CVE-2025-34451 - rofl0r/proxychains-ng <= 4.17 Stack-based Buffer Overflow
CVE ID : CVE-2025-34451
Published : Dec. 18, 2025, 9:16 p.m. | 1 hour, 3 minutes ago
Description : rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34451
Published : Dec. 18, 2025, 9:16 p.m. | 1 hour, 3 minutes ago
Description : rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long username or password fields, the application may write beyond the bounds of fixed-size stack buffers, leading to memory corruption or crashes. This vulnerability may allow denial of service and, under certain conditions, could be leveraged for further exploitation depending on the execution environment and applied mitigations.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-34452 - Streama Subtitle Download Path Traversal and SSRF Leading to Arbitrary File Write
CVE ID : CVE-2025-34452
Published : Dec. 18, 2025, 9:30 p.m. | 49 minutes ago
Description : Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery (SSRF) vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download functionality, where user-controlled parameters are used to fetch remote content and construct file paths without proper validation. By supplying a crafted subtitle download URL and a path traversal sequence in the file name, an attacker can write files to arbitrary locations on the server, potentially leading to remote code execution.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-34452
Published : Dec. 18, 2025, 9:30 p.m. | 49 minutes ago
Description : Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery (SSRF) vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download functionality, where user-controlled parameters are used to fetch remote content and construct file paths without proper validation. By supplying a crafted subtitle download URL and a path traversal sequence in the file name, an attacker can write files to arbitrary locations on the server, potentially leading to remote code execution.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68388 - Packetbeat Allocation of Resources Without Limits or Throttling
CVE ID : CVE-2025-68388
Published : Dec. 18, 2025, 9:33 p.m. | 46 minutes ago
Description : Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to denial-of-service in Packetbeat.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68388
Published : Dec. 18, 2025, 9:33 p.m. | 46 minutes ago
Description : Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to denial-of-service in Packetbeat.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68381 - Packetbeat Improper Bounds Check
CVE ID : CVE-2025-68381
Published : Dec. 18, 2025, 9:51 p.m. | 28 minutes ago
Description : Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68381
Published : Dec. 18, 2025, 9:51 p.m. | 28 minutes ago
Description : Improper Bounds Check (CWE-787) in Packetbeat can allow a remote unauthenticated attacker to exploit a Buffer Overflow (CAPEC-100) and reliably crash the application or cause significant resource exhaustion via a single crafted UDP packet with an invalid fragment sequence number.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68382 - Packetbeat Out-of-bounds Read
CVE ID : CVE-2025-68382
Published : Dec. 18, 2025, 9:56 p.m. | 24 minutes ago
Description : Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68382
Published : Dec. 18, 2025, 9:56 p.m. | 24 minutes ago
Description : Out-of-bounds read (CWE-125) allows an unauthenticated remote attacker to perform a buffer overflow (CAPEC-100) via the NFS protocol dissector, leading to a denial-of-service (DoS) through a reliable process crash when handling truncated XDR-encoded RPC messages.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13427 - Authentication Bypass in Dialogflow CX Messenger
CVE ID : CVE-2025-13427
Published : Dec. 18, 2025, 9:57 p.m. | 22 minutes ago
Description : An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific API requests. All versions after August 20th, 2025 have been updated to protect from this vulnerability. No user action is required for this.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13427
Published : Dec. 18, 2025, 9:57 p.m. | 22 minutes ago
Description : An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific API requests. All versions after August 20th, 2025 have been updated to protect from this vulnerability. No user action is required for this.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68383 - Filebeat Improper Validation of Specified Index, Position, or Offset in Input
CVE ID : CVE-2025-68383
Published : Dec. 18, 2025, 10 p.m. | 20 minutes ago
Description : Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68383
Published : Dec. 18, 2025, 10 p.m. | 20 minutes ago
Description : Improper Validation of Specified Index, Position, or Offset in Input (CWE-1285) in Filebeat Syslog parser and the Libbeat Dissect processor can allow a user to trigger a Buffer Overflow (CAPEC-100) and cause a denial of service (panic/crash) of the Filebeat process via either a malformed Syslog message or a malicious tokenizer pattern in the Dissect configuration.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65046 - Microsoft Edge (Chromium-based) Spoofing Vulnerability
CVE ID : CVE-2025-65046
Published : Dec. 18, 2025, 10:01 p.m. | 18 minutes ago
Description : None
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65046
Published : Dec. 18, 2025, 10:01 p.m. | 18 minutes ago
Description : None
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64663 - Custom Question Answering Elevation of Privilege Vulnerability
CVE ID : CVE-2025-64663
Published : Dec. 18, 2025, 10:02 p.m. | 18 minutes ago
Description : None
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64663
Published : Dec. 18, 2025, 10:02 p.m. | 18 minutes ago
Description : None
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65041 - Microsoft Partner Center Elevation of Privilege Vulnerability
CVE ID : CVE-2025-65041
Published : Dec. 18, 2025, 10:02 p.m. | 18 minutes ago
Description : None
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65041
Published : Dec. 18, 2025, 10:02 p.m. | 18 minutes ago
Description : None
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65037 - Azure Container Apps Remote Code Execution Vulnerability
CVE ID : CVE-2025-65037
Published : Dec. 18, 2025, 10:02 p.m. | 18 minutes ago
Description : None
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65037
Published : Dec. 18, 2025, 10:02 p.m. | 18 minutes ago
Description : None
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64676 - Microsoft Purview eDiscovery Remote Code Execution Vulnerability
CVE ID : CVE-2025-64676
Published : Dec. 18, 2025, 10:02 p.m. | 18 minutes ago
Description : None
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64676
Published : Dec. 18, 2025, 10:02 p.m. | 18 minutes ago
Description : None
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-64677 - Office Out-of-Box Experience Spoofing Vulnerability
CVE ID : CVE-2025-64677
Published : Dec. 18, 2025, 10:02 p.m. | 18 minutes ago
Description : None
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-64677
Published : Dec. 18, 2025, 10:02 p.m. | 18 minutes ago
Description : None
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68384 - Elasticsearch Allocation of Resources Without Limits or Throttling
CVE ID : CVE-2025-68384
Published : Dec. 18, 2025, 10:04 p.m. | 15 minutes ago
Description : Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68384
Published : Dec. 18, 2025, 10:04 p.m. | 15 minutes ago
Description : Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68279 - Weblate has an arbitrary file read via symbolic links
CVE ID : CVE-2025-68279
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68279
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to read arbitrary files from the server file system using crafted symbolic links in the repository. Version 5.15.1 fixes the issue.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68385 - Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE ID : CVE-2025-68385
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a method in Vega bypassing a previous Vega XSS mitigation.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68385
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a method in Vega bypassing a previous Vega XSS mitigation.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68386 - Kibana Improper Authorization
CVE ID : CVE-2025-68386
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to change a document's sharing type to "global," even though they do not have permission to do so, making it visible to everyone in the space via a crafted a HTTP request.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68386
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Improper Authorization (CWE-285) in Kibana can lead to privilege escalation (CAPEC-233) by allowing an authenticated user to change a document's sharing type to "global," even though they do not have permission to do so, making it visible to everyone in the space via a crafted a HTTP request.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68387 - Kibana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE ID : CVE-2025-68387
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a vulnerability a function handler in the Vega AST evaluator.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68387
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an unauthenticated user to embed a malicious script in content that will be served to web browsers causing cross-site scripting (XSS) (CAPEC-63) via a vulnerability a function handler in the Vega AST evaluator.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68389 - Kibana Allocation of Resources Without Limits or Throttling
CVE ID : CVE-2025-68389
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68389
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Allocation of Resources Without Limits or Throttling (CWE-770) in Kibana can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) of computing resources and a denial of service (DoS) of the Kibana process via a crafted HTTP request.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68390 - Elasticsearch Allocation of Resources Without Limits or Throttling
CVE ID : CVE-2025-68390
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68390
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow an authenticated user with snapshot restore privileges to cause Excessive Allocation (CAPEC-130) of memory and a denial of service (DoS) via crafted HTTP request.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-68398 - Weblate has git config file overwrite vulnerability that leads to remote code execution
CVE ID : CVE-2025-68398
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68398
Published : Dec. 18, 2025, 11:15 p.m. | 3 hours, 5 minutes ago
Description : Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...