π¨ CVE-2025-54090
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true".
Users are recommended to upgrade to version 2.4.65, which fixes the issue.
π@cveNotify
A bug in Apache HTTP Server 2.4.64 results in all "RewriteCond expr ..." tests evaluating as "true".
Users are recommended to upgrade to version 2.4.65, which fixes the issue.
π@cveNotify
httpd.apache.org
Apache HTTP Server 2.4 vulnerabilities - The Apache HTTP Server Project
π¨ CVE-2025-8114
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
π@cveNotify
A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash.
π@cveNotify
π¨ CVE-2025-5449
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.
π@cveNotify
A flaw was found in the SFTP server message decoding logic of libssh. The issue occurs due to an incorrect packet length check that allows an integer overflow when handling large payload sizes on 32-bit systems. This issue leads to failed memory allocation and causes the server process to crash, resulting in a denial of service.
π@cveNotify
π¨ CVE-2024-51465
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
π@cveNotify
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
π@cveNotify
Ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to arbitrary code executionβ¦
IBM App Connect Enterprise Certified Container operator allows arbitrary code execution by an IntegrationRuntime or IntegrationServer due to insufficient checks on the operands configuration. This bulletin provides patch information to address the reportedβ¦
π¨ CVE-2024-51462
IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.
π@cveNotify
IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data.
π@cveNotify
Ibm
Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities
IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities. IBM has addressed the relevant vulnerabilities
π¨ CVE-2024-22347
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
π@cveNotify
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
π@cveNotify
Ibm
Security Bulletin: IBM DevOps Velocity is vulnerable due to multiple misconfigurations
Multiple vulnerabilities in IBM DevOps Velocity have been address in IBM DevOps Velocity version 5.0.1
π¨ CVE-2024-22349
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.
π@cveNotify
IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 allows web pages to be stored locally which can be read by another user on the system.
π@cveNotify
Ibm
Security Bulletin: IBM DevOps Velocity is vulnerable due to multiple misconfigurations
Multiple vulnerabilities in IBM DevOps Velocity have been address in IBM DevOps Velocity version 5.0.1
π¨ CVE-2025-1950
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
π@cveNotify
IBM Hardware Management Console - Power Systems V10.2.1030.0 and V10.3.1050.0 could allow a local user to execute commands locally due to improper validation of libraries of an untrusted source.
π@cveNotify
Ibm
Security Bulletin: Incorrect permission of environment variable (CVE-2025-1950) affects Power HMC
Vulnerability is due to incorrect permission of environment variable results in privilege escalation on Power Hardware Management Console (HMC). HMC has addressed the applicable CVE.
π¨ CVE-2023-38007
IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
π@cveNotify
IBM Cloud Pak System 2.3.5.0, 2.3.3.7, 2.3.3.7 iFix1 on Power and 2.3.3.6, 2.3.3.6 iFix1, 2.3.3.6 iFix2, 2.3.4.0, 2.3.4.1 on Intel operating systems is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
π@cveNotify
Ibm
Security Bulletin: IBM Cloud Pak System is vulnerable to HTML injection[CVE-2023-38007].
IBM Cloud Pak System is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. Vulnerability was addressed in IBMβ¦
π¨ CVE-2025-1991
IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.
π@cveNotify
IBM Informix Dynamic Server 12.10,14.10, and15.0 could allow a remote attacker to cause a denial of service due to an integer underflow when processing packets.
π@cveNotify
Ibm
Security Bulletin: Fixes availabile for CVE-2025-1991 H1-2581021: 'An Integer Underflow During Informix Server Protocol Packetβ¦
Fixes available for CVE-2025-1991 H1-2581021: 'An Integer Underflow During Informix Server Protocol Packet Processing Allows Attackers to Carry out a Denial-of-Service Attack'
π¨ CVE-2025-2895
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
π@cveNotify
IBM Cloud Pak System 2.3.3.6, 2.3.36 iFix1, 2.3.3.7, 2.3.3.7 iFix1, 2.3.4.0, 2.3.4.1, and 2.3.4.1 iFix1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
π@cveNotify
Ibm
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System[CVE-2020-5256, CVE-2025-2895]
Multiple Vulnerabilities were addressed in IBM Cloud Pak System. IBM Cloud Pak System is affected to Prototype Pollution due to Dojo and HTML Injection in JavaScript.
π¨ CVE-2025-1351
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
π@cveNotify
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function.
π@cveNotify
Ibm
Security Bulletin: Vulnerability in login affects IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and IBM FlashSystemβ¦
A vulnerability in the login system affects IBM Storage Virtualize products and could cause denial of service. CVE-2025-1351.
π¨ CVE-2025-49563
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Illustrator | APSB25-74
π¨ CVE-2025-49564
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Illustrator | APSB25-74
π¨ CVE-2025-49567
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Illustrator | APSB25-74
π¨ CVE-2025-49568
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Illustrator versions 28.7.8, 29.6.1 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
π@cveNotify
Adobe
Adobe Security Bulletin
Security Updates Available for Adobe Illustrator | APSB25-74
π¨ CVE-2025-47954
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
π@cveNotify
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
π@cveNotify
π¨ CVE-2025-49758
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
π@cveNotify
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
π@cveNotify
π¨ CVE-2025-49759
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
π@cveNotify
Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network.
π@cveNotify
π¨ CVE-2023-51598
Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DOC files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20384.
π@cveNotify
Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hancom Office Word. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of DOC files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20384.
π@cveNotify
Zerodayinitiative
ZDI-23-1855
(0Day) Hancom Office Word DOC File Parsing Use-After-Free Remote Code Execution Vulnerability
π¨ CVE-2021-34947
NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-13055.
π@cveNotify
NETGEAR R7800 net-cgi Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R7800 routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the parsing of the soap_block_table file. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of root.
. Was ZDI-CAN-13055.
π@cveNotify
NETGEAR KB
Security Advisory for Pre-Authentication Buffer Overflow on Multiple Products, PSV-2021-0129
Associated ZDI ID: ZDI-CAN-13055 First published: 2021-09-24 NETGEAR has released fixes for a pre-authentication buffer overflow security vulnerability on the following product models: D7800 EX2700 EX6100v2 EX6150v2 EX6200v2 EX6250 EX6400 EX6400v2 EX6410β¦