CVE-2025-27819 - Apache Kafka SASL JAAS JndiLoginModule RCE/DOS
CVE ID : CVE-2025-27819
Published : June 10, 2025, 8:15 a.m. | 2 hours, 2 minutes ago
Description : In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs to be able to connect to the Kafka cluster and have the AlterConfigs permission on the cluster resource. Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka 3.4.0, and "com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule" is disabled by default in in Apache Kafka 3.9.1/4.0.0
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-27819
Published : June 10, 2025, 8:15 a.m. | 2 hours, 2 minutes ago
Description : In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs to be able to connect to the Kafka cluster and have the AlterConfigs permission on the cluster resource. Since Apache Kafka 3.4.0, we have added a system property ("-Dorg.apache.kafka.disallowed.login.modules") to disable the problematic login modules usage in SASL JAAS configuration. Also by default "com.sun.security.auth.module.JndiLoginModule" is disabled in Apache Kafka 3.4.0, and "com.sun.security.auth.module.JndiLoginModule,com.sun.security.auth.module.LdapLoginModule" is disabled by default in in Apache Kafka 3.9.1/4.0.0
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5945 - Centreon Centreon-web OS Command Injection
CVE ID : CVE-2025-5945
Published : June 10, 2025, 8:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5945
Published : June 10, 2025, 8:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3112 - Apache Webserver Resource Exhaustion Denial of Service
CVE ID : CVE-2025-3112
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3112
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3116 - Apache HTTP Server SSL/TLS Denial of Service Vulnerability
CVE ID : CVE-2025-3116
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3116
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3117 - Apache Configuration File Cross-site Scripting (XSS)
CVE ID : CVE-2025-3117
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3117
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting configuration file paths that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3898 - Apache Webserver Denial of Service Vulnerability
CVE ID : CVE-2025-3898
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3898
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3899 - Webserver Certificates Cross-site Scripting
CVE ID : CVE-2025-3899
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3899
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Certificates page on Webserver that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3905 - Siemens PLC Cross-site Scripting
CVE ID : CVE-2025-3905
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-3905
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists impacting PLC system variables that could cause an unvalidated data injected by authenticated malicious user leading to modify or read data in a victim’s browser.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4680 - upKeeper Instant Privilege Access Input Validation Bypass
CVE ID : CVE-2025-4680
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4680
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4681 - upKeeper Instant Privilege Access Privilege Abuse Vulnerability
CVE ID : CVE-2025-4681
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-4681
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5740 - Apache HTTP Server Path Traversal Vulnerability
CVE ID : CVE-2025-5740
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an unauthenticated user on the web server manipulates file path.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5740
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file writes when an unauthenticated user on the web server manipulates file path.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5741 - "Siemens Charging Station Path Traversal Vulnerability"
CVE ID : CVE-2025-5741
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5741
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause arbitrary file reads from the charging station. The exploitation of this vulnerability does require an authenticated session of the web server.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5742 - Apache Web Server Cross-site Scripting Vulnerability
CVE ID : CVE-2025-5742
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5742
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-5743 - "Web Server Charging Station OS Command Injection"
CVE ID : CVE-2025-5743
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-78: I Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-5743
Published : June 10, 2025, 9:15 a.m. | 1 hour, 2 minutes ago
Description : CWE-78: I Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause remote control over the charging station when an authenticated user modifies configuration parameters on the web server.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40655 - DM Corporative CMS SQL Injection
CVE ID : CVE-2025-40655
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40655
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the name parameter in /antcatalogue.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40656 - DM Corporative CMS SQL Injection Vulnerability
CVE ID : CVE-2025-40656
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40656
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the cod parameter in /administer/node-selection/data.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40657 - DM Corporative CMS SQL Injection Vulnerability
CVE ID : CVE-2025-40657
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40657
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : A SQL injection vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to retrieve, create, update and delete databases through the codform parameter in /modules/forms/collectform.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40658 - DM Corporative CMS IDOR
CVE ID : CVE-2025-40658
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40658
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40659 - DM Corporative CMS IDOR
CVE ID : CVE-2025-40659
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40659
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/framesSelectionNetworks.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40660 - DM Corporative CMS IDOR Vulnerability
CVE ID : CVE-2025-40660
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40660
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/select node/data.asp?mode=catalogue&id1=1&id2=1session=&cod=1&networks=0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-40661 - DM Corporative CMS IDOR Vulnerability
CVE ID : CVE-2025-40661
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-40661
Published : June 10, 2025, 10:15 a.m. | 4 hours, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area setting the option parameter equal to 0, 1 or 2 in /administer/selectionnode/selection.asp.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...