🚨 CVE-2024-42444
APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.
🎖@cveNotify
APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device.
🎖@cveNotify
🚨 CVE-2024-33659
AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability.
🎖@cveNotify
AMI APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation by a local attacker. Successful exploitation of these vulnerabilities may lead to overwriting arbitrary memory and execute arbitrary code at SMM level, also impacting Confidentiality, Integrity, and Availability.
🎖@cveNotify
🚨 CVE-2024-45744
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.
🎖@cveNotify
TopQuadrant TopBraid EDG stores external credentials insecurely. An authenticated attacker with file system access can read edg-setup.properites and obtain the secret to decrypt external passwords stored in edg-vault.properties. An authenticated attacker could gain file system access using a separate vulnerability such as CVE-2024-45745. At least version 7.1.3 is affected. Version 7.3 adds HashiCorp Vault integration that does not store external passwords locally. Version 8.3.0 warns when using plain text secrets.
🎖@cveNotify
🚨 CVE-2024-10934
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021,
avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
🎖@cveNotify
In OpenBSD 7.5 before errata 008 and OpenBSD 7.4 before errata 021,
avoid possible mbuf double free in NFS client and server implementation, do not use uninitialized variable in error handling of NFS server.
🎖@cveNotify
🚨 CVE-2024-52331
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.
🎖@cveNotify
ECOVACS robot lawnmowers and vacuums use a deterministic symmetric key to decrypt firmware updates. An attacker can create and encrypt malicious firmware that will be successfully decrypted and installed by the robot.
🎖@cveNotify
🚨 CVE-2025-0124
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files.
The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue affects Cloud NGFW. However, this issue does not affect Prisma® Access software.
🎖@cveNotify
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but does not include system files.
The attacker must have network access to the management web interface to exploit this issue. You greatly reduce the risk of this issue by restricting access to the management web interface to only trusted internal IP addresses according to our recommended critical deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .
This issue affects Cloud NGFW. However, this issue does not affect Prisma® Access software.
🎖@cveNotify
Palo Alto Networks Product Security Assurance
CVE-2025-0124 PAN-OS: Authenticated File Deletion Vulnerability on the Management Web Interface
An authenticated file deletion vulnerability in the Palo Alto Networks PAN-OS® software enables an authenticated attacker with network access to the management web interface to delete certain files as...
🚨 CVE-2025-20979
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.
🎖@cveNotify
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to execute arbitrary code.
🎖@cveNotify
🚨 CVE-2025-57852
A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
🎖@cveNotify
A container privilege escalation flaw was found in KServe ModelMesh container images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container.
🎖@cveNotify
🚨 CVE-2025-10725
A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.
🎖@cveNotify
A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. This allows for the complete compromise of the cluster's confidentiality, integrity, and availability. The attacker can steal sensitive data, disrupt all services, and take control of the underlying infrastructure, leading to a total breach of the platform and all applications hosted on it.
🎖@cveNotify
🚨 CVE-2025-56392
An Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request.
🎖@cveNotify
An Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate other users and perform arbitrary operations via a crafted POST request.
🎖@cveNotify
GitHub
vulnerability-research/CVE-2025-56392 at main · Zelilac/vulnerability-research
This repository contains information on the CVEs I found. - Zelilac/vulnerability-research
🚨 CVE-2025-57389
A reflected cross-site scripted (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.
🎖@cveNotify
A reflected cross-site scripted (XSS) vulnerability in the /admin/system/packages endpoint of Luci OpenWRT v18.06.2 allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload.
🎖@cveNotify
GitHub
GitHub - amalcew/CVE-2025-57389: A reflected cross-site scripting vulnerability in OpenWRT v18.06.2
A reflected cross-site scripting vulnerability in OpenWRT v18.06.2 - GitHub - amalcew/CVE-2025-57389: A reflected cross-site scripting vulnerability in OpenWRT v18.06.2
🚨 CVE-2025-59531
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. Without a configured webhook.bitbucketserver.secret, Argo CD's /api/webhook endpoint crashes when receiving a malformed Bitbucket Server payload (non-array repository.links.clone field). A single unauthenticated request triggers CrashLoopBackOff, and targeting all replicas causes complete API outage. This issue is fixed in versions 2.14.20, 3.2.0-rc2, 3.1.8 and 3.0.19.
🎖@cveNotify
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions 1.2.0 through 1.8.7, 2.0.0-rc1 through 2.14.19, 3.0.0-rc1 through 3.2.0-rc1, 3.1.7 and 3.0.18 are vulnerable to malicious API requests which can crash the API server and cause denial of service to legitimate clients. Without a configured webhook.bitbucketserver.secret, Argo CD's /api/webhook endpoint crashes when receiving a malformed Bitbucket Server payload (non-array repository.links.clone field). A single unauthenticated request triggers CrashLoopBackOff, and targeting all replicas causes complete API outage. This issue is fixed in versions 2.14.20, 3.2.0-rc2, 3.1.8 and 3.0.19.
🎖@cveNotify
GitHub
Merge commit from fork · argoproj/argo-cd@5c466a4
Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
🚨 CVE-2024-54849
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack.
🎖@cveNotify
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack.
🎖@cveNotify
🚨 CVE-2024-52979
Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
🎖@cveNotify
Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
🎖@cveNotify
Discuss the Elastic Stack
Elasticsearch 7.17.25 and 8.16.0 Security Update (ESA-2024-40)
Elasticsearch Uncontrolled Resource Consumption vulnerability(ESA-2024-40) Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch…
🚨 CVE-2025-25016
Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation.
🎖@cveNotify
Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation.
🎖@cveNotify
Discuss the Elastic Stack
Kibana 7.17.19 and 8.13.0 Security Update (ESA-2024-47)
Kibana Unrestricted Upload of File (ESA-2024-47) Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation. Affected Versions: 7.17.0…
🚨 CVE-2025-2905
An XML External Entity (XXE) vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution.
This vulnerability can be exploited by an unauthenticated remote attacker to read files from the server’s filesystem or perform denial-of-service (DoS) attacks.
*
On systems running JDK 7 or early JDK 8, full file contents may be exposed.
*
On later versions of JDK 8 and newer, only the first line of a file may be read, due to improvements in XML parser behavior.
*
DoS attacks such as "Billion Laughs" payloads can cause service disruption.
🎖@cveNotify
An XML External Entity (XXE) vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution.
This vulnerability can be exploited by an unauthenticated remote attacker to read files from the server’s filesystem or perform denial-of-service (DoS) attacks.
*
On systems running JDK 7 or early JDK 8, full file contents may be exposed.
*
On later versions of JDK 8 and newer, only the first line of a file may be read, due to improvements in XML parser behavior.
*
DoS attacks such as "Billion Laughs" payloads can cause service disruption.
🎖@cveNotify
Wso2
Security Advisory WSO2-2025-3993/CVE-2025-2905
Documentation for WSO2 Security and Compliance
🚨 CVE-2025-25014
A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
🎖@cveNotify
A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
🎖@cveNotify
Discuss the Elastic Stack
Kibana 8.17.6, 8.18.1, or 9.0.1 Security Update (ESA-2025-07)
Kibana arbitrary code execution via prototype pollution (ESA-2025-07) A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. Affected Versions: 8.3.0 to 8.17.5…
🚨 CVE-2025-20980
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.
🎖@cveNotify
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.
🎖@cveNotify
🚨 CVE-2025-4533
A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
v3.8.0存在zip Bomb漏洞 · Issue #8199 · jeecgboot/JeecgBoot
版本号: v3.8.0 问题描述: 1. 概述 JeecgBoot的上传文档库功能存在zip 炸弹漏洞。 漏洞路径 后台-->AI大模型-->AI知识库-->文档库上传 2. 漏洞影响 系统资源(磁盘空间)被大量占用,导致服务不可用。 3. 漏洞成因 org.jeecg.modules.airag.llm.service.impl.AiragKnowledgeDocServ...
🚨 CVE-2025-54095
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
🎖@cveNotify
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
🎖@cveNotify