CVE-2025-34394 - Barracuda RMM < 2025.1.1 Service Center .NET Remoting Deserialization RCE
CVE ID : CVE-2025-34394
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34394
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service that is insufficiently protected against deserialization of arbitrary types. This can lead to remote code execution.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34395 - Barracuda RMM < 2025.1.1 Service Center .NET Remoting Path Traversal RCE
CVE ID : CVE-2025-34395
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34395
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : Barracuda Service Center, as implemented in the RMM solution, in versions prior to 2025.1.1, exposes a .NET Remoting service in which an unauthenticated attacker can invoke a method vulnerable to path traversal to read arbitrary files. This vulnerability can be escalated to remote code execution by retrieving the .NET machine keys.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34410 - 1Panel CSRF in Change Username Functionality Allows Account Lockout
CVE ID : CVE-2025-34410
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings panel (/settings/panel). The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a username-change request; when a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows an attacker to change the victim’s 1Panel username without consent. After the change, the victim is logged out and unable to log in with the previous username, resulting in account lockout and denial of service.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34410
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : 1Panel versions 1.10.33 - 2.0.15 contain a cross-site request forgery (CSRF) vulnerability in the Change Username functionality available from the settings panel (/settings/panel). The endpoint does not implement CSRF protections such as anti-CSRF tokens or Origin/Referer validation. An attacker can craft a malicious webpage that submits a username-change request; when a victim visits the page while authenticated, the browser includes valid session cookies and the request succeeds. This allows an attacker to change the victim’s 1Panel username without consent. After the change, the victim is logged out and unable to log in with the previous username, resulting in account lockout and denial of service.
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34416 - MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPO.DLL
CVE ID : CVE-2025-34416
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34416
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34417 - MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISO.DLL
CVE ID : CVE-2025-34417
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34417
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISO.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISO.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34418 - MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIMF.DLL
CVE ID : CVE-2025-34418
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIMF.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIMF.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34418
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIMF.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIMF.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34419 - MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISM.DLL
CVE ID : CVE-2025-34419
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISM.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISM.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34419
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISM.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISM.DLL, which is then loaded when the executable starts, resulting in execution of attacker-controlled code with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34420 - MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAM.DLL
CVE ID : CVE-2025-34420
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIAM.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34420
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAM.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIAM.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34421 - MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAISP.DLL
CVE ID : CVE-2025-34421
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISP.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISP.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34421
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAISP.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAISP.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34422 - MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIPC.DLL
CVE ID : CVE-2025-34422
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPC.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34422
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIPC.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIPC.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34423 - MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIAU.DLL
CVE ID : CVE-2025-34423
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAU.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIAU.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34423
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIAU.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIAU.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34424 - MailEnable < 10.54 DLL Hijacking via Unsafe Loading of MEAIDP.DLL
CVE ID : CVE-2025-34424
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIDP.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIDP.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34424
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : MailEnable versions prior to 10.54 contain an unsafe DLL loading vulnerability that can lead to local arbitrary code execution. The MailEnable administrative executable attempts to load MEAIDP.DLL from its installation directory without sufficient integrity validation or a secure search order. A local attacker with write access to that directory can plant a malicious MEAIDP.DLL, which is then loaded on execution, resulting in attacker-controlled code running with the privileges of the process.
Severity: 8.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65803 - FreeImage Integer Overflow Denial of Service
CVE ID : CVE-2025-65803
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted PSD file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65803
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted PSD file.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65807 - Apache SD Command Privilege Escalation Vulnerability
CVE ID : CVE-2025-65807
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65807
Published : Dec. 10, 2025, 4:16 p.m. | 57 minutes ago
Description : An issue in sd command v1.0.0 and before allows attackers to escalate privileges to root via a crafted command.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67635 - Jenkins HTTP-Based CLI Connection Closure Vulnerability
CVE ID : CVE-2025-67635
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67635
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not properly close HTTP-based CLI connections when the connection stream becomes corrupted, allowing unauthenticated attackers to cause a denial of service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67636 - Jenkins Missing Permission Check Vulnerability
CVE ID : CVE-2025-67636
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67636
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : A missing permission check in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers with View/Read permission to view encrypted password values in views.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67637 - Jenkins Unencrypted Build Authorization Token Storage Vulnerability
CVE ID : CVE-2025-67637
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67637
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : Jenkins 2.540 and earlier, LTS 2.528.2 and earlier stores build authorization tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67638 - Jenkins Build Authorization Token Information Disclosure
CVE ID : CVE-2025-67638
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67638
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : Jenkins 2.540 and earlier, LTS 2.528.2 and earlier does not mask build authorization tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67639 - Jenkins CSRF Authentication Bypass
CVE ID : CVE-2025-67639
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67639
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : A cross-site request forgery (CSRF) vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67640 - Jenkins Git Client Plugin OS Command Injection
CVE ID : CVE-2025-67640
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67640
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : Jenkins Git client Plugin 6.4.0 and earlier does not not correctly escape the path to the workspace directory as part of an argument in a temporary shell script generated by the plugin, allowing attackers able to control the workspace directory name to inject arbitrary OS commands.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67641 - Jenkins Coverage Plugin Stored XSS Vulnerability
CVE ID : CVE-2025-67641
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : Jenkins Coverage Plugin 2.3054.ve1ff7b_a_a_123b_ and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a `javascript:` scheme URL as identifier by configuring the job through the REST API, resulting in a stored cross-site scripting (XSS) vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67641
Published : Dec. 10, 2025, 4:50 p.m. | 23 minutes ago
Description : Jenkins Coverage Plugin 2.3054.ve1ff7b_a_a_123b_ and earlier does not validate the configured coverage results ID when creating coverage results, only when submitting the job configuration through the UI, allowing attackers with Item/Configure permission to use a `javascript:` scheme URL as identifier by configuring the job through the REST API, resulting in a stored cross-site scripting (XSS) vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...