🚨 CVE-2025-25016
Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation.
🎖@cveNotify
Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation.
🎖@cveNotify
Discuss the Elastic Stack
Kibana 7.17.19 and 8.13.0 Security Update (ESA-2024-47)
Kibana Unrestricted Upload of File (ESA-2024-47) Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation. Affected Versions: 7.17.0…
🚨 CVE-2025-2905
An XML External Entity (XXE) vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution.
This vulnerability can be exploited by an unauthenticated remote attacker to read files from the server’s filesystem or perform denial-of-service (DoS) attacks.
*
On systems running JDK 7 or early JDK 8, full file contents may be exposed.
*
On later versions of JDK 8 and newer, only the first line of a file may be read, due to improvements in XML parser behavior.
*
DoS attacks such as "Billion Laughs" payloads can cause service disruption.
🎖@cveNotify
An XML External Entity (XXE) vulnerability exists in the gateway component of WSO2 API Manager due to insufficient validation of XML input in crafted URL paths. User-supplied XML is parsed without appropriate restrictions, enabling external entity resolution.
This vulnerability can be exploited by an unauthenticated remote attacker to read files from the server’s filesystem or perform denial-of-service (DoS) attacks.
*
On systems running JDK 7 or early JDK 8, full file contents may be exposed.
*
On later versions of JDK 8 and newer, only the first line of a file may be read, due to improvements in XML parser behavior.
*
DoS attacks such as "Billion Laughs" payloads can cause service disruption.
🎖@cveNotify
Wso2
Security Advisory WSO2-2025-3993/CVE-2025-2905
Documentation for WSO2 Security and Compliance
🚨 CVE-2025-25014
A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
🎖@cveNotify
A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints.
🎖@cveNotify
Discuss the Elastic Stack
Kibana 8.17.6, 8.18.1, or 9.0.1 Security Update (ESA-2025-07)
Kibana arbitrary code execution via prototype pollution (ESA-2025-07) A Prototype pollution vulnerability in Kibana leads to arbitrary code execution via crafted HTTP requests to machine learning and reporting endpoints. Affected Versions: 8.3.0 to 8.17.5…
🚨 CVE-2025-20980
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.
🎖@cveNotify
Out-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.
🎖@cveNotify
🚨 CVE-2025-4533
A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
🎖@cveNotify
GitHub
v3.8.0存在zip Bomb漏洞 · Issue #8199 · jeecgboot/JeecgBoot
版本号: v3.8.0 问题描述: 1. 概述 JeecgBoot的上传文档库功能存在zip 炸弹漏洞。 漏洞路径 后台-->AI大模型-->AI知识库-->文档库上传 2. 漏洞影响 系统资源(磁盘空间)被大量占用,导致服务不可用。 3. 漏洞成因 org.jeecg.modules.airag.llm.service.impl.AiragKnowledgeDocServ...
🚨 CVE-2025-54095
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
🎖@cveNotify
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
🎖@cveNotify
🚨 CVE-2025-54096
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
🎖@cveNotify
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
🎖@cveNotify
🚨 CVE-2025-54097
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
🎖@cveNotify
Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network.
🎖@cveNotify
🚨 CVE-2025-54098
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Improper access control in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2025-54099
Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Stack-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2025-54104
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Access of resource using incompatible type ('type confusion') in Windows Defender Firewall Service allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2025-54105
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally.
🎖@cveNotify
🚨 CVE-2025-54106
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
🎖@cveNotify
Integer overflow or wraparound in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.
🎖@cveNotify
🚨 CVE-2025-54107
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
🎖@cveNotify
Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network.
🎖@cveNotify
🚨 CVE-2024-8612
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.
🎖@cveNotify
A flaw was found in QEMU, in the virtio-scsi, virtio-blk, and virtio-crypto devices. The size for virtqueue_push as set in virtio_scsi_complete_req / virtio_blk_req_complete / virito_crypto_req_complete could be larger than the true size of the data which has been sent to guest. Once virtqueue_push() finally calls dma_memory_unmap to ummap the in_iov, it may call the address_space_write function to write back the data. Some uninitialized data may exist in the bounce.buffer, leading to an information leak.
🎖@cveNotify
🚨 CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
🎖@cveNotify
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
🎖@cveNotify
🚨 CVE-2024-55218
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.
🎖@cveNotify
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter.
🎖@cveNotify
resources.s4e.io
IceWarp Server 10.2.1 Reflected XSS Vulnerability (CVE-2024-55218)
What is IceWarp Server? IceWarp Server is an all-in-one communication platform that provides email, chat, and collaborative tools for businesses. It is widely used due to its flexibility, scalability, and ease of integration into corporate environments. However…
🚨 CVE-2024-41910
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used.
🎖@cveNotify
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware contained multiple XSS vulnerabilities in the version of JavaScript used.
🎖@cveNotify
🚨 CVE-2024-41911
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.
🎖@cveNotify
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The flaw does not properly neutralize input during a web page generation.
🎖@cveNotify
🚨 CVE-2024-41913
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.
🎖@cveNotify
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly sanitize User input.
🎖@cveNotify
🚨 CVE-2024-41912
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.
🎖@cveNotify
A vulnerability was discovered in the firmware builds up to 10.10.2.2 in Poly Clariti Manager devices. The firmware flaw does not properly implement access controls.
🎖@cveNotify