🚨 CVE-2025-53513
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.
🎖@cveNotify
The /charms endpoint on a Juju controller lacked sufficient authorization checks, allowing any user with an account on the controller to upload a charm. Uploading a malicious charm that exploits a Zip Slip vulnerability could allow an attacker to gain access to a machine running a unit through the affected charm.
🎖@cveNotify
GitHub
Zip slip via authenticated endpoint
### Impact
Any user with a Juju account on a controller can upload a charm to the /charms endpoint.
No specific permissions are required - it's just sufficient for the user to exist in the ...
Any user with a Juju account on a controller can upload a charm to the /charms endpoint.
No specific permissions are required - it's just sufficient for the user to exist in the ...
🚨 CVE-2025-0928
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.
🎖@cveNotify
In Juju versions prior to 3.6.8 and 2.9.52, any authenticated controller user was allowed to upload arbitrary agent binaries to any model or to the controller itself, without verifying model membership or requiring explicit permissions. This enabled the distribution of poisoned binaries to new or upgraded machines, potentially resulting in remote code execution.
🎖@cveNotify
GitHub
Arbitrary executable upload via authenticated endpoint without authorization
### Summary
You can affect the agent binaries used in a Juju controller and the code that is run in the binaries by simply having a user account on a controller. You aren't required to have a ...
You can affect the agent binaries used in a Juju controller and the code that is run in the binaries by simply having a user account on a controller. You aren't required to have a ...
🚨 CVE-2022-23130
Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
🎖@cveNotify
Buffer Over-read vulnerability in Mitsubishi Electric MC Works64 versions 4.00A to 4.04E, Mitsubishi Electric GENESIS64 versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 and prior, Mitsubishi Electric ICONICS Suite versions 10.97 and prior, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, and Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior allows an attacker to cause a DoS condition in the database server by getting a legitimate user to import a configuration file containing specially crafted stored procedures into GENESIS64, ICONICS Suite, MC Works64, or GENESIS32 and execute commands against the database from GENESIS64, ICONICS Suite, MC Works64, or GENESIS32.
🎖@cveNotify
jvn.jp
JVNVU#95403720: 三菱電機製GENESIS64、ICONICS Suite、MC Works64およびGENESIS32における複数の脆弱性
Japan Vulnerability Notes
🚨 CVE-2024-1182
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.
🎖@cveNotify
Uncontrolled Search Path Element vulnerability in Mitsubishi Electric Iconics Digital Solutions GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite all versions, Mitsubishi Electric ICONICS Suite all versions, Mitsubishi Electric Iconics Digital Solutions GENESIS32 all versions, Mitsubishi Electric GENESIS32 all versions, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code by storing a specially crafted DLL in a specific folder when GENESIS64, ICONICS Suite, GENESIS32, and MC Works64 are installed with the Pager agent in the alarm multi-agent notification feature.
🎖@cveNotify
jvn.jp
JVNVU#98894016: 三菱電機製GENESIS64、ICONICS Suite、MC Works64、GENESIS32およびBizVizにおける複数の脆弱性
Japan Vulnerability Notes
🚨 CVE-2024-1573
Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.2, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.2, and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting.
* “Automatic log in” option is enabled in the security setting.
* The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account.
* The IcoAnyGlass IIS Application Pool account is included in GENESIS64 and MC Works64 Security and has permission to log in.
🎖@cveNotify
Missing Authentication for Critical Function vulnerability in the mobile monitoring feature of Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.2, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.2, and Mitsubishi Electric MC Works64 all versions allows a remote unauthenticated attacker to bypass proper authentication and log in to the system when all of the following conditions are met: * Active Directory is used in the security setting.
* “Automatic log in” option is enabled in the security setting.
* The IcoAnyGlass IIS Application Pool is running under an Active Directory Domain Account.
* The IcoAnyGlass IIS Application Pool account is included in GENESIS64 and MC Works64 Security and has permission to log in.
🎖@cveNotify
jvn.jp
JVNVU#98894016: 三菱電機製GENESIS64、ICONICS Suite、MC Works64、GENESIS32およびBizVizにおける複数の脆弱性
Japan Vulnerability Notes
🚨 CVE-2024-1574
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.2, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.2, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
🎖@cveNotify
Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric Iconics Digital Solutions ICONICS Suite versions 10.97 to 10.97.2, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.2, Mitsubishi Electric Iconics Digital Solutions GENESIS32 versions 9.7 and prior, Mitsubishi Electric GENESIS32 versions 9.7 and prior, Mitsubishi Electric Iconics Digital Solutions BizViz versions 9.7 and prior, Mitsubishi Electric BizViz versions 9.7 and prior, and Mitsubishi Electric MC Works64 all versions allows a local attacker to execute a malicious code with administrative privileges by tampering with a specific file that is not protected by the system.
🎖@cveNotify
jvn.jp
JVNVU#98894016: 三菱電機製GENESIS64、ICONICS Suite、MC Works64、GENESIS32およびBizVizにおける複数の脆弱性
Japan Vulnerability Notes
🚨 CVE-2025-62877
Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup.
🎖@cveNotify
Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup.
🎖@cveNotify
🚨 CVE-2025-69258
A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
🎖@cveNotify
A LoadLibraryEX vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to load an attacker-controlled DLL into a key executable, leading to execution of attacker-supplied code under the context of SYSTEM on affected installations.
🎖@cveNotify
🚨 CVE-2025-69259
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability..
🎖@cveNotify
A message unchecked NULL return value vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability..
🎖@cveNotify
🚨 CVE-2025-69260
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
🎖@cveNotify
A message out-of-bounds read vulnerability in Trend Micro Apex Central could allow a remote attacker to create a denial-of-service condition on affected installations.
Please note: authentication is not required in order to exploit this vulnerability.
🎖@cveNotify
🚨 CVE-2026-0719
A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.
🎖@cveNotify
A flaw was found in libsoup's NTLM (NT LAN Manager) authentication module. When NTLM authentication is enabled, a local attacker can exploit a stack-based buffer overflow vulnerability in the md4sum() function. This allows the attacker to overwrite adjacent memory, which may result in arbitrary code execution with the privileges of the affected application.
🎖@cveNotify
🚨 CVE-2024-37435
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Perfect Portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through 1.2.0.
🎖@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Perfect Portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through 1.2.0.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Perfect Portfolio Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-37450
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through 1.3.4.
🎖@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through 1.3.4.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Benevolent Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-14966
A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing manipulation of the argument custom/searchField can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing manipulation of the argument custom/searchField can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
🎖@cveNotify
🚨 CVE-2025-59301
Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denial of service.
🎖@cveNotify
Delta Electronics DVP15MC11T lacks proper validation of the modbus/tcp packets and can lead to denial of service.
🎖@cveNotify
🚨 CVE-2024-37451
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Travel Agency allows Cross Site Request Forgery.This issue affects Travel Agency: from n/a through 1.4.9.
🎖@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Travel Agency allows Cross Site Request Forgery.This issue affects Travel Agency: from n/a through 1.4.9.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Travel Agency Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-37503
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Lawyer Landing Page allows Cross Site Request Forgery.This issue affects Lawyer Landing Page: from n/a through 1.2.4.
🎖@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Lawyer Landing Page allows Cross Site Request Forgery.This issue affects Lawyer Landing Page: from n/a through 1.2.4.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Lawyer Landing Page Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2024-37508
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Construction Landing Page allows Cross Site Request Forgery.This issue affects Construction Landing Page: from n/a through 1.3.5.
🎖@cveNotify
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Construction Landing Page allows Cross Site Request Forgery.This issue affects Construction Landing Page: from n/a through 1.3.5.
🎖@cveNotify
Patchstack
Cross Site Request Forgery (CSRF) in WordPress Construction Landing Page Theme
Patchstack is the leading open source vulnerability research organization. Find information and protection for all WordPress, Drupal and Joomla security issues.
🚨 CVE-2025-55524
Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors.
🎖@cveNotify
Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors.
🎖@cveNotify
GitHub
agent-zero/python/api/restart.py at v0.8.7 · agent0ai/agent-zero
Agent Zero AI framework. Contribute to agent0ai/agent-zero development by creating an account on GitHub.
🚨 CVE-2025-14025
A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).
🎖@cveNotify
A flaw was found in Ansible Automation Platform (AAP). Read-only scoped OAuth2 API Tokens in AAP, are enforced at the Gateway level for Gateway-specific operations. However, this vulnerability allows read-only tokens to perform write operations on backend services (e.g., Controller, Hub, EDA). If this flaw were exploited, an attacker‘s capabilities would only be limited by role based access controls (RBAC).
🎖@cveNotify
Red Hat Customer Portal
Details regarding CVE-2025-14025 - Red Hat Customer Portal
This article is intended to provide additional guidance and best practices to ensure mitigation of the CVE CVE-2025-14025 until a patch is applied to your Ansible Automation Platform.
👍1
🚨 CVE-2025-8306
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.
Chained exploitation of this vulnerability and CVE-2025-8307 allows an attacker to escalate privileges. This vulnerability has been fixed in versions 4.50.1 and 5.38.0
🎖@cveNotify
Asseco InfoMedica is a comprehensive solution used to manage both administrative and medical tasks in the healthcare sector. A low privileged user is able to obtain encoded passwords of all other accounts (including main administrator) due to lack of granularity in access control.
Chained exploitation of this vulnerability and CVE-2025-8307 allows an attacker to escalate privileges. This vulnerability has been fixed in versions 4.50.1 and 5.38.0
🎖@cveNotify
cert.pl
Vulnerabilities in Asseco InfoMedica Plus software
CERT Polska has received a report about 2 vulnerabilities (CVE-2025-8306 and CVE-2025-8307) found in Asseco InfoMedica Plus software.