-Free Vulnerability",
"Content": "CVE ID : CVE-2025-5036
Published : June 2, 2025, 5:15 p.m. | 43 minutes ago
Description : A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5036 - Autodesk Revit Use-After-Free Vulnerability",
"Content": "CVE ID : CVE-2025-5036
Published : June 2, 2025, 5:15 p.m. | 43 minutes ago
Description : A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48995 - SignXML Timing Attack HMAC Leak",
"Content": "CVE ID : CVE-2025-48995
Published : June 2, 2025, 5:15 p.m. | 43 minutes ago
Description : SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are vulnerable to a potential timing attack. The verifier may leak information about the correct HMAC when comparing it with the user supplied hash, allowing users to reconstruct the correct HMAC for any data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48995 - SignXML Timing Attack HMAC Leak",
"Content": "CVE ID : CVE-2025-48995
Published : June 2, 2025, 5:15 p.m. | 43 minutes ago
Description : SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are vulnerable to a potential timing attack. The verifier may leak information about the correct HMAC when comparing it with the user supplied hash, allowing users to reconstruct the correct HMAC for any data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48994 - SignXML Algorithm Confusion Vulnerability",
"Content": "CVE ID : CVE-2025-48994
Published : June 2, 2025, 5:15 p.m. | 43 minutes ago
Description : SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the `signxml.XMLVerifier.verify(expect_config=...)` setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm. Starting with SignXML 4.0.4, specifying `hmac_key` causes the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48994 - SignXML Algorithm Confusion Vulnerability",
"Content": "CVE ID : CVE-2025-48994
Published : June 2, 2025, 5:15 p.m. | 43 minutes ago
Description : SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the `signxml.XMLVerifier.verify(expect_config=...)` setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm. Starting with SignXML 4.0.4, specifying `hmac_key` causes the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹