{
"Source": "CVE FEED",
"Title": "CVE-2025-37095 - HPE StoreOnce Directory Traversal Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-37095
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37095 - HPE StoreOnce Directory Traversal Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-37095
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A directory traversal information disclosure vulnerability exists in HPE StoreOnce Software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37096 - HPE StoreOnce Command Injection RCE",
"Content": "CVE ID : CVE-2025-37096
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37096 - HPE StoreOnce Command Injection RCE",
"Content": "CVE ID : CVE-2025-37096
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-44172 - Tenda AC6 Stack Overflow",
"Content": "CVE ID : CVE-2025-44172
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-44172 - Tenda AC6 Stack Overflow",
"Content": "CVE ID : CVE-2025-44172
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : Tenda AC6 V15.03.05.16 was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-20001 - FontCreator Font Out-of-Bounds Read Information Disclosure",
"Content": "CVE ID : CVE-2025-20001
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-20001 - FontCreator Font Out-of-Bounds Read Information Disclosure",
"Content": "CVE ID : CVE-2025-20001
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-48877 - Microsoft Xls2csv Heap Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2024-48877
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-48877 - Microsoft Xls2csv Heap Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2024-48877
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-52035 - Catdoc OLE Document File Allocation Table Parser Integer Overflow Heap Corruption Vulnerability",
"Content": "CVE ID : CVE-2024-52035
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-52035 - Catdoc OLE Document File Allocation Table Parser Integer Overflow Heap Corruption Vulnerability",
"Content": "CVE ID : CVE-2024-52035
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-54028 - Catdoc OLE Document DIFAT Parser Integer Underflow Heap-Based Memory Corruption",
"Content": "CVE ID : CVE-2024-54028
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-54028 - Catdoc OLE Document DIFAT Parser Integer Underflow Heap-Based Memory Corruption",
"Content": "CVE ID : CVE-2024-54028
Published : June 2, 2025, 3:15 p.m. | 42 minutes ago
Description : An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5447 - Linksys Wireless Router OS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5447
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5447 - Linksys Wireless Router OS Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5447
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A vulnerability was found in Linksys RE6500, RE6250, RE6300, RE6350, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. It has been declared as critical. This vulnerability affects the function ssid1MACFilter of the file /goform/ssid1MACFilter. The manipulation of the argument apselect_%d/newap_text_%d leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37091 - HPE StoreOnce Command Injection Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-37091
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37091 - HPE StoreOnce Command Injection Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-37091
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37092 - HPE StoreOnce Command Injection Remote Code Execution",
"Content": "CVE ID : CVE-2025-37092
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37092 - HPE StoreOnce Command Injection Remote Code Execution",
"Content": "CVE ID : CVE-2025-37092
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37093 - HPE StoreOnce Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-37093
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : An authentication bypass vulnerability exists in HPE StoreOnce Software.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37093 - HPE StoreOnce Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-37093
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : An authentication bypass vulnerability exists in HPE StoreOnce Software.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37094 - HPE StoreOnce Directory Traversal File Deletion Vulnerability",
"Content": "CVE ID : CVE-2025-37094
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37094 - HPE StoreOnce Directory Traversal File Deletion Vulnerability",
"Content": "CVE ID : CVE-2025-37094
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A directory traversal arbitrary file deletion vulnerability exists in HPE StoreOnce Software.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37090 - HPE StoreOnce Server-Side Request Forgery Vulnerability",
"Content": "CVE ID : CVE-2025-37090
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A server-side request forgery vulnerability exists in HPE StoreOnce Software.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37090 - HPE StoreOnce Server-Side Request Forgery Vulnerability",
"Content": "CVE ID : CVE-2025-37090
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A server-side request forgery vulnerability exists in HPE StoreOnce Software.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-37089 - HPE StoreOnce Command Injection Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-37089
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-37089 - HPE StoreOnce Command Injection Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-37089
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : A command injection remote code execution vulnerability exists in HPE StoreOnce Software.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-57783 - "Dot Desktop XSS Command Execution"",
"Content": "CVE ID : CVE-2024-57783
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-57783 - "Dot Desktop XSS Command Execution"",
"Content": "CVE ID : CVE-2024-57783
Published : June 2, 2025, 2:15 p.m. | 1 hour, 42 minutes ago
Description : The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5036 - Autodesk Revit Use-After-Free Vulnerability",
"Content": "CVE ID : CVE-2025-5036
Published : June 2, 2025, 5:15 p.m. | 43 minutes ago
Description : A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5036 - Autodesk Revit Use-After-Free Vulnerability",
"Content": "CVE ID : CVE-2025-5036
Published : June 2, 2025, 5:15 p.m. | 43 minutes ago
Description : A maliciously crafted RFA file, when linked or imported into Autodesk Revit, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48995 - SignXML Timing Attack HMAC Leak",
"Content": "CVE ID : CVE-2025-48995
Published : June 2, 2025, 5:15 p.m. | 43 minutes ago
Description : SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are vulnerable to a potential timing attack. The verifier may leak information about the correct HMAC when comparing it with the user supplied hash, allowing users to reconstruct the correct HMAC for any data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48995 - SignXML Timing Attack HMAC Leak",
"Content": "CVE ID : CVE-2025-48995
Published : June 2, 2025, 5:15 p.m. | 43 minutes ago
Description : SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are vulnerable to a potential timing attack. The verifier may leak information about the correct HMAC when comparing it with the user supplied hash, allowing users to reconstruct the correct HMAC for any data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48994 - SignXML Algorithm Confusion Vulnerability",
"Content": "CVE ID : CVE-2025-48994
Published : June 2, 2025, 5:15 p.m. | 43 minutes ago
Description : SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the `signxml.XMLVerifier.verify(expect_config=...)` setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm. Starting with SignXML 4.0.4, specifying `hmac_key` causes the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48994 - SignXML Algorithm Confusion Vulnerability",
"Content": "CVE ID : CVE-2025-48994
Published : June 2, 2025, 5:15 p.m. | 43 minutes ago
Description : SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the `signxml.XMLVerifier.verify(expect_config=...)` setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm. Starting with SignXML 4.0.4, specifying `hmac_key` causes the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-7073 - WSO2 SOAP SSRF Attack Vector",
"Content": "CVE ID : CVE-2024-7073
Published : June 2, 2025, 5:15 p.m. | 44 minutes ago
Description : A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem.
Exploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-7073 - WSO2 SOAP SSRF Attack Vector",
"Content": "CVE ID : CVE-2024-7073
Published : June 2, 2025, 5:15 p.m. | 44 minutes ago
Description : A server-side request forgery (SSRF) vulnerability exists in multiple WSO2 products due to improper input validation in SOAP admin services. This flaw allows unauthenticated attackers to manipulate server-side requests, enabling access to internal and external resources available through the network or filesystem.
Exploitation of this vulnerability could lead to unauthorized access to sensitive data and systems, including resources within private networks, as long as they are reachable by the affected product.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-7074 - WSO2 SOAP Admin File Upload RCE",
"Content": "CVE ID : CVE-2024-7074
Published : June 2, 2025, 5:15 p.m. | 44 minutes ago
Description : An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server.
By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-7074 - WSO2 SOAP Admin File Upload RCE",
"Content": "CVE ID : CVE-2024-7074
Published : June 2, 2025, 5:15 p.m. | 44 minutes ago
Description : An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper validation of user input in SOAP admin services. A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location on the server.
By leveraging this vulnerability, an attacker could upload a specially crafted payload, potentially achieving remote code execution (RCE) on the server. Exploitation requires valid admin credentials, limiting its impact to authorized but potentially malicious users.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-8008 - "Apache [Vendor Name] Reflected Cross-Site Scripting Vulnerability"",
"Content": "CVE ID : CVE-2024-8008
Published : June 2, 2025, 5:15 p.m. | 44 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability exists in multiple [Vendor Name] products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the vulnerable page.
This vulnerability may allow UI manipulation, redirection to malicious websites, or data exfiltration from the browser. However, since all session-related sensitive cookies are protected with the httpOnly flag, session hijacking is not possible.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-8008 - "Apache [Vendor Name] Reflected Cross-Site Scripting Vulnerability"",
"Content": "CVE ID : CVE-2024-8008
Published : June 2, 2025, 5:15 p.m. | 44 minutes ago
Description : A reflected cross-site scripting (XSS) vulnerability exists in multiple [Vendor Name] products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser to execute arbitrary JavaScript in the context of the vulnerable page.
This vulnerability may allow UI manipulation, redirection to malicious websites, or data exfiltration from the browser. However, since all session-related sensitive cookies are protected with the httpOnly flag, session hijacking is not possible.
Severity: 5.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹