🚨 CVE-2025-12972
Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.
🎖@cveNotify
Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. This allows attackers with network access to craft tags containing path traversal sequences that cause Fluent Bit to write files outside the intended output directory.
🎖@cveNotify
fluentbit.io
v4.1.0
Next generation Telemetry Agent for Logs, Metrics and Traces.
🚨 CVE-2025-12977
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.
🎖@cveNotify
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. Because tags influence routing and some outputs derive filenames or contents from tags, this can allow newline injection, path traversal, forged record injection, or log misrouting, impacting data integrity and log routing.
🎖@cveNotify
fluentbit.io
v4.1.0
Next generation Telemetry Agent for Logs, Metrics and Traces.
🚨 CVE-2025-12978
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.
🎖@cveNotify
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed access to these input endpoints can exploit this behavior to manipulate tags and redirect records to unintended destinations. This compromises the authenticity of ingested logs and can allow injection of forged data, alert flooding and routing manipulation.
🎖@cveNotify
fluentbit.io
v4.1.0
Next generation Telemetry Agent for Logs, Metrics and Traces.
🚨 CVE-2025-26155
NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.
🎖@cveNotify
NCP Secure Enterprise Client 13.18 and NCP Secure Entry Windows Client 13.19 have an Untrusted Search Path vulnerability.
🎖@cveNotify
🚨 CVE-2025-50433
An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts.
🎖@cveNotify
An issue was discovered in imonnit.com (2025-04-24) allowing malicious actors to gain escalated privileges via crafted password reset to take over arbitrary user accounts.
🎖@cveNotify
🚨 CVE-2025-65670
An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.
🎖@cveNotify
An Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts to a normal state restricting access.
🎖@cveNotify
ClassroomIO
ClassroomIO | The Open Source Learning Management System for Companies
A flexible, user-friendly platform for creating, managing, and delivering courses for companies and training organisations
🚨 CVE-2025-65202
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges.
🎖@cveNotify
TRENDnet TEW-657BRM 1.00.1 has an authenticated remote OS command injection vulnerability in the setup.cgi binary, exploitable via the HTTP parameters "command", "todo", and "next_file," which allows an attacker to execute arbitrary commands with root privileges.
🎖@cveNotify
GitHub
GitHub - WhereisRain/TEW-657BRM
Contribute to WhereisRain/TEW-657BRM development by creating an account on GitHub.
🚨 CVE-2025-59302
In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is found in the following APIs which are accessible only to admins.
* quotaTariffCreate
* quotaTariffUpdate
* createSecondaryStorageSelector
* updateSecondaryStorageSelector
* updateHost
* updateStorage
This issue affects Apache CloudStack: from 4.18.0 before 4.20.2, from 4.21.0 before 4.22.0. Users are recommended to upgrade to versions 4.20.2 or 4.22.0, which contain the fix.
The fix introduces a new global configuration flag, js.interpretation.enabled, allowing administrators to control the interpretation of JavaScript expressions in these APIs, thereby mitigating the code injection risk.
🎖@cveNotify
In Apache CloudStack improper control of generation of code ('Code Injection') vulnerability is found in the following APIs which are accessible only to admins.
* quotaTariffCreate
* quotaTariffUpdate
* createSecondaryStorageSelector
* updateSecondaryStorageSelector
* updateHost
* updateStorage
This issue affects Apache CloudStack: from 4.18.0 before 4.20.2, from 4.21.0 before 4.22.0. Users are recommended to upgrade to versions 4.20.2 or 4.22.0, which contain the fix.
The fix introduces a new global configuration flag, js.interpretation.enabled, allowing administrators to control the interpretation of JavaScript expressions in these APIs, thereby mitigating the code injection risk.
🎖@cveNotify
🚨 CVE-2025-11156
Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, a local, authenticated user with Administrator privileges can improperly load the driver as a generic kernel service. This triggers the flaw, causing a system crash (Blue-Screen-of-Death) and resulting in a Denial of Service (DoS) for the affected machine.
🎖@cveNotify
Netskope was notified about a potential gap in its agent (NS Client) on Windows systems. If this gap is successfully exploited, a local, authenticated user with Administrator privileges can improperly load the driver as a generic kernel service. This triggers the flaw, causing a system crash (Blue-Screen-of-Death) and resulting in a Denial of Service (DoS) for the affected machine.
🎖@cveNotify
Netskope
NSKPSA-2025-004
Netskope Security Advisory NSKPSA-2024-005. Severity - Medium. Endpoint DLP Driver Improper Service Loading Vulnerability
🚨 CVE-2025-12638
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical filter='data' parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory. This can lead to arbitrary file writes outside the cache directory, enabling potential system compromise or malicious code execution. The vulnerability affects Keras installations that process tar archives with get_file() and does not affect versions where this extraction method is secured with the appropriate filter parameter.
🎖@cveNotify
Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical filter='data' parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory. This can lead to arbitrary file writes outside the cache directory, enabling potential system compromise or malicious code execution. The vulnerability affects Keras installations that process tar archives with get_file() and does not affect versions where this extraction method is secured with the appropriate filter parameter.
🎖@cveNotify
🚨 CVE-2025-51733
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
🎖@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
🎖@cveNotify
Gist
4-CVEs.txt
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2025-51734
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
🎖@cveNotify
Cross-site scripting (XSS) vulnerability in HCL Technologies Ltd. Unica 12.0.0.
🎖@cveNotify
Gist
4-CVEs.txt
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2025-51735
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
🎖@cveNotify
CSV formula injection vulnerability in HCL Technologies Ltd. Unica 12.0.0.
🎖@cveNotify
Gist
4-CVEs.txt
GitHub Gist: instantly share code, notes, and snippets.
🚨 CVE-2025-59790
Improper Privilege Management vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0.
Users are recommended to upgrade to version 2.14.0, which fixes the issue.
🎖@cveNotify
Improper Privilege Management vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from v2.9.0 through v2.13.0.
Users are recommended to upgrade to version 2.14.0, which fixes the issue.
🎖@cveNotify
🚨 CVE-2025-59792
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0.
Users are recommended to upgrade to version 2.14.0, which fixes the issue.
🎖@cveNotify
Reveals plaintext credentials in the MONITOR command vulnerability in Apache Kvrocks.
This issue affects Apache Kvrocks: from 1.0.0 through 2.13.0.
Users are recommended to upgrade to version 2.14.0, which fixes the issue.
🎖@cveNotify
🚨 CVE-2025-27062
Memory corruption while handling client exceptions, allowing unauthorized channel access.
🎖@cveNotify
Memory corruption while handling client exceptions, allowing unauthorized channel access.
🎖@cveNotify
🚨 CVE-2025-21488
Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
🎖@cveNotify
Information disclosure while decoding this RTP packet headers received by UE from the network when the padding bit is set.
🎖@cveNotify
🚨 CVE-2025-27032
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
🎖@cveNotify
memory corruption while loading a PIL authenticated VM, when authenticated VM image is loaded without maintaining cache coherency.
🎖@cveNotify
🚨 CVE-2025-33187
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.
🎖@cveNotify
NVIDIA DGX Spark GB10 contains a vulnerability in SROOT, where an attacker could use privileged access to gain access to SoC protected areas. A successful exploit of this vulnerability might lead to code execution, information disclosure, data tampering, denial of service, or escalation of privileges.
🎖@cveNotify