## Updated at UTC 2025-04-03T03:42:50.815756

Access data as JSON

CVE CVSS EPSS Posts Repos Nuclei Updated Description
CVE-2025-2704 0 0.00% 2 0 2025-04-03T02:15:20.240000 OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows re
CVE-2025-1860 None 0.02% 1 0 2025-04-03T00:32:35 Data::Entropy for Perl 0.007 and earlier use the rand() function as the default
CVE-2024-57882 5.5 0.02% 2 0 2025-04-03T00:31:31 In the Linux kernel, the following vulnerability has been resolved: mptcp: fix
CVE-2025-31479 8.2 0.00% 2 0 2025-04-02T22:36:04 ### Impact Users using the [`github-token` input](https://github.com/canonical/g
CVE-2025-31484 0 0.00% 2 0 2025-04-02T22:15:20.720000 conda-forge infrastructure holds common configurations and settings for key piec
CVE-2025-31477 0 0.00% 2 0 2025-04-02T22:15:20.420000 The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Ta
CVE-2025-30218 0 0.00% 2 0 2025-04-02T22:15:19.940000 Next.js is a React framework for building full-stack web applications. To mitiga
CVE-2025-2825 9.8 15.48% 10 1 template 2025-04-02T21:30:49 CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected b
CVE-2025-31283 None 0.00% 2 0 2025-04-02T18:31:04 A broken access control vulnerability previously discovered in the Trend Vision
CVE-2024-36337 7.9 0.00% 2 0 2025-04-02T18:31:04 Integer overflow within AMD NPU Driver could allow a local attacker to write out
CVE-2024-36336 7.9 0.00% 2 0 2025-04-02T18:30:59 Integer overflow within the AMD NPU Driver could allow a local attacker to write
CVE-2024-36328 7.3 0.00% 2 0 2025-04-02T18:30:59 Integer overflow within AMD NPU Driver could allow a local attacker to write out
CVE-2025-31286 0.0 0.00% 2 0 2025-04-02T17:15:49.290000 An HTML injection vulnerability previously discovered in Trend Vision One could
CVE-2025-31285 0.0 0.00% 2 0 2025-04-02T17:15:48.943000 A broken access control vulnerability previously discovered in the Trend Vision
CVE-2025-31284 0.0 0.00% 2 0 2025-04-02T17:15:48.420000 A broken access control vulnerability previously discovered in the Trend Vision
CVE-2025-31282 0.0 0.00% 2 0 2025-04-02T17:15:46.473000 A broken access control vulnerability previously discovered in the Trend Vision
CVE-2025-0014 7.3 0.00% 2 0 2025-04-02T17:15:41.183000 Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could
CVE-2025-31693 None 0.33% 1 0 2025-04-02T17:14:59 Improper Neutralization of Special Elements used in an OS Command ('OS Command I
CVE-2025-30090 7.2 0.00% 2 0 2025-04-02T15:31:44 mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn
CVE-2025-3034 8.1 0.02% 1 1 2025-04-02T15:16:00.490000 Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bug
CVE-2025-3048 6.5 0.04% 2 0 2025-04-02T14:36:58 ### Summary The [AWS Serverless Application Model Command Line Interface (AWS S
CVE-2025-3047 6.5 0.04% 2 0 2025-04-02T14:35:26 ### Summary The [AWS Serverless Application Model Command Line Interface (AWS S
CVE-2024-45699 None 0.05% 2 0 2025-04-02T09:30:43 The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scrip
CVE-2025-0415 None 0.19% 2 0 2025-04-02T09:30:43 A remote attacker with web administrator privileges can exploit the device’s web
CVE-2025-0676 None 0.34% 2 0 2025-04-02T09:30:43 This vulnerability involves command injection in tcpdump within Moxa products, e
CVE-2023-40714 10.0 0.05% 2 0 2025-04-02T09:30:43 A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.
CVE-2025-3030 8.1 0.05% 1 0 2025-04-02T07:15:42.400000 Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, a
CVE-2025-3028 6.5 0.05% 1 0 2025-04-02T07:15:42.047000 JavaScript code running while transforming a document with the XSLTProcessor cou
CVE-2024-36465 None 0.03% 2 0 2025-04-02T06:30:55 A low privilege (regular) Zabbix user with API access can use SQL injection vuln
CVE-2023-46988 None 0.18% 2 0 2025-04-02T00:31:46 Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and befo
CVE-2025-31137 7.5 0.04% 2 0 2025-04-01T22:23:35 ### Impact We received a report about a vulnerability in Remix/React Router tha
CVE-2025-3029 7.3 0.04% 1 0 2025-04-01T21:32:20 A crafted URL containing specific Unicode characters could have hidden the true
CVE-2025-3033 7.7 0.01% 1 0 2025-04-01T21:32:20 After selecting a malicious Windows `.url` shortcut from the local filesystem, a
CVE-2025-3031 6.5 0.03% 1 0 2025-04-01T21:32:20 An attacker could read 32 bits of values spilled onto the stack in a JIT compile
CVE-2025-3032 7.4 0.03% 1 0 2025-04-01T20:26:11.547000 Leaking of file descriptors from the fork server to web content processes could
CVE-2025-3035 0 0.02% 1 0 2025-04-01T20:26:11.547000 By first using the AI chatbot in one tab and later activating it in another tab,
CVE-2025-22231 7.8 0.01% 1 0 2025-04-01T18:30:49 VMware Aria Operations contains a local privilege escalation vulnerability. A ma
CVE-2024-56325 None 0.03% 1 0 2025-04-01T18:20:49 Authentication Bypass Issue If the path does not contain / and contain., authen
CVE-2025-30065 None 0.09% 1 0 2025-04-01T18:04:17 Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous
CVE-2025-29485 6.5 0.05% 1 0 2025-04-01T16:07:18.737000 libming v0.4.8 was discovered to contain a segmentation fault via the decompileR
CVE-2025-1660 7.8 0.01% 1 0 2025-04-01T15:31:39 A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can fo
CVE-2025-1659 7.8 0.01% 1 0 2025-04-01T15:31:39 A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can fo
CVE-2025-1658 7.8 0.01% 1 0 2025-04-01T15:31:36 A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can fo
CVE-2025-24259 9.8 0.04% 1 0 2025-04-01T06:31:46 This issue was addressed with additional entitlement checks. This issue is fixed
CVE-2025-0416 None 0.02% 1 0 2025-04-01T06:30:51 Local privilege escalation through insecure DCOM configuration in Valmet DNA ver
CVE-2025-0418 None 0.01% 1 0 2025-04-01T06:30:51 Valmet DNA user passwords in plain text. This practice poses a security risk as
CVE-2025-0417 None 0.01% 1 0 2025-04-01T06:30:50 Lack of protection against brute force attacks in Valmet DNA visualization in DN
CVE-2025-21384 8.3 0.11% 2 0 2025-04-01T03:31:38 An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vuln
CVE-2025-30456 None 0.02% 2 0 2025-04-01T00:30:49 A parsing issue in the handling of directory paths was addressed with improved p
CVE-2025-26683 8.1 0.08% 2 0 2025-04-01T00:30:36 Improper authorization in Azure Playwright allows an unauthorized attacker to el
CVE-2025-1449 None 0.04% 2 0 2025-03-31T18:31:14 A vulnerability exists in the Rockwell Automation Verve Asset Manager due to ins
CVE-2023-33302 4.7 0.06% 1 0 2025-03-31T15:30:55 A buffer copy without checking size of input ('classic buffer overflow') in Fort
CVE-2025-29266 9.7 0.09% 1 0 2025-03-31T15:30:54 Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and we
CVE-2025-31160 2.9 0.02% 5 0 2025-03-31T15:30:39 atop through 2.11.0 allows local users to cause a denial of service (e.g., asser
CVE-2025-2071 None 0.74% 1 0 2025-03-31T09:30:39 A critical OS Command Injection vulnerability has been identified in the FAST LT
CVE-2025-1268 9.4 0.04% 3 0 2025-03-31T03:30:32 Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printe
CVE-2025-2781 None 0.01% 1 0 2025-03-29T00:31:40 The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure
CVE-2025-29484 7.5 0.05% 1 0 2025-03-28T18:34:13 An out-of-memory error in the parseABC_NS_SET_INFO function of libming v0.4.8 al
CVE-2025-29491 6.5 0.04% 1 0 2025-03-28T18:33:11 An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of li
CVE-2025-29493 6.5 0.04% 1 0 2025-03-28T18:33:11 libming v0.4.8 was discovered to contain a segmentation fault via the decompileG
CVE-2025-29494 6.5 0.04% 1 0 2025-03-28T18:33:11 libming v0.4.8 was discovered to contain a segmentation fault via the decompileG
CVE-2025-29496 6.5 0.04% 1 0 2025-03-28T18:33:11 libming v0.4.8 was discovered to contain a segmentation fault via the decompileD
CVE-2025-2857 10.0 0.06% 5 1 2025-03-28T18:33:10 Following the sandbox escape in CVE-2025-2783, various Firefox developers identi
CVE-2025-29497 6.5 0.03% 1 0 2025-03-28T15:33:03 libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFIL
CVE-2025-29488 6.5 0.03% 1 0 2025-03-28T15:32:59 libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTI
CVE-2025-29492 6.5 0.03% 1 0 2025-03-28T15:32:59 libming v0.4.8 was discovered to contain a segmentation fault via the decompileS
CVE-2025-29487 7.5 0.05% 1 0 2025-03-28T15:32:59 An out-of-memory error in the parseABC_STRING_INFO function of libming v0.4.8 al
CVE-2025-29489 6.5 0.03% 1 0 2025-03-28T15:32:59 libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLIN
CVE-2025-29490 6.5 0.04% 1 0 2025-03-28T15:31:54 libming v0.4.8 was discovered to contain a segmentation fault via the decompileC
CVE-2025-29486 6.5 0.03% 1 0 2025-03-28T15:31:54 libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJ
CVE-2025-29927 9.1 84.70% 9 63 template 2025-03-28T15:15:49.470000 Next.js is a React framework for building full-stack web applications. Prior to
CVE-2025-24813 None 92.54% 11 20 template 2025-03-28T14:53:40 Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution an
CVE-2019-16149 5.5 0.46% 1 0 2025-03-28T12:31:35 An Improper Neutralization of Input During Web Page Generation in FortiClientEMS
CVE-2025-2894 6.6 0.04% 1 0 2025-03-28T03:30:31 The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Com
CVE-2025-24383 9.1 14.94% 1 0 2025-03-28T03:30:30 Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of S
CVE-2025-30232 8.2 0.03% 1 0 2025-03-28T03:30:24 A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-lin
CVE-2024-0149 3.3 0.02% 1 0 2025-03-27T21:32:22 NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow a
CVE-2025-29483 6.5 0.03% 1 0 2025-03-27T21:32:22 libming v0.4.8 was discovered to contain a memory leak via the parseSWF_ENABLEDE
CVE-2025-30067 None 0.08% 1 0 2025-03-27T18:18:41 Improper Control of Generation of Code ('Code Injection') vulnerability in Apach
CVE-2025-31179 6.2 0.02% 1 0 2025-03-27T15:31:23 A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation
CVE-2025-31180 6.2 0.02% 1 0 2025-03-27T15:31:23 A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentati
CVE-2025-31181 6.2 0.02% 1 0 2025-03-27T15:31:23 A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentat
CVE-2025-31176 6.2 0.02% 1 0 2025-03-27T15:31:22 A flaw was found in gnuplot. The plot3d_points() function may lead to a segmenta
CVE-2025-31178 6.2 0.02% 1 0 2025-03-27T15:31:22 A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segm
CVE-2017-12637 7.5 92.43% 1 0 template 2025-03-27T03:34:37 Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJava
CVE-2019-9875 8.8 22.41% 2 0 2025-03-27T01:00:02.343000 Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.
CVE-2025-2783 8.4 13.08% 16 1 2025-03-26T18:30:57 Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome
CVE-2025-2820 6.5 0.04% 1 0 2025-03-26T15:32:52 An authenticated attacker can compromise the availability of the device via the
CVE-2025-1542 None 0.04% 1 0 2025-03-26T12:30:40 Improper permission control vulnerability in the OXARI ServiceDesk application c
CVE-2024-47516 9.8 0.33% 1 0 2025-03-26T00:31:24 A vulnerability was found in Pagure. An argument injection in Git during retriev
CVE-2025-27636 None 16.44% 1 1 2025-03-25T18:38:11 Bypass/Injection vulnerability in Apache Camel components under particular condi
CVE-2025-22230 7.8 0.03% 6 0 2025-03-25T15:31:35 VMware Tools for Windows contains an authentication bypass vulnerability due to
CVE-2024-42533 9.8 0.33% 1 0 2025-03-25T15:31:35 SQL injection vulnerability in the authentication module in Convivance StandVoic
CVE-2025-1974 9.8 83.73% 9 16 template 2025-03-25T15:10:16 A security issue was discovered in Kubernetes where under certain conditions, an
CVE-2025-24513 4.8 0.06% 3 0 2025-03-25T15:10:09 A security issue was discovered in [ingress-nginx](https://github.com/kubernetes
CVE-2025-24514 8.8 0.22% 5 3 2025-03-25T15:10:03 A security issue was discovered in [ingress-nginx](https://github.com/kubernetes
CVE-2025-1097 8.8 0.16% 5 3 2025-03-25T15:07:13 A security issue was discovered in [ingress-nginx](https://github.com/kubernetes
CVE-2025-1098 8.8 0.22% 5 3 2025-03-25T15:06:45 A security issue was discovered in [ingress-nginx](https://github.com/kubernetes
CVE-2025-26512 10.0 0.04% 1 0 2025-03-25T00:30:26 SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerabili
CVE-2025-2748 6.5 0.75% 4 0 template 2025-03-24T21:30:39 The Kentico Xperience application does not fully validate or filter files upload
CVE-2025-27407 9.1 4.32% 1 0 2025-03-24T14:49:02 # Summary Loading a malicious schema definition in `GraphQL::Schema.from_intros
CVE-2024-6827 7.5 0.04% 1 0 2025-03-21T23:56:31 Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-En
CVE-2024-9956 7.8 0.03% 1 0 2025-03-20T22:15:14.233000 Inappropriate implementation in WebAuthentication in Google Chrome on Android pr
CVE-2025-23120 9.9 0.28% 1 0 2025-03-20T18:30:30 A vulnerability allowing remote code execution (RCE) for domain users.
CVE-2025-24201 7.1 0.18% 1 0 2025-03-20T15:30:32 An out-of-bounds write issue was addressed with improved checks to prevent unaut
CVE-2025-29891 4.2 0.02% 1 0 2025-03-19T15:44:53 Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel
CVE-2025-26633 7.0 1.29% 8 0 2025-03-11T18:32:20 Improper neutralization in Microsoft Management Console allows an unauthorized a
CVE-2025-27218 5.3 58.46% 1 0 template 2025-02-20T21:15:26.510000 Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002
CVE-2025-1302 9.8 14.28% 1 1 2025-02-18T19:25:35 Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Cod
CVE-2025-24200 7.5 18.54% 1 1 2025-02-11T15:33:28 An authorization issue was addressed with improved state management. This issue
CVE-2025-24791 4.4 0.01% 1 0 2025-01-29T18:42:28 ### Issue Snowflake discovered and remediated a vulnerability in the Snowflake N
CVE-2025-24085 7.8 2.43% 1 1 2025-01-29T15:32:36 A use after free issue was addressed with improved memory management. This issue
CVE-2025-0282 9.1 90.87% 1 10 2025-01-28T18:32:27 A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5,
CVE-2024-40711 9.8 56.19% 1 3 template 2024-12-20T18:31:30 A deserialization of untrusted data vulnerability with a malicious payload can a
CVE-2021-4034 7.8 87.29% 1 100 2024-11-04T18:32:23 A local privilege escalation vulnerability was found on polkit's pkexec utility.
CVE-2024-25108 9.9 0.29% 2 0 2024-10-11T21:35:12 ### Summary When processing requests authorization was improperly and insuffici
CVE-2024-8690 4.4 0.03% 1 0 2024-10-03T03:31:11 A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent
CVE-2024-20439 9.8 88.54% 3 0 template 2024-09-13T21:31:22 A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated,
CVE-2023-38408 9.8 45.31% 1 7 2024-04-19T05:07:56 The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently t
CVE-2024-3721 6.3 32.65% 1 0 2024-04-13T12:30:30 A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classi
CVE-2019-9874 9.8 33.80% 3 0 2024-04-04T00:50:10 Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CS
CVE-2024-0402 10.0 24.75% 2 1 2024-01-26T03:30:25 An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 pr
CVE-2014-0401 None 0.41% 1 0 2023-02-01T05:07:50 Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 a
CVE-2021-32471 None 5.43% 1 1 2023-01-29T05:06:13 Insufficient input validation in the Marvin Minsky 1967 implementation of the Un
CVE-2025-30215 0 0.00% 1 0 N/A
CVE-2025-31122 0 0.04% 1 0 N/A
CVE-2025-29495 0 0.00% 1 0 N/A
CVE-2025-30216 0 0.14% 1 1 N/A
CVE-2024-55963 0 0.03% 1 0 N/A

CVE-2025-2704
(0 None)

EPSS: 0.00%

updated 2025-04-03T02:15:20.240000

2 posts

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

cR0w at 2025-04-02T22:08:14.019Z ##

OpenVPN Server DoS could be a bummer if your configuration leaves you impacted.

community.openvpn.net/openvpn/

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-02T22:08:14.000Z ##

OpenVPN Server DoS could be a bummer if your configuration leaves you impacted.

community.openvpn.net/openvpn/

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-1860(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-04-03T00:32:35

1 posts

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

cR0w@infosec.exchange at 2025-03-28T02:56:07.000Z ##

Crypto vuln? In perl? That seems like something fedi is built to argue about.

metacpan.org/release/ZEFRAM/Da

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-57882
(5.5 MEDIUM)

EPSS: 0.02%

updated 2025-04-03T00:31:31

2 posts

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix TCP options overflow. Syzbot reported the following splat: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #

andersonc0d3 at 2025-04-01T18:40:06.861Z ##

Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol

seclists.org/oss-sec/2025/q2/0

##

andersonc0d3@infosec.exchange at 2025-04-01T18:40:06.000Z ##

Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol

seclists.org/oss-sec/2025/q2/0

##

CVE-2025-31479
(8.2 HIGH)

EPSS: 0.00%

updated 2025-04-02T22:36:04

2 posts

### Impact Users using the [`github-token` input](https://github.com/canonical/get-workflow-version-action/blob/a5d53b08d254a157ea441c9819ea5002ffc12edc/action.yaml#L10) are impacted. If the `get-workflow-version-action` step fails, the exception output may include the GITHUB_TOKEN. If the full token is included in the exception output, GitHub will automatically redact the secret from the GitHub

cR0w at 2025-04-02T22:04:30.049Z ##

This seems like a pretty small scope but people seem to like leaked tokens so here you go.

github.com/canonical/get-workf

sev:HIGH 8.2 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUB_TOKEN. If the full token is included in the exception output, GitHub will automatically redact the secret from the GitHub Actions logs. However, the token may be truncated—causing part of the GITHUB_TOKEN to be displayed in plaintext in the GitHub Actions logs. Anyone with read access to the GitHub repository can view GitHub Actions logs. For public repositories, anyone can view the GitHub Actions logs. The opportunity to exploit this vulnerability is limited—the GITHUB_TOKEN is automatically revoked when the job completes. However, there is an opportunity for an attack in the time between the GITHUB_TOKEN being displayed in the logs and the completion of the job. Users using the github-token input are impacted. This vulnerability is fixed in 1.0.1.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-02T22:04:30.000Z ##

This seems like a pretty small scope but people seem to like leaked tokens so here you go.

github.com/canonical/get-workf

sev:HIGH 8.2 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:H

canonical/get-workflow-version-action is a GitHub composite action to get commit SHA that GitHub Actions reusable workflow was called with. Prior to 1.0.1, if the get-workflow-version-action step fails, the exception output may include the GITHUB_TOKEN. If the full token is included in the exception output, GitHub will automatically redact the secret from the GitHub Actions logs. However, the token may be truncated—causing part of the GITHUB_TOKEN to be displayed in plaintext in the GitHub Actions logs. Anyone with read access to the GitHub repository can view GitHub Actions logs. For public repositories, anyone can view the GitHub Actions logs. The opportunity to exploit this vulnerability is limited—the GITHUB_TOKEN is automatically revoked when the job completes. However, there is an opportunity for an attack in the time between the GITHUB_TOKEN being displayed in the logs and the completion of the job. Users using the github-token input are impacted. This vulnerability is fixed in 1.0.1.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-31484
(0 None)

EPSS: 0.00%

updated 2025-04-02T22:15:20.720000

2 posts

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a package to the conda-forge channel, bypassing our feedstock-token + upload process. The security logs on ana

cR0w at 2025-04-02T22:11:53.283Z ##

I don't know the conda-forge project and it looks really small, but this is a good vuln to use as a reminder to dev teams doing token auth.

github.com/conda-forge/infrast

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure.
Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a package to the conda-forge channel, bypassing our feedstock-token + upload process. The security logs on anaconda.org were check for any packages that were not copied from the cf-staging to the conda-forge channel and none were found.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-02T22:11:53.000Z ##

I don't know the conda-forge project and it looks really small, but this is a good vuln to use as a reminder to dev teams doing token auth.

github.com/conda-forge/infrast

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure.
Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a package to the conda-forge channel, bypassing our feedstock-token + upload process. The security logs on anaconda.org were check for any packages that were not copied from the cf-staging to the conda-forge channel and none were found.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-31477
(0 None)

EPSS: 0.00%

updated 2025-04-02T22:15:20.420000

2 posts

The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener (e.g. xdg-open on Linux). This was meant to be restricted to a reasonable number of protocols like https or mailto by default. This defa

cR0w at 2025-04-02T22:06:49.781Z ##

I don't know the Tauri shell but shell plugins seem like a nice attack surface if you know your target is running them.

github.com/tauri-apps/plugins-

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener (e.g. xdg-open on Linux). This was meant to be restricted to a reasonable number of protocols like https or mailto by default. This default restriction was not functional due to improper validation of the allowed protocols, allowing for potentially dangerous protocols like file://, smb://, or nfs:// and others to be opened by the system registered protocol handler. By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. This vulnerability is fixed in 2.2.1.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-02T22:06:49.000Z ##

I don't know the Tauri shell but shell plugins seem like a nice attack surface if you know your target is running them.

github.com/tauri-apps/plugins-

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener (e.g. xdg-open on Linux). This was meant to be restricted to a reasonable number of protocols like https or mailto by default. This default restriction was not functional due to improper validation of the allowed protocols, allowing for potentially dangerous protocols like file://, smb://, or nfs:// and others to be opened by the system registered protocol handler. By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. This vulnerability is fixed in 2.2.1.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-30218
(0 None)

EPSS: 0.00%

updated 2025-04-02T22:15:19.940000

2 posts

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the

cR0w at 2025-04-02T22:14:41.917Z ##

Vercel found a sev:LOW in doing next dot js code review after CVE-2025-29927 and already published a CVE so that's nice to see.

github.com/vercel/next.js/secu

sev:LOW 1.7 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. This vulnerability is fixed in 12.3.6, 13.5.10, 14.2.26, and 15.2.4.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-02T22:14:41.000Z ##

Vercel found a sev:LOW in doing next dot js code review after CVE-2025-29927 and already published a CVE so that's nice to see.

github.com/vercel/next.js/secu

sev:LOW 1.7 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. This vulnerability is fixed in 12.3.6, 13.5.10, 14.2.26, and 15.2.4.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-2825
(9.8 CRITICAL)

EPSS: 15.48%

updated 2025-04-02T21:30:49

10 posts

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.

Nuclei template

1 repos

https://github.com/WOOOOONG/CVE-2025-2825

sambowne at 2025-04-02T21:50:53.098Z ##

CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog projectdiscovery.io/blog/crush

##

sambowne@infosec.exchange at 2025-04-02T21:50:53.000Z ##

CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog projectdiscovery.io/blog/crush

##

jos1264@social.skynetcloud.site at 2025-04-02T09:45:03.000Z ##

CrushFTP CVE-2025-2825 flaw actively exploited in the wild – Source: securityaffairs.com ciso2ciso.com/crushftp-cve-202 #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #CrushFTP #Security #hacking

##

jos1264@social.skynetcloud.site at 2025-04-01T16:25:02.000Z ##

Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825) helpnetsecurity.com/2025/04/01 #Shadowserver #Don'tmiss #VulnCheck #Hotstuff #CrushFTP #Rapid7 #News #CVE #PoC

##

_r_netsec@infosec.exchange at 2025-04-01T07:43:05.000Z ##

CrushFTP Authentication Bypass - CVE-2025-2825 — ProjectDiscovery Blog projectdiscovery.io/blog/crush

##

catc0n@infosec.exchange at 2025-03-31T21:13:57.000Z ##

Full technical analysis of CrushFTP CVE-2025-2825 here c/o @fuzz, and props to the Project Discovery folks who look to have come up with the same findings attackerkb.com/topics/k0EgiL9P

##

jos1264@social.skynetcloud.site at 2025-03-27T12:05:02.000Z ##

CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) helpnetsecurity.com/2025/03/27 #securityupdate #vulnerability #file-sharing #enterprise #Don'tmiss #Hotstuff #CrushFTP #News #SMBs

##

DarkWebInformer@infosec.exchange at 2025-03-26T18:05:33.000Z ##

🚨CVE-2025-2825: Unauthenticated HTTP(S) port access on CrushFTPv10/v11

CVSS: 9.8

darkwebinformer.com/cve-2025-2

##

cR0w@infosec.exchange at 2025-03-26T17:09:37.000Z ##

The CrushFTP CVE that @catc0n has been talking about is finally published.

crushftp.com/crush11wiki/Wiki.

sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.

nvd.nist.gov/vuln/detail/CVE-2

##

catc0n@infosec.exchange at 2025-03-26T16:00:02.000Z ##

Our pals over at VulnCheck very kindly assigned a CVE for the CrushFTP issue since CrushFTP appears reluctant to do the needful directly (thx @albinolobster!)

cve.org/cverecord?id=CVE-2025-

##

CVE-2025-31283(CVSS UNKNOWN)

EPSS: 0.00%

updated 2025-04-02T18:31:04

2 posts

A broken access control vulnerability previously discovered in the Trend Vision One User Roles component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability.

cR0w at 2025-04-02T18:07:15.388Z ##

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

success.trendmicro.com/en-US/s

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

##

cR0w@infosec.exchange at 2025-04-02T18:07:15.000Z ##

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

success.trendmicro.com/en-US/s

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

##

CVE-2024-36337
(7.9 HIGH)

EPSS: 0.00%

updated 2025-04-02T18:31:04

2 posts

Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of confidentiality, integrity or availability.

AAKL at 2025-04-02T17:43:58.076Z ##

New. The four vulnerabilities are CVE-2025-0014, CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336, all rated for high severity.

AMD Ryzen™ AI Software Vulnerabilities amd.com/en/resources/product-s

AMD main product security link: amd.com/en/resources/product-s

##

AAKL@infosec.exchange at 2025-04-02T17:43:58.000Z ##

New. The four vulnerabilities are CVE-2025-0014, CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336, all rated for high severity.

AMD Ryzen™ AI Software Vulnerabilities amd.com/en/resources/product-s #cybersecurity #Infosec #AMD #AI

AMD main product security link: amd.com/en/resources/product-s

##

CVE-2024-36336
(7.9 HIGH)

EPSS: 0.00%

updated 2025-04-02T18:30:59

2 posts

Integer overflow within the AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to a loss of confidentiality, integrity, or availability.

AAKL at 2025-04-02T17:43:58.076Z ##

New. The four vulnerabilities are CVE-2025-0014, CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336, all rated for high severity.

AMD Ryzen™ AI Software Vulnerabilities amd.com/en/resources/product-s

AMD main product security link: amd.com/en/resources/product-s

##

AAKL@infosec.exchange at 2025-04-02T17:43:58.000Z ##

New. The four vulnerabilities are CVE-2025-0014, CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336, all rated for high severity.

AMD Ryzen™ AI Software Vulnerabilities amd.com/en/resources/product-s #cybersecurity #Infosec #AMD #AI

AMD main product security link: amd.com/en/resources/product-s

##

CVE-2024-36328
(7.3 HIGH)

EPSS: 0.00%

updated 2025-04-02T18:30:59

2 posts

Integer overflow within AMD NPU Driver could allow a local attacker to write out of bounds, potentially leading to loss of integrity or availability.

AAKL at 2025-04-02T17:43:58.076Z ##

New. The four vulnerabilities are CVE-2025-0014, CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336, all rated for high severity.

AMD Ryzen™ AI Software Vulnerabilities amd.com/en/resources/product-s

AMD main product security link: amd.com/en/resources/product-s

##

AAKL@infosec.exchange at 2025-04-02T17:43:58.000Z ##

New. The four vulnerabilities are CVE-2025-0014, CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336, all rated for high severity.

AMD Ryzen™ AI Software Vulnerabilities amd.com/en/resources/product-s #cybersecurity #Infosec #AMD #AI

AMD main product security link: amd.com/en/resources/product-s

##

CVE-2025-31286
(0.0 NONE)

EPSS: 0.00%

updated 2025-04-02T17:15:49.290000

2 posts

An HTML injection vulnerability previously discovered in Trend Vision One could have allowed a malicious user to execute arbitrary code. Please note: this issue has already been addressed on the backend service and is no longer considered an active vulnerability.

cR0w at 2025-04-02T18:07:15.388Z ##

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

success.trendmicro.com/en-US/s

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

##

cR0w@infosec.exchange at 2025-04-02T18:07:15.000Z ##

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

success.trendmicro.com/en-US/s

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

##

CVE-2025-31285
(0.0 NONE)

EPSS: 0.00%

updated 2025-04-02T17:15:48.943000

2 posts

A broken access control vulnerability previously discovered in the Trend Vision One Role Name component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability.

cR0w at 2025-04-02T18:07:15.388Z ##

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

success.trendmicro.com/en-US/s

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

##

cR0w@infosec.exchange at 2025-04-02T18:07:15.000Z ##

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

success.trendmicro.com/en-US/s

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

##

CVE-2025-31284
(0.0 NONE)

EPSS: 0.00%

updated 2025-04-02T17:15:48.420000

2 posts

A broken access control vulnerability previously discovered in the Trend Vision One Status component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability.

cR0w at 2025-04-02T18:07:15.388Z ##

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

success.trendmicro.com/en-US/s

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

##

cR0w@infosec.exchange at 2025-04-02T18:07:15.000Z ##

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

success.trendmicro.com/en-US/s

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

##

CVE-2025-31282
(0.0 NONE)

EPSS: 0.00%

updated 2025-04-02T17:15:46.473000

2 posts

A broken access control vulnerability previously discovered in the Trend Vision One User Account component could have allowed an administrator to create users who could then change the role of the account and ultimately escalate privileges. Please note: ths issue has already been addressed on the backend service and is no longer considered an active vulnerability.

cR0w at 2025-04-02T18:07:15.388Z ##

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

success.trendmicro.com/en-US/s

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

##

cR0w@infosec.exchange at 2025-04-02T18:07:15.000Z ##

Trend Micro released an advisory for Trend Vision One. There are five CVEs for broken access control and one for HTML injection.

success.trendmicro.com/en-US/s

CVE-2025-31282, CVE-2025-31283, CVE-2025-31284, CVE-2025-31285: Broken Access Control Vulnerabilities

CVE-2025-31286: HTML Injection Vulnerability

##

CVE-2025-0014
(7.3 HIGH)

EPSS: 0.00%

updated 2025-04-02T17:15:41.183000

2 posts

Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.

AAKL at 2025-04-02T17:43:58.076Z ##

New. The four vulnerabilities are CVE-2025-0014, CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336, all rated for high severity.

AMD Ryzen™ AI Software Vulnerabilities amd.com/en/resources/product-s

AMD main product security link: amd.com/en/resources/product-s

##

AAKL@infosec.exchange at 2025-04-02T17:43:58.000Z ##

New. The four vulnerabilities are CVE-2025-0014, CVE-2024-36337, CVE-2024-36328, and CVE-2024-36336, all rated for high severity.

AMD Ryzen™ AI Software Vulnerabilities amd.com/en/resources/product-s #cybersecurity #Infosec #AMD #AI

AMD main product security link: amd.com/en/resources/product-s

##

CVE-2025-31693(CVSS UNKNOWN)

EPSS: 0.33%

updated 2025-04-02T17:14:59

1 posts

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection. This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

cR0w@infosec.exchange at 2025-03-31T22:27:31.000Z ##

Drupal published a bunch of CVEs for recent vulns of theirs, though they haven't been assessed for CVSS yet. I'm not going to list them all but there is one I want to point out.

drupal.org/security

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Drupal AI (Artificial Intelligence) allows OS Command Injection.This issue affects AI (Artificial Intelligence): from 0.0.0 before 1.0.5.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-30090
(7.2 HIGH)

EPSS: 0.00%

updated 2025-04-02T15:31:44

2 posts

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.

cR0w at 2025-04-02T14:23:08.213Z ##

It seems like it's been a while since I've seen a SquirrelMail vuln.

sev:HIGH 7.2 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

squirrelmail.org/security/issu

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-02T14:23:08.000Z ##

It seems like it's been a while since I've seen a SquirrelMail vuln.

sev:HIGH 7.2 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

squirrelmail.org/security/issu

mime.php in SquirrelMail through 1.4.23-svn-20250401 and 1.5.x through 1.5.2-svn-20250401 allows XSS via e-mail headers, because JavaScript payloads are mishandled after $encoded has been set to true.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-3034
(8.1 HIGH)

EPSS: 0.02%

updated 2025-04-02T15:16:00.490000

1 posts

Memory safety bugs present in Firefox 136 and Thunderbird 136. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137 and Thunderbird < 137.

1 repos

https://github.com/natasaka/CVE-2025-30349

cR0w@infosec.exchange at 2025-04-01T13:00:57.000Z ##

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

mozilla.org/en-US/security/adv

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

##

CVE-2025-3048
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-04-02T14:36:58

2 posts

### Summary The [AWS Serverless Application Model Command Line Interface (AWS SAM CLI)](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/using-sam-cli.html) is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker. After completing a build with AWS SAM CLI which include symlinks, the con

AAKL@infosec.exchange at 2025-04-01T16:14:16.000Z ##

Amazon, posted yesterday: Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048) has been resolved aws.amazon.com/security/securi #Amazon #cybersecurity #Inffosec

##

cR0w@infosec.exchange at 2025-03-31T16:40:46.000Z ##

Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048)

aws.amazon.com/security/securi

sev:MED 6.9 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-3047
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-04-02T14:35:26

2 posts

### Summary The [AWS Serverless Application Model Command Line Interface (AWS SAM CLI)](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/using-sam-cli.html) is an open-source CLI tool that helps Lambda developers to build and develop Lambda applications locally on their computers using Docker. When running the AWS SAM CLI build process with Docker and symlinks are i

AAKL@infosec.exchange at 2025-04-01T16:14:16.000Z ##

Amazon, posted yesterday: Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048) has been resolved aws.amazon.com/security/securi #Amazon #cybersecurity #Inffosec

##

cR0w@infosec.exchange at 2025-03-31T16:40:46.000Z ##

Issue with AWS SAM CLI (CVE-2025-3047, CVE-2025-3048)

aws.amazon.com/security/securi

sev:MED 6.9 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-45699(CVSS UNKNOWN)

EPSS: 0.05%

updated 2025-04-02T09:30:43

2 posts

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

cR0w at 2025-04-02T12:37:20.371Z ##

Zabbix published a few CVEs, including a couple sev:HIGH vulns.

support.zabbix.com/browse/ZBX-

sev:HIGH 8.6 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.

nvd.nist.gov/vuln/detail/CVE-2

support.zabbix.com/browse/ZBX-

sev:HIGH 7.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-02T12:37:20.000Z ##

Zabbix published a few CVEs, including a couple sev:HIGH vulns.

support.zabbix.com/browse/ZBX-

sev:HIGH 8.6 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.

nvd.nist.gov/vuln/detail/CVE-2

support.zabbix.com/browse/ZBX-

sev:HIGH 7.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-0415(CVSS UNKNOWN)

EPSS: 0.19%

updated 2025-04-02T09:30:43

2 posts

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.

cR0w at 2025-04-02T12:32:52.421Z ##

Ooh, vulns in Moxa kit released today.

moxa.com/en/support/product-su

sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.

nvd.nist.gov/vuln/detail/CVE-2

moxa.com/en/support/product-su

sev:HIGH 8.6 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-02T12:32:52.000Z ##

Ooh, vulns in Moxa kit released today.

moxa.com/en/support/product-su

sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.

nvd.nist.gov/vuln/detail/CVE-2

moxa.com/en/support/product-su

sev:HIGH 8.6 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-0676(CVSS UNKNOWN)

EPSS: 0.34%

updated 2025-04-02T09:30:43

2 posts

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network

cR0w at 2025-04-02T12:32:52.421Z ##

Ooh, vulns in Moxa kit released today.

moxa.com/en/support/product-su

sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.

nvd.nist.gov/vuln/detail/CVE-2

moxa.com/en/support/product-su

sev:HIGH 8.6 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-02T12:32:52.000Z ##

Ooh, vulns in Moxa kit released today.

moxa.com/en/support/product-su

sev:CRIT 9.2 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H

A remote attacker with web administrator privileges can exploit the device’s web interface to execute arbitrary system commands through the NTP settings. Successful exploitation may result in the device entering an infinite reboot loop, leading to a total or partial denial of connectivity for downstream systems that rely on its network services.

nvd.nist.gov/vuln/detail/CVE-2

moxa.com/en/support/product-su

sev:HIGH 8.6 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, allowing the attacker to gain root shell access and maintain persistent control over the device, potentially disrupting network services and affecting the availability of downstream systems that rely on its connectivity.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2023-40714
(10.0 CRITICAL)

EPSS: 0.05%

updated 2025-04-02T09:30:43

2 posts

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements

cR0w at 2025-04-02T12:30:19.945Z ##

Another new CVE for an old critical ../ by Fortinet.

fortiguard.com/psirt/FG-IR-23-

sev:CRIT 9.9 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-02T12:30:19.000Z ##

Another new CVE for an old critical ../ by Fortinet.

fortiguard.com/psirt/FG-IR-23-

sev:CRIT 9.9 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

A relative path traversal in Fortinet FortiSIEM versions 7.0.0, 6.7.0 through 6.7.2, 6.6.0 through 6.6.3, 6.5.1, 6.5.0 allows attacker to escalate privilege via uploading certain GUI elements

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-3030
(8.1 HIGH)

EPSS: 0.05%

updated 2025-04-02T07:15:42.400000

1 posts

Memory safety bugs present in Firefox 136, Thunderbird 136, Firefox ESR 128.8, and Thunderbird 128.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.

cR0w@infosec.exchange at 2025-04-01T13:00:57.000Z ##

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

mozilla.org/en-US/security/adv

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

##

CVE-2025-3028
(6.5 MEDIUM)

EPSS: 0.05%

updated 2025-04-02T07:15:42.047000

1 posts

JavaScript code running while transforming a document with the XSLTProcessor could lead to a use-after-free. This vulnerability affects Firefox < 137, Firefox ESR < 115.22, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird < 128.9.

cR0w@infosec.exchange at 2025-04-01T13:00:57.000Z ##

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

mozilla.org/en-US/security/adv

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

##

CVE-2024-36465(CVSS UNKNOWN)

EPSS: 0.03%

updated 2025-04-02T06:30:55

2 posts

A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.

cR0w at 2025-04-02T12:37:20.371Z ##

Zabbix published a few CVEs, including a couple sev:HIGH vulns.

support.zabbix.com/browse/ZBX-

sev:HIGH 8.6 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.

nvd.nist.gov/vuln/detail/CVE-2

support.zabbix.com/browse/ZBX-

sev:HIGH 7.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-02T12:37:20.000Z ##

Zabbix published a few CVEs, including a couple sev:HIGH vulns.

support.zabbix.com/browse/ZBX-

sev:HIGH 8.6 - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

A low privilege (regular) Zabbix user with API access can use SQL injection vulnerability in include/classes/api/CApiService.php to execute arbitrary SQL commands via the groupBy parameter.

nvd.nist.gov/vuln/detail/CVE-2

support.zabbix.com/browse/ZBX-

sev:HIGH 7.5 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

The endpoint /zabbix.php?action=export.valuemaps suffers from a Cross-Site Scripting vulnerability via the backurl parameter. This is caused by the reflection of user-supplied data without appropriate HTML escaping or output encoding. As a result, a JavaScript payload may be injected into the above endpoint causing it to be executed within the context of the victim's browser.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2023-46988(CVSS UNKNOWN)

EPSS: 0.18%

updated 2025-04-02T00:31:46

2 posts

Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.

cR0w at 2025-04-01T22:21:36.965Z ##

Researchers, you don't need to be this patient. Just publish that shit.

medium.com/@mihat2/onlyoffice-

Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.

  • October 10, 2023 – The moment I realized the flaw was real, I immediately reached out to ONLYOFFICE’s security team. To my surprise, they responded the same day! To ensure they had all the details, I sent them a thorough PDF report outlining the vulnerability, complete with technical analysis, proof-of-concept, and potential impact. I thought this was going to be a smooth disclosure process — how wrong I was.
  • October 11 — November 19, 2023 — I followed up. Again. And again. Silence. Maybe my emails were lost? Maybe they were ignoring me? Either way, weeks passed, and still — no response.
  • November 20, 2023 – We submitted the vulnerability to HackerOne, hoping to reach the ONLYOFFICE through another channel.
  • December 4, 2023 – With no response from HackerOne, we escalated the report to HackerOne Disclosure Assistance, but STILL received no response.
  • February 19, 2024 – ONLYOFFICE finally responded, stating that they were working on a fix.
  • February 26, 2024 – ONLYOFFICE released a fix for the vulnerability.
  • April 1, 2024 – ONLYOFFICE informed us that while the fix was available, some products would not receive the security patch until Summer 2024. They requested that we delay public disclosure until July 2024.
  • February 21, 2025 – HackerOne Disclosure Assistance responded, stating that they were reviewing the backlog and asked for an update on the current situation.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-01T22:21:36.000Z ##

Researchers, you don't need to be this patient. Just publish that shit.

medium.com/@mihat2/onlyoffice-

Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.

  • October 10, 2023 – The moment I realized the flaw was real, I immediately reached out to ONLYOFFICE’s security team. To my surprise, they responded the same day! To ensure they had all the details, I sent them a thorough PDF report outlining the vulnerability, complete with technical analysis, proof-of-concept, and potential impact. I thought this was going to be a smooth disclosure process — how wrong I was.
  • October 11 — November 19, 2023 — I followed up. Again. And again. Silence. Maybe my emails were lost? Maybe they were ignoring me? Either way, weeks passed, and still — no response.
  • November 20, 2023 – We submitted the vulnerability to HackerOne, hoping to reach the ONLYOFFICE through another channel.
  • December 4, 2023 – With no response from HackerOne, we escalated the report to HackerOne Disclosure Assistance, but STILL received no response.
  • February 19, 2024 – ONLYOFFICE finally responded, stating that they were working on a fix.
  • February 26, 2024 – ONLYOFFICE released a fix for the vulnerability.
  • April 1, 2024 – ONLYOFFICE informed us that while the fix was available, some products would not receive the security patch until Summer 2024. They requested that we delay public disclosure until July 2024.
  • February 21, 2025 – HackerOne Disclosure Assistance responded, stating that they were reviewing the backlog and asked for an update on the current situation.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-31137
(7.5 HIGH)

EPSS: 0.04%

updated 2025-04-01T22:23:35

2 posts

### Impact We received a report about a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming `Request` by putting a URL pathname in the port section of a URL that is part of a `Host` or `X-Forwarded-Host` header sent to a Remix/React Router request handl

cR0w at 2025-04-01T19:36:43.190Z ##

Simple and practical vulns like this are always nice to read about and learn from and replicate.

github.com/remix-run/react-rou

sev:HIGH 7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-01T19:36:43.000Z ##

Simple and practical vulns like this are always nice to read about and learn from and replicate.

github.com/remix-run/react-rou

sev:HIGH 7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-3029
(7.3 HIGH)

EPSS: 0.04%

updated 2025-04-01T21:32:20

1 posts

A crafted URL containing specific Unicode characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 137, Firefox ESR < 128.9, Thunderbird < 137, and Thunderbird ESR < 128.9.

cR0w@infosec.exchange at 2025-04-01T13:00:57.000Z ##

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

mozilla.org/en-US/security/adv

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

##

CVE-2025-3033
(7.7 HIGH)

EPSS: 0.01%

updated 2025-04-01T21:32:20

1 posts

After selecting a malicious Windows `.url` shortcut from the local filesystem, an unexpected file could be uploaded. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 137 and Thunderbird < 137.

cR0w@infosec.exchange at 2025-04-01T13:00:57.000Z ##

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

mozilla.org/en-US/security/adv

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

##

CVE-2025-3031
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-04-01T21:32:20

1 posts

An attacker could read 32 bits of values spilled onto the stack in a JIT compiled function. This vulnerability affects Firefox < 137 and Thunderbird < 137.

cR0w@infosec.exchange at 2025-04-01T13:00:57.000Z ##

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

mozilla.org/en-US/security/adv

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

##

CVE-2025-3032
(7.4 HIGH)

EPSS: 0.03%

updated 2025-04-01T20:26:11.547000

1 posts

Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137.

cR0w@infosec.exchange at 2025-04-01T13:00:57.000Z ##

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

mozilla.org/en-US/security/adv

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

##

CVE-2025-3035
(0 None)

EPSS: 0.02%

updated 2025-04-01T20:26:11.547000

1 posts

By first using the AI chatbot in one tab and later activating it in another tab, the document title of the previous tab would leak into the chat prompt. This vulnerability affects Firefox < 137.

cR0w@infosec.exchange at 2025-04-01T13:00:57.000Z ##

Patch your Mozilla things. They released an advisory for Firefox and Thunderbird with four sev:HIGH vulns.

mozilla.org/en-US/security/adv

CVE-2025-3028: Use-after-free triggered by XSLTProcessor

CVE-2025-3031: JIT optimization bug with different stack slot sizes

CVE-2025-3032: Leaking file descriptors from the fork server

CVE-2025-3029: URL bar spoofing via non-BMP Unicode characters

CVE-2025-3035: Tab title disclosure across pages when using AI chatbot

CVE-2025-3033: Opening local .url files could lead to another file being opened

CVE-2025-3030: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9

CVE-2025-3034: Memory safety bugs fixed in Firefox 137 and Thunderbird 137

##

CVE-2025-22231
(7.8 HIGH)

EPSS: 0.01%

updated 2025-04-01T18:30:49

1 posts

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.

cR0w@infosec.exchange at 2025-04-01T14:00:25.000Z ##

LPE in VMWare Aria Operations.

support.broadcom.com/web/ecx/s

sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-56325(CVSS UNKNOWN)

EPSS: 0.03%

updated 2025-04-01T18:20:49

1 posts

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9

cR0w@infosec.exchange at 2025-04-01T13:10:17.000Z ##

I don't know Apache Pinot but this seems like a good one to keep in your back pocket.

lists.apache.org/thread/ksf8qs

Authentication Bypass Issue

If the path does not contain / and contain., authentication is not required.

Expected Normal Request and Response Example

curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users

Return: {"code":401,"error":"HTTP 401 Unauthorized"}

Malicious Request and Response Example

curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; .

Return: {"users":{}}

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-30065(CVSS UNKNOWN)

EPSS: 0.09%

updated 2025-04-01T18:04:17

1 posts

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.

cR0w@infosec.exchange at 2025-04-01T13:11:57.000Z ##

And we have a perfect 10 in Apache Parquet, whatever that is. 🥳

sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code

Users are recommended to upgrade to version 1.15.1, which fixes the issue.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-29485
(6.5 MEDIUM)

EPSS: 0.05%

updated 2025-04-01T16:07:18.737000

1 posts

libming v0.4.8 was discovered to contain a segmentation fault via the decompileRETURN function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

CVE-2025-1660
(7.8 HIGH)

EPSS: 0.01%

updated 2025-04-01T15:31:39

1 posts

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

cR0w@infosec.exchange at 2025-04-01T13:05:57.000Z ##

Three new CVEs in Autodesk Navisworks this morning. All three are sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

autodesk.com/trust/security-ad

CVE-2025-1658: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1659: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1660: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

##

CVE-2025-1659
(7.8 HIGH)

EPSS: 0.01%

updated 2025-04-01T15:31:39

1 posts

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

cR0w@infosec.exchange at 2025-04-01T13:05:57.000Z ##

Three new CVEs in Autodesk Navisworks this morning. All three are sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

autodesk.com/trust/security-ad

CVE-2025-1658: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1659: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1660: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

##

CVE-2025-1658
(7.8 HIGH)

EPSS: 0.01%

updated 2025-04-01T15:31:36

1 posts

A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

cR0w@infosec.exchange at 2025-04-01T13:05:57.000Z ##

Three new CVEs in Autodesk Navisworks this morning. All three are sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

autodesk.com/trust/security-ad

CVE-2025-1658: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1659: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-1660: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

##

CVE-2025-24259
(9.8 CRITICAL)

EPSS: 0.04%

updated 2025-04-01T06:31:46

1 posts

This issue was addressed with additional entitlement checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to retrieve Safari bookmarks without an entitlement check.

CVE-2025-0416(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-04-01T06:30:51

1 posts

Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escala

cR0w@infosec.exchange at 2025-04-01T13:22:41.000Z ##

NCSC Finland published some vulns in Valmet DNA, which is a DCS system. Those are always fun to attack and / or defend.

valmet.com/about-us/about/rese

sev:HIGH 8.9 - CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber

Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.

nvd.nist.gov/vuln/detail/CVE-2

valmet.com/about-us/about/rese

sev:HIGH 7.0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green

Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.

nvd.nist.gov/vuln/detail/CVE-2

valmet.com/about-us/about/rese

sev:MED 5.4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green

Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-0418(CVSS UNKNOWN)

EPSS: 0.01%

updated 2025-04-01T06:30:51

1 posts

Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.

cR0w@infosec.exchange at 2025-04-01T13:22:41.000Z ##

NCSC Finland published some vulns in Valmet DNA, which is a DCS system. Those are always fun to attack and / or defend.

valmet.com/about-us/about/rese

sev:HIGH 8.9 - CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber

Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.

nvd.nist.gov/vuln/detail/CVE-2

valmet.com/about-us/about/rese

sev:HIGH 7.0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green

Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.

nvd.nist.gov/vuln/detail/CVE-2

valmet.com/about-us/about/rese

sev:MED 5.4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green

Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-0417(CVSS UNKNOWN)

EPSS: 0.01%

updated 2025-04-01T06:30:50

1 posts

Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.

cR0w@infosec.exchange at 2025-04-01T13:22:41.000Z ##

NCSC Finland published some vulns in Valmet DNA, which is a DCS system. Those are always fun to attack and / or defend.

valmet.com/about-us/about/rese

sev:HIGH 8.9 - CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/S:N/AU:Y/R:U/V:D/RE:H/U:Amber

Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.

nvd.nist.gov/vuln/detail/CVE-2

valmet.com/about-us/about/rese

sev:HIGH 7.0 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:D/RE:L/U:Green

Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.

nvd.nist.gov/vuln/detail/CVE-2

valmet.com/about-us/about/rese

sev:MED 5.4 - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/AU:N/R:A/V:D/RE:L/U:Green

Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-21384
(8.3 HIGH)

EPSS: 0.11%

updated 2025-04-01T03:31:38

2 posts

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

AAKL@infosec.exchange at 2025-04-01T16:17:24.000Z ##

Microsoft:

Critical: Azure Health Bot Elevation of Privilege Vulnerability - CVE-2025-21384 msrc.microsoft.com/update-guid

Critical: Azure Playwright Elevation of Privilege Vulnerability - CVE-2025-26683 msrc.microsoft.com/update-guid @microsoftsec #cybersecurity #infosec #Azure

##

cR0w@infosec.exchange at 2025-04-01T13:18:03.000Z ##

Another Microsoft cloud service vuln got patched. They claim no exploitation and it wasn't publicly known so you should be okay but that trust thing is hard.

msrc.microsoft.com/update-guid

sev:HIGH 8.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-30456(CVSS UNKNOWN)

EPSS: 0.02%

updated 2025-04-01T00:30:49

2 posts

A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Ventura 13.7.5, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to gain root privileges.

cR0w@infosec.exchange at 2025-03-31T23:15:51.000Z ##

The CVE is published for this one. No CVSS yet though: nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-03-31T18:15:44.000Z ##

support.apple.com/en-us/122371

DiskArbitration

Available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

Impact: An app may be able to gain root privileges

Description: A parsing issue in the handling of directory paths was addressed with improved path validation.

CVE-2025-30456: Gergely Kalman (@gergely_kalman)

nvd.nist.gov/vuln/detail/CVE-2

#lazy #directoryTraversalMemes

##

CVE-2025-26683
(8.1 HIGH)

EPSS: 0.08%

updated 2025-04-01T00:30:36

2 posts

Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.

AAKL@infosec.exchange at 2025-04-01T16:17:24.000Z ##

Microsoft:

Critical: Azure Health Bot Elevation of Privilege Vulnerability - CVE-2025-21384 msrc.microsoft.com/update-guid

Critical: Azure Playwright Elevation of Privilege Vulnerability - CVE-2025-26683 msrc.microsoft.com/update-guid @microsoftsec #cybersecurity #infosec #Azure

##

cR0w@infosec.exchange at 2025-03-31T22:25:15.000Z ##

Microsoft Azure Playwright EoP vuln.

msrc.microsoft.com/update-guid

Improper authorization in Azure Playwright allows an unauthorized attacker to elevate privileges over a network.

Microsoft says that it is not publicly disclosed and not EITW so if it's really fixed, you should be good to go. But I would still take a look in your logs to see what you don't see.

##

CVE-2025-1449(CVSS UNKNOWN)

EPSS: 0.04%

updated 2025-03-31T18:31:14

2 posts

A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allow a threat actor with administrative access to run arbi

jos1264@social.skynetcloud.site at 2025-04-02T15:25:03.000Z ##

CVE-2025-1449: Rockwell Automation Verve Asset Manager Vulnerability Enables Adversaries to Gain Access to Run Arbitrary Commands – Source: socprime.com ciso2ciso.com/cve-2025-1449-ro #rssfeedpostgeneratorecho #CyberSecurityNews #CVE-2025-1449 #Latestthreats #Vulnerability #socprimecom #socprime #Blog #CVE #rce

##

cR0w@infosec.exchange at 2025-03-31T16:44:24.000Z ##

I for one like seeing command exec in Rockwell Automation products.

rockwellautomation.com/en-us/t

sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

A vulnerability exists in the Rockwell Automation Verve Asset Manager due to insufficient variable sanitizing. A portion of the administrative web interface for Verve's Legacy Agentless Device Inventory (ADI) capability (deprecated since the 1.36 release) allows users to change a variable with inadequate sanitizing. If exploited, it could allow a threat actor with administrative access to run arbitrary commands in the context of the container running the service.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2023-33302
(4.7 MEDIUM)

EPSS: 0.06%

updated 2025-03-31T15:30:55

1 posts

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via speci

cR0w@infosec.exchange at 2025-03-31T15:16:38.000Z ##

Another old Fortinet advisory finally getting a CVE published. The advisory is from 2021, the CVE year is 2023, and here we are in 2025.

fortiguard.fortinet.com/psirt/

sev:MED 4.5 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C

A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiMail webmail and administrative interface version 6.4.0 through 6.4.4 and before 6.2.6 and FortiNDR administrative interface version 7.2.0 and before 7.1.0 allows an authenticated attacker with regular webmail access to trigger a buffer overflow and to possibly execute unauthorized code or commands via specifically crafted HTTP requests.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-29266
(9.7 CRITICAL)

EPSS: 0.09%

updated 2025-03-31T15:30:54

1 posts

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.

cR0w@infosec.exchange at 2025-03-31T14:30:06.000Z ##

Unraid with Tailscale is pretty popular so maybe go check your targets and / or assets.

docs.unraid.net/unraid-os/rele

edac.dev/security/CVE-2025-292

sev:CRIT 9.6 - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Unraid 7.0.0 before 7.0.1 allows remote users to access the Unraid WebGUI and web console as root without authentication if a container is running in Host networking mode with Use Tailscale enabled.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-31160
(2.9 LOW)

EPSS: 0.02%

updated 2025-03-31T15:30:39

5 posts

atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.

hn50@social.lansky.name at 2025-03-29T23:30:07.000Z ##

CVE-2025-31160 Atop 2.11 heap problems

Link: openwall.com/lists/oss-securit
Discussion: news.ycombinator.com/item?id=4

##

newsycombinator@framapiaf.org at 2025-03-29T22:00:31.000Z ##

CVE-2025-31160 Atop 2.11 heap problems
Link: openwall.com/lists/oss-securit
Comments: news.ycombinator.com/item?id=4

##

ycombinator@rss-mstdn.studiofreesia.com at 2025-03-29T21:46:53.000Z ##

CVE-2025-31160 Atop 2.11 heap problems
openwall.com/lists/oss-securit
#ycombinator

##

h4ckernews@mastodon.social at 2025-03-29T21:40:07.000Z ##

CVE-2025-31160 Atop 2.11 heap problems

openwall.com/lists/oss-securit

#HackerNews #CVE-2025-31160 #heap #vulnerabilities #security #issues #OpenWall #OSS #security

##

jschauma@mstdn.social at 2025-03-29T18:09:17.000Z ##

Details about CVE-2025-31160 (memory corruption in #atop) are now available here: github.com/Atoptool/atop/issue

In a nutshell: atop at startup connects to local (non-privileged) TCP port 59123 where it expects certain data; if a regular user listens on that port, it can feed data to the next invocation of atop that can corrupt it.

The fix (github.com/Atoptool/atop/commi) is primarily "don't do that" with some attempt at better parsing of the untrusted data (by adding return code checking of `sscanf`).

##

CVE-2025-2071(CVSS UNKNOWN)

EPSS: 0.74%

updated 2025-03-31T09:30:39

1 posts

A critical OS Command Injection vulnerability has been identified in the FAST LTA Silent Brick WebUI, allowing remote attackers to execute arbitrary operating system commands via specially crafted input. This vulnerability arises due to improper handling of untrusted input, which is passed directly to system-level commands without adequate sanitization or validation. Successful exploitation could

CVE-2025-1268
(9.4 CRITICAL)

EPSS: 0.04%

updated 2025-03-31T03:30:32

3 posts

Out-of-bounds vulnerability in EMF Recode processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver

Hackread@mstdn.social at 2025-04-02T14:24:44.000Z ##

🚨 Critical vulnerability (CVE-2025-1268) found in Canon printer drivers allow remote code execution with no user interaction - Update your drivers ASAP.

Read: hackread.com/canon-printer-dri

#CyberSecurity #Canon #Printer #Vulnerability

##

Hackread@mstdn.social at 2025-04-02T14:24:44.000Z ##

🚨 Critical vulnerability (CVE-2025-1268) found in Canon printer drivers allow remote code execution with no user interaction - Update your drivers ASAP.

Read: hackread.com/canon-printer-dri

#CyberSecurity #Canon #Printer #Vulnerability

##

jos1264@social.skynetcloud.site at 2025-04-01T08:50:02.000Z ##

Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security thecyberexpress.com/canon-prin #outofboundsvulnerability #TheCyberExpressNews #Canonvulnerability #Vulnerabilities #TheCyberExpress #FirewallDaily #Canonprinter #CVE20251268 #GenericPlus #CyberNews

##

CVE-2025-2781(CVSS UNKNOWN)

EPSS: 0.01%

updated 2025-03-29T00:31:40

1 posts

The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.

cR0w@infosec.exchange at 2025-03-29T00:59:32.000Z ##

Here's another easy-mode PrivEsc like @wdormann was talking about the other day with his Nessus Agent CVE.

watchguard.com/wgrd-psirt/advi

sev:MED 6.3 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H

The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-29484
(7.5 HIGH)

EPSS: 0.05%

updated 2025-03-28T18:34:13

1 posts

An out-of-memory error in the parseABC_NS_SET_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion.

CVE-2025-29491
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-03-28T18:33:11

1 posts

An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of libming v0.48 allows attackers to cause a Denial of Service (DoS) via supplying a crafted SWF file.

CVE-2025-29493
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-03-28T18:33:11

1 posts

libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETPROPERTY function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

CVE-2025-29494
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-03-28T18:33:11

1 posts

libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETMEMBER function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

CVE-2025-29496
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-03-28T18:33:11

1 posts

libming v0.4.8 was discovered to contain a segmentation fault via the decompileDUPLICATECLIP function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

CVE-2025-2857
(10.0 CRITICAL)

EPSS: 0.06%

updated 2025-03-28T18:33:10

5 posts

Following the sandbox escape in CVE-2025-2783, various Firefox developers identified a similar pattern in our IPC code. Attackers were able to confuse the parent process into leaking handles to unprivileged child processes leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This v

1 repos

https://github.com/RimaRuer/CVE-2025-2857-Exploit

therecord_media@mastodon.social at 2025-03-28T13:07:06.000Z ##

Firefox developers reported CVE-2025-2857, a sandbox vulnerability similar to a zero-day reported this week in Google Chrome.

therecord.media/firefox-sandbo

##

zeljkazorz@infosec.exchange at 2025-03-28T12:21:30.000Z ##

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)

helpnetsecurity.com/2025/03/28

#Firefox #Tor

##

jos1264@social.skynetcloud.site at 2025-03-28T11:55:03.000Z ##

Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) helpnetsecurity.com/2025/03/28 #securityupdate #vulnerability #Don'tmiss #Kaspersky #Hotstuff #Firefox #Chrome #Opera #News #Tor

##

0x40k@infosec.exchange at 2025-03-28T09:37:47.000Z ##

Whoa, talk about déjà vu! Seems like Firefox is playing catch-up right after Chrome dropped a fix for a sandbox escape. 🤯 Keep an eye out for CVE-2025-2857.

So, what's the deal? In short, this nasty bug could let an attacker break right out of the browser's protective sandbox. And *that* means they could potentially gain full access to your system. Yeah, pretty scary stuff. 😱

If you're running Firefox on Windows, heads up! This affects versions 136.0.4, ESR 115.21.1, and ESR 128.8.1. This whole situation feels familiar because Chrome *just* patched CVE-2025-2783, a similar issue that attackers were already actively exploiting out in the wild!

Make no mistake, sandbox escapes are a huge deal. As a pentester, I can tell you: vulnerabilities like this get weaponized *fast*. Don't wait around.

Seriously, update your Firefox ASAP! Trust me, you don't want to deal with the fallout if someone exploits this. It could get costly, fast.

Ever seen a browser exploit do its thing live? Wild, right? Drop your stories below!

#infosec #pentesting #firefox #cybersecurity #updateNOW

##

catsalad@infosec.exchange at 2025-03-28T02:16:58.000Z ##

Firefox 0-day security vulnerability (CVE-2025-2857) patched

Mozilla patches a sandbox escape vulnerability that is already being exploited (in Chrome)

:firefox:⁠mozilla.org/en-US/security/adv

Announced: 2025-03-27
Impact: ⚠️ critical
Products: Firefox, Firefox ESR (Firefox on Windows only)
Fixed in:
• Firefox 136.0.4 :windows:
• Firefox ESR 115.21.1 :windows:
• Firefox ESR 128.8.1 :windows:

#Firefox #InfoSec #CVE #CVE_2025_2857

##

CVE-2025-29497
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-03-28T15:33:03

1 posts

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function.

CVE-2025-29488
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-03-28T15:32:59

1 posts

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function.

CVE-2025-29492
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-03-28T15:32:59

1 posts

libming v0.4.8 was discovered to contain a segmentation fault via the decompileSETVARIABLE function.

CVE-2025-29487
(7.5 HIGH)

EPSS: 0.05%

updated 2025-03-28T15:32:59

1 posts

An out-of-memory error in the parseABC_STRING_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion.

CVE-2025-29489
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-03-28T15:32:59

1 posts

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function.

CVE-2025-29490
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-03-28T15:31:54

1 posts

libming v0.4.8 was discovered to contain a segmentation fault via the decompileCALLMETHOD function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.

CVE-2025-29486
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-03-28T15:31:54

1 posts

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function.

CVE-2025-29927
(9.1 CRITICAL)

EPSS: 84.70%

updated 2025-03-28T15:15:49.470000

9 posts

Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.j

Nuclei template

63 repos

https://github.com/m2hcz/m2hcz-Next.js-security-flaw-CVE-2025-29927---PoC-exploit

https://github.com/c0dejump/CVE-2025-29927-check

https://github.com/t3tra-dev/cve-2025-29927-demo

https://github.com/RoyCampos/CVE-2025-29927

https://github.com/alihussainzada/CVE-2025-29927-PoC

https://github.com/furmak331/CVE-2025-29927

https://github.com/ticofookfook/poc-nextjs-CVE-2025-29927

https://github.com/KaztoRay/CVE-2025-29927-Research

https://github.com/Oyst3r1ng/CVE-2025-29927

https://github.com/MuhammadWaseem29/CVE-2025-29927-POC

https://github.com/nicknisi/next-attack

https://github.com/Neoxs/nextjs-middleware-vuln-poc

https://github.com/AnonKryptiQuz/NextSploit

https://github.com/websecnl/CVE-2025-29927-PoC-Exploit

https://github.com/0xWhoknows/CVE-2025-29927

https://github.com/Gokul-Krishnan-V-R/cve-2025-29927

https://github.com/nocomp/CVE-2025-29927-scanner

https://github.com/aydinnyunus/CVE-2025-29927

https://github.com/0xPb1/Next.js-CVE-2025-29927

https://github.com/yugo-eliatrope/test-cve-2025-29927

https://github.com/aleongx/CVE-2025-29927

https://github.com/aleongx/CVE-2025-29927_Scanner

https://github.com/lem0n817/CVE-2025-29927

https://github.com/0xcucumbersalad/cve-2025-29927

https://github.com/Heimd411/CVE-2025-29927-PoC

https://github.com/ThemeHackers/CVE-2025-29972

https://github.com/fourcube/nextjs-middleware-bypass-demo

https://github.com/Eve-SatOrU/POC-CVE-2025-29927

https://github.com/Ademking/CVE-2025-29927

https://github.com/BilalGns/CVE-2025-29927

https://github.com/Slvignesh05/CVE-2025-29927

https://github.com/serhalp/test-cve-2025-29927

https://github.com/elshaheedy/CVE-2025-29927-Sigma-Rule

https://github.com/lirantal/vulnerable-nextjs-14-CVE-2025-29927

https://github.com/arvion-agent/next-CVE-2025-29927

https://github.com/Naveen-005/Next.Js-middleware-bypass-vulnerability-CVE-2025-29927

https://github.com/0xPThree/next.js_cve-2025-29927

https://github.com/azu/nextjs-cve-2025-29927-poc

https://github.com/lediusa/CVE-2025-29927

https://github.com/Jull3Hax0r/next.js-exploit

https://github.com/alastair66/CVE-2025-29927

https://github.com/yuzu-juice/CVE-2025-29927_demo

https://github.com/TheresAFewConors/CVE-2025-29927-Testing

https://github.com/w2hcorp/CVE-2025-29927-PoC

https://github.com/iSee857/CVE-2025-29927

https://github.com/takumade/ghost-route

https://github.com/strobes-security/nextjs-vulnerable-app

https://github.com/ferpalma21/Automated-Next.js-Security-Scanner-for-CVE-2025-29927

https://github.com/0x0Luk/0xMiddleware

https://github.com/maronnjapan/claude-create-CVE-2025-29927

https://github.com/dante01yoon/CVE-2025-29927

https://github.com/Kamal-418/Vulnerable-Lab-NextJS-CVE-2025-29927

https://github.com/nyctophile0969/CVE-2025-29927

https://github.com/kOaDT/poc-cve-2025-29927

https://github.com/ricsirigu/CVE-2025-29927

https://github.com/jeymo092/cve-2025-29927

https://github.com/Nekicj/CVE-2025-29927-exploit

https://github.com/kuzushiki/CVE-2025-29927-test

https://github.com/ayato-shitomi/WebLab_CVE-2025-29927

https://github.com/narasimhauppala/nextjs-middleware-bypass

https://github.com/jmbowes/NextSecureScan

https://github.com/tobiasGuta/CVE-2025-29927-POC

https://github.com/6mile/nextjs-CVE-2025-29927

cR0w at 2025-04-02T22:14:41.917Z ##

Vercel found a sev:LOW in doing next dot js code review after CVE-2025-29927 and already published a CVE so that's nice to see.

github.com/vercel/next.js/secu

sev:LOW 1.7 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. This vulnerability is fixed in 12.3.6, 13.5.10, 14.2.26, and 15.2.4.

nvd.nist.gov/vuln/detail/CVE-2

##

cR0w@infosec.exchange at 2025-04-02T22:14:41.000Z ##

Vercel found a sev:LOW in doing next dot js code review after CVE-2025-29927 and already published a CVE so that's nice to see.

github.com/vercel/next.js/secu

sev:LOW 1.7 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U

Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. This vulnerability is fixed in 12.3.6, 13.5.10, 14.2.26, and 15.2.4.

nvd.nist.gov/vuln/detail/CVE-2

##

x51@social.lol at 2025-03-28T18:20:58.000Z ##

Way to go with CVE-2025-29927 Vercel...

##

_r_netsec@infosec.exchange at 2025-03-28T08:58:06.000Z ##

Detect NetxJS CVE-2025-29927 efficiently and at scale patrowl.io/en/actualites/cve-2

##

AAKL@infosec.exchange at 2025-03-27T16:43:47.000Z ##

Zscaler: CVE-2025-29927: Next.js Middleware Authorization Bypass Flaw zscaler.com/blogs/security-res @threatlabz #cybersecurity #infosec

##

decio@infosec.exchange at 2025-03-27T07:52:30.000Z ##

[Reproduce Steps]
Add Header

x-middleware-subrequest: middleware:middleware:middleware:middleware:middleware

to the request
⬇️
"Next.js POC for CVE-2025-29927"
👇
github.com/azu/nextjs-cve-2025

##

cR0w@infosec.exchange at 2025-03-26T17:13:29.000Z ##

@da_667 Yes please. Rapid7 did publish this though: rapid7.com/blog/post/2025/03/2

It's not much, but it's better than the vendor.

##

valorin@phpc.social at 2025-03-26T00:09:54.000Z ##

I don't normally post JS stuff, but CVE-2025-29927 is a whole lot of fun!

"it was possible to skip running Middleware, which could allow requests to skip critical checks—such as authorization cookie validation—before reaching routes." 😱

nextjs.org/blog/cve-2025-29927

Get your Next.js updated!

##

catc0n@infosec.exchange at 2025-03-25T15:30:42.000Z ##

I probably sound like a broken record at this point, but we're not sold yet on the world-ending nature of Next.js CVE-2025-29927.

The fact that the bug isn't known to have been successfully exploited in the wild despite the huge amount of media and industry attention it’s received sure feels like a reasonable early indicator that it's unlikely to be broadly exploitable (classic framework vuln), and may not have any easily identifiable remote attack vectors at all.

rapid7.com/blog/post/2025/03/2

##

CVE-2025-24813(CVSS UNKNOWN)

EPSS: 92.54%

updated 2025-03-28T14:53:40

11 posts

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able t

Nuclei template

20 repos

https://github.com/ps-interactive/lab-cve-2025-24813

https://github.com/charis3306/CVE-2025-24813

https://github.com/issamjr/CVE-2025-24813-Scanner

https://github.com/B1gN0Se/Tomcat-CVE-2025-24813

https://github.com/tonyarris/CVE-2025-24813-PoC

https://github.com/absholi7ly/POC-CVE-2025-24813

https://github.com/n0n-zer0/Spring-Boot-Tomcat-CVE-2025-24813

https://github.com/msadeghkarimi/CVE-2025-24813-Exploit

https://github.com/N0c1or/CVE-2025-24813_POC

https://github.com/FY036/cve-2025-24813_poc

https://github.com/manjula-aw/CVE-2025-24813

https://github.com/Alaatk/CVE-2025-24813-POC

https://github.com/imbas007/CVE-2025-24813-apache-tomcat

https://github.com/u238/Tomcat-CVE_2025_24813

https://github.com/MuhammadWaseem29/CVE-2025-24813

https://github.com/michael-david-fry/Apache-Tomcat-Vulnerability-POC-CVE-2025-24813

https://github.com/beyond-devsecops/CVE-2025-24813

https://github.com/AlperenY-cs/CVE-2025-24813

https://github.com/iSee857/CVE-2025-24813-PoC

https://github.com/gregk4sec/CVE-2025-24813

cR0w at 2025-04-02T12:51:53.532Z ##

Aqua published a blog post on the TTPs ( including IOCs and samples ) used by an apparently CN-adjacent TA attacking Tomcat servers. The post doesn't specifically say that the vulnerability exploited is CVE-2025-24813 but in their mitigations section they say:

"Ensure that all vulnerabilities are patched. Particularly internet facing applications such as Tomcat servers. Vulnerabilities such as CVE-2025-24813 that are new, critical and actively exploited should be prioritized."

aquasec.com/blog/new-campaign-

##

cisakevtracker@mastodon.social at 2025-04-01T19:00:57.000Z ##

CVE ID: CVE-2025-24813
Vendor: Apache
Product: Tomcat
Date Added: 2025-04-01
Vulnerability: Apache Tomcat Path Equivalence Vulnerability
Notes: lists.apache.org/thread/j5fkjv ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL at 2025-04-01T18:54:39.291Z ##

CISA has updated the KEV catalogue:

CVE-2025-24813: Apache Tomcat Path Equivalence Vulnerability cisa.gov/known-exploited-vulne

Also:

Two Industrial Control Systems Advisories cisa.gov/news-events/alerts/20

##

cR0w at 2025-04-01T18:50:02.055Z ##

Looks like CISA is now satisfied and has added CVE-2025-24813 (Apache Tomcat Path Equivalence Vulnerability ) to the KEV Catalog.

##

cR0w@infosec.exchange at 2025-04-02T12:51:53.000Z ##

Aqua published a blog post on the TTPs ( including IOCs and samples ) used by an apparently CN-adjacent TA attacking Tomcat servers. The post doesn't specifically say that the vulnerability exploited is CVE-2025-24813 but in their mitigations section they say:

"Ensure that all vulnerabilities are patched. Particularly internet facing applications such as Tomcat servers. Vulnerabilities such as CVE-2025-24813 that are new, critical and actively exploited should be prioritized."

aquasec.com/blog/new-campaign-

##

cisakevtracker@mastodon.social at 2025-04-01T19:00:57.000Z ##

CVE ID: CVE-2025-24813
Vendor: Apache
Product: Tomcat
Date Added: 2025-04-01
Vulnerability: Apache Tomcat Path Equivalence Vulnerability
Notes: lists.apache.org/thread/j5fkjv ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2025-04-01T18:54:39.000Z ##

CISA has updated the KEV catalogue:

CVE-2025-24813: Apache Tomcat Path Equivalence Vulnerability cisa.gov/known-exploited-vulne #CISA #cybersecurity #infosec #Apache

Also:

Two Industrial Control Systems Advisories cisa.gov/news-events/alerts/20

##

cR0w@infosec.exchange at 2025-04-01T18:50:02.000Z ##

Looks like CISA is now satisfied and has added CVE-2025-24813 (Apache Tomcat Path Equivalence Vulnerability ) to the KEV Catalog.

##

jos1264@social.skynetcloud.site at 2025-03-30T16:50:02.000Z ##

Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers cybersecuritynews.com/apache-t #CyberSecurityNews #VulnerabilityNews #cybersecuritynews #CyberSecurity #cybersecurity #vulnerability

##

AAKL@infosec.exchange at 2025-03-29T15:38:14.000Z ##

Fortinet added CVE-2025-24813, Apache Tomcat RCE (high) to its outbreak alerts yesterday: fortinet.com/fortiguard/labs @fortinet #cybersecurity #infosec #Apache

Details: fortiguard.fortinet.com/outbre

##

nopatience@swecyb.com at 2025-03-28T14:36:24.000Z ##

(recordedfuture.com) Apache Tomcat: Critical Path Equivalence Vulnerability (CVE-2025-24813) NOT (yet) under active exploitation

recordedfuture.com/blog/apache

Insikt Group notes specifically that this vulnerability has not yet been observed as being actively exploited in the wild.

Summary:
This article details CVE-2025-24813, a critical path equivalence vulnerability in Apache Tomcat that allows unauthenticated remote code execution under specific conditions. The vulnerability affects multiple Tomcat versions (11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0-M1 to 9.0.98, and most 8.5.x versions). Greynoise has identified six malicious IP addresses attempting to exploit this vulnerability, targeting systems in the US, Japan, Mexico, South Korea, and Australia. Multiple proof-of-concept exploits have been published, increasing the risk of exploitation. Organizations are advised to upgrade to patched versions (11.0.3, 10.1.35, or 9.0.99) or implement network-level controls if immediate patching isn't possible.

#Cybersecurity #ThreatIntel #Tomcat #ActiveExploitation #ITW #Exploitation #Vulnerability #CVE202524813

##

CVE-2019-16149
(5.5 MEDIUM)

EPSS: 0.46%

updated 2025-03-28T12:31:35

1 posts

An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system.

cR0w@infosec.exchange at 2025-03-28T13:12:50.000Z ##

Fortinet published another CVE for a vuln from 2019. Just something to keep in mind when people blame Fortinet shops when they get popped by unpatched vulns.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-2894
(6.6 MEDIUM)

EPSS: 0.04%

updated 2025-03-28T03:30:31

1 posts

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.

cR0w@infosec.exchange at 2025-03-28T03:42:45.000Z ##

Backdoor in a robot dog thing? Yes please.

takeonme.org/cves/cve-2025-289

sev:MED 6.6 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

The Go1 also known as "The World's First Intelligence Bionic Quadruped Robot Companion of Consumer Level," contains an undocumented backdoor that can enable the manufacturer, and anyone in possession of the correct API key, complete remote control over the affected robotic device using the CloudSail remote access service.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-24383
(9.1 CRITICAL)

EPSS: 14.94%

updated 2025-03-28T03:30:30

1 posts

Dell Unity, version(s) 5.4 and prior, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to delete arbitrary files. This vulnerability is considered critical as it can be leveraged to delete critical system files as root. Dell recommends c

DarkWebInformer@infosec.exchange at 2025-03-28T16:03:23.000Z ##

🚨CVE-2025-24383: Dell Unity, Dell UnityVSA and Dell Unity XT remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system

CVSS: 9.1

darkwebinformer.com/cve-2025-2

##

CVE-2025-30232
(8.2 HIGH)

EPSS: 0.03%

updated 2025-03-28T03:30:24

1 posts

A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.

cR0w@infosec.exchange at 2025-03-28T02:39:11.000Z ##

UAF PrivEsc in Exim. I think it was @buherator who shared the Openwall link for this earlier today or yesterday. It now has a CVE published.

exim.org/static/doc/security/C

openwall.com/lists/oss-securit

sev:HIGH 8.1 - CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

A use-after-free in Exim 4.96 through 4.98.1 could allow users (with command-line access) to escalate privileges.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-0149
(3.3 LOW)

EPSS: 0.02%

updated 2025-03-27T21:32:22

1 posts

NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an attacker unauthorized access to files. A successful exploit of this vulnerability might lead to limited information disclosure.

andersonc0d3@infosec.exchange at 2025-03-27T18:29:35.000Z ##

wait3() system call as a side-channel in setuid programs (nvidia-modprobe CVE-2024-0149)

seclists.org/oss-sec/2025/q1/2

##

CVE-2025-29483
(6.5 MEDIUM)

EPSS: 0.03%

updated 2025-03-27T21:32:22

1 posts

libming v0.4.8 was discovered to contain a memory leak via the parseSWF_ENABLEDEBUGGER2 function.

CVE-2025-30067(CVSS UNKNOWN)

EPSS: 0.08%

updated 2025-03-27T18:18:41

1 posts

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected. This issue affects Apache Kylin: from 4.0.0 through 5.0.1

cR0w@infosec.exchange at 2025-03-27T15:31:35.000Z ##

Code injection in Apache Kylin.

lists.apache.org/thread/6j19pt

Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Kylin.
If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system and project admin access is well protected.

This issue affects Apache Kylin: from 4.0.0 through 5.0.1.

Users are recommended to upgrade to version 5.0.2 or above, which fixes the issue.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-31179
(6.2 MEDIUM)

EPSS: 0.02%

updated 2025-03-27T15:31:23

1 posts

A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash.

CVE-2025-31180
(6.2 MEDIUM)

EPSS: 0.02%

updated 2025-03-27T15:31:23

1 posts

A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash.

CVE-2025-31181
(6.2 MEDIUM)

EPSS: 0.02%

updated 2025-03-27T15:31:23

1 posts

A flaw was found in gnuplot. The X11_graphics() function may lead to a segmentation fault and cause a system crash.

CVE-2025-31176
(6.2 MEDIUM)

EPSS: 0.02%

updated 2025-03-27T15:31:22

1 posts

A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash.

CVE-2025-31178
(6.2 MEDIUM)

EPSS: 0.02%

updated 2025-03-27T15:31:22

1 posts

A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash.

CVE-2017-12637
(7.5 HIGH)

EPSS: 92.43%

updated 2025-03-27T03:34:37

1 posts

Directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS in SAP NetWeaver Application Server Java 7.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the query string, as exploited in the wild in August 2017, aka SAP Security Note 2486657.

Nuclei template

CVE-2019-9875
(8.8 HIGH)

EPSS: 22.41%

updated 2025-03-27T01:00:02.343000

2 posts

Deserialization of Untrusted Data in the anti CSRF module in Sitecore through 9.1 allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in an HTTP POST parameter.

AAKL@infosec.exchange at 2025-03-27T18:08:59.000Z ##

New: CISA has updated the KEV catalogue.

- CVE-2025-2783: Google Chromium Mojo Sandbox Escape Vulnerability cve.org/CVERecord?id=CVE-2025-

- Added yesterday:

- CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability cve.org/CVERecord?id=CVE-2019-

- CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability cve.org/CVERecord?id=CVE-2019- #CISA #cybersecurity #infosec #Google

##

cisakevtracker@mastodon.social at 2025-03-26T19:01:00.000Z ##

CVE ID: CVE-2019-9875
Vendor: Sitecore
Product: CMS and Experience Platform (XP)
Date Added: 2025-03-26
Vulnerability: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Notes: support.sitecore.com/kb?id=kb_ ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-2783
(8.4 HIGH)

EPSS: 13.08%

updated 2025-03-26T18:30:57

16 posts

Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)

1 repos

https://github.com/bronsoneaver/CVE-2025-2783

benzogaga33@mamot.fr at 2025-03-28T10:40:03.000Z ##

Patchez Google Chrome : cette faille zero-day est exploitée par une campagne d’espionnage it-connect.fr/google-chrome-fa #ActuCybersécurité #Cybersécurité #Vulnérabilité #Google

##

0x40k@infosec.exchange at 2025-03-28T09:37:47.000Z ##

Whoa, talk about déjà vu! Seems like Firefox is playing catch-up right after Chrome dropped a fix for a sandbox escape. 🤯 Keep an eye out for CVE-2025-2857.

So, what's the deal? In short, this nasty bug could let an attacker break right out of the browser's protective sandbox. And *that* means they could potentially gain full access to your system. Yeah, pretty scary stuff. 😱

If you're running Firefox on Windows, heads up! This affects versions 136.0.4, ESR 115.21.1, and ESR 128.8.1. This whole situation feels familiar because Chrome *just* patched CVE-2025-2783, a similar issue that attackers were already actively exploiting out in the wild!

Make no mistake, sandbox escapes are a huge deal. As a pentester, I can tell you: vulnerabilities like this get weaponized *fast*. Don't wait around.

Seriously, update your Firefox ASAP! Trust me, you don't want to deal with the fallout if someone exploits this. It could get costly, fast.

Ever seen a browser exploit do its thing live? Wild, right? Drop your stories below!

#infosec #pentesting #firefox #cybersecurity #updateNOW

##

cisakevtracker@mastodon.social at 2025-03-27T19:00:58.000Z ##

CVE ID: CVE-2025-2783
Vendor: Google
Product: Chromium Mojo
Date Added: 2025-03-27
Vulnerability: Google Chromium Mojo Sandbox Escape Vulnerability
Notes: chromereleases.googleblog.com/ ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

AAKL@infosec.exchange at 2025-03-27T18:08:59.000Z ##

New: CISA has updated the KEV catalogue.

- CVE-2025-2783: Google Chromium Mojo Sandbox Escape Vulnerability cve.org/CVERecord?id=CVE-2025-

- Added yesterday:

- CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability cve.org/CVERecord?id=CVE-2019-

- CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability cve.org/CVERecord?id=CVE-2019- #CISA #cybersecurity #infosec #Google

##

AAKL@infosec.exchange at 2025-03-27T16:35:04.000Z ##

Microsoft's notes for Edge Security Updates, posted yesterday: msrc.microsoft.com/update-guide

Chromium: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo on Windows msrc.microsoft.com/update-guid @microsoftsec #Microsoft #cybersecurity #Infosec #Windows

##

ruario@vivaldi.net at 2025-03-27T08:22:22.000Z ##

This update included the fix for CVE-2025-2783.

##

ruario@vivaldi.net at 2025-03-27T08:21:59.000Z ##

Just to be 100% clear this update included the fix for CVE-2025-2783. We actually had that out in the previous build 7.2.3621.71 from yesterday.

##

ruario@vivaldi.net at 2025-03-27T08:21:44.000Z ##

Just to be 100% clear this update included the fix for CVE-2025-2783. We actually had that out in the previous build 7.2.3621.71 from yesterday.

##

ruario@vivaldi.net at 2025-03-27T08:20:30.000Z ##

Just to be 100% clear this update included the fix for CVE-2025-2783. Indeed we were the first non-Chrome browser to get that out.

##

cR0w@infosec.exchange at 2025-03-26T17:12:03.000Z ##

The CVE for this is published but no CVSS assessment yet: nvd.nist.gov/vuln/detail/CVE-2

##

winterkvist@mastodonsweden.se at 2025-03-26T16:03:05.000Z ##

Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) – Help Net Security macken.xyz/2025/03/google-fixe

##

jbhall56@infosec.exchange at 2025-03-26T12:58:32.000Z ##

The vulnerability, tracked as CVE-2025-2783, was chained with a second exploit for remote code execution in attacks targeting organizations in Russia. securityweek.com/google-patche

##

jos1264@social.skynetcloud.site at 2025-03-26T11:10:03.000Z ##

Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) helpnetsecurity.com/2025/03/26 #Don'tmiss #Kaspersky #Hotstuff #exploit #Windows #Chrome #0-day #News #APT

##

jos1264@social.skynetcloud.site at 2025-03-26T10:05:03.000Z ##

Chrome Releases Critical Update to Address CVE-2025-2783 Vulnerability thecyberexpress.com/chrome-sta #StableChannelUpdate #TheCyberExpressNews #Vulnerabilities #TheCyberExpress #FirewallDaily #CVE20252783 #CyberNews #Windows

##

0x40k@infosec.exchange at 2025-03-26T05:18:00.000Z ##

Chrome *again*? 🙄 Looks like Google's patching *another* critical flaw (CVE-2025-2783), and yep, attackers are already exploiting it in the wild.

Heads up, Windows users – you're the main target, with Russian orgs specifically in the crosshairs. 🇷🇺 The vulnerability's lurking in Mojo (Chrome's Inter-Process Communication system). And get this: all it takes is a convincing phishing email. 🎣 Someone clicks the link, and bam – their system's compromised.

What's really nasty? It cleverly gets around the Chrome sandbox. 🤯 Kaspersky's already tracking this, calling it 'Operation ForumTroll' and linking it to an APT group. Speaking as a pentester, trust me, finding vulnerabilities this deep isn't easy. Your run-of-the-mill scans just won't cut it here.

So, what's the game plan?
1. Update Chrome NOW! Like, right now. 🚨
2. Seriously, double down on training your staff about phishing threats.
3. Keep a close eye on your systems – think SIEM/EDR monitoring.

Curious to know, what are your go-to tools for hunting down threats like this? And how are you folks bracing yourselves against these advanced attacks? 🤔

Stay safe out there! ✌️

#Security #Chrome #Pentest #APT

##

cR0w@infosec.exchange at 2025-03-25T23:53:15.000Z ##

EITW in Chrome if that's the kind of thing you care about: chromereleases.googleblog.com/

Google is aware of reports that an exploit for CVE-2025-2783 exists in the wild.

##

CVE-2025-2820
(6.5 MEDIUM)

EPSS: 0.04%

updated 2025-03-26T15:32:52

1 posts

An authenticated attacker can compromise the availability of the device via the network

cR0w@infosec.exchange at 2025-03-26T16:27:48.000Z ##

Bizerba doing that thing like in school where you take up as much of the page as possible. Instead of DoS they say:

An authenticated attacker can compromise the availability of the device via the network

bizerba.com/downloads/global/i

Through the public FTP access the mass storage can be completely filled by mass uploading of data because no quota is in place.

sev:MED 6.5 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-1542(CVSS UNKNOWN)

EPSS: 0.04%

updated 2025-03-26T12:30:40

1 posts

Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in versions before 2.0.324.0.

cR0w@infosec.exchange at 2025-03-26T13:47:37.000Z ##

Service desk application vulns are always fun. I don't know how popular OXARI is, but if you know it, you might want to look into this one.

cert.pl/en/posts/2025/03/CVE-2

sev:CRIT 9.3 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Improper permission control vulnerability in the OXARI ServiceDesk application could allow an attacker using a guest access or an unprivileged account to gain additional administrative permissions in the application.This issue affects OXARI ServiceDesk in versions before 2.0.324.0.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-47516
(9.8 CRITICAL)

EPSS: 0.33%

updated 2025-03-26T00:31:24

1 posts

A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.

cR0w@infosec.exchange at 2025-03-26T03:21:06.000Z ##

I don't know how popular Pagure is but this RCE via git seems like it's worth patching. Or attacking. No judgement.

access.redhat.com/security/cve

sev:CRIT 9.8 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-27636(CVSS UNKNOWN)

EPSS: 16.44%

updated 2025-03-25T18:38:11

1 posts

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.9.0 through <= 4.10.1, from 4.8.0 through <= 4.8.4, from 3.10.0 through <= 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter

1 repos

https://github.com/akamai/CVE-2025-27636-Apache-Camel-PoC

sans_isc@infosec.exchange at 2025-03-31T12:25:25.000Z ##

Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891) isc.sans.edu/diary/31814

##

CVE-2025-22230
(7.8 HIGH)

EPSS: 0.03%

updated 2025-03-25T15:31:35

6 posts

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

jos1264@social.skynetcloud.site at 2025-03-27T03:25:03.000Z ##

Authentication bypass CVE-2025-22230 impacts VMware Windows Tools – Source: securityaffairs.com ciso2ciso.com/authentication-b #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #BreakingNews #SecurityNews #hackingnews #vmwaretools #Security #hacking

##

benzogaga33@mamot.fr at 2025-03-26T16:40:02.000Z ##

VMware corrige une faille importante dans les VMware Tools pour Windows : CVE-2025-22230 it-connect.fr/vmware-corrige-u #ActuCybersécurité #Cybersécurité #Vulnérabilité #Windows #VMware

##

benzogaga33@mamot.fr at 2025-03-26T10:40:02.000Z ##

VMware corrige une faille importante dans les VMware Tools pour Windows : CVE-2025-22230 it-connect.fr/vmware-corrige-u #ActuCybersécurité #Cybersécurité #Vulnérabilité #Windows #VMware

##

0x40k@infosec.exchange at 2025-03-26T05:39:13.000Z ##

Seriously, Broadcom... what's the deal lately? 🤯

First up, we've got CVE-2025-22230 hitting VMware Tools for Windows. This nasty bug basically lets standard users inside a VM escalate their privileges to admin level. Yikes! 😬 With a CVSS score of 7.8, you'll want to jump on this fix ASAP. It impacts versions 11.x.x and 12.x.x, so upgrading to 12.5.1 needs to be right at the top of your list!

But wait, there's more. CrushFTP is also sounding the alarm about unauthenticated access vulnerabilities lurking on HTTP(S) ports in versions 10 and 11. It's definitely time to double-check those DMZ configurations. Rapid7 has confirmed that exploits are out there, allowing unauthorized access. Pretty intense, right?

Stuff like this is a stark reminder: while automated scans have their place, they just don't cut it alone. Real-deal penetration testing is absolutely essential. Those manual checks are what uncover the sneaky issues that automated tools often breeze right past.

What's your take on this recent wave? How are you keeping your own environments locked down tight? Let's talk 👇

#ITSecurity #Pentesting #VMware #Cybersecurity #InfoSec #VulnerabilityManagement

##

GossiTheDog@cyberplace.social at 2025-03-25T16:04:53.000Z ##

A new twist on #ESXicape - you need local admin rights to escape the VM to the hypervisor, right?

Slight issue - VMware Tools, installed inside VMs, allows local user to local admin privilege escalation on every VM due to vuln CVE-2025-22230

“A malicious actor with non-administrative privileges on a Windows guest VM may gain ability to perform certain high-privilege operations within that VM.”

Discovered by Positive Technologies, who US claim hack for Moscow.

support.broadcom.com/web/ecx/s

##

cR0w@infosec.exchange at 2025-03-25T15:37:51.000Z ##

Auth bypass vuln in VMWare Tools for Windows. Nice.

support.broadcom.com/web/ecx/s

sev:HIGH 7.8 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-42533
(9.8 CRITICAL)

EPSS: 0.33%

updated 2025-03-25T15:31:35

1 posts

SQL injection vulnerability in the authentication module in Convivance StandVoice 4.5 through 6.2 allows remote attackers to execute arbitrary code via the GEST_LOGIN parameter.

ChrisShort@hachyderm.io at 2025-03-31T23:07:48.000Z ##

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare #SuggestedRead #devopsish tenable.com/blog/cve-2025-1974

##

euroinfosec@infosec.exchange at 2025-03-29T08:39:01.000Z ##

Critical Kubernetes controller flaws: 4,000 IPs exposed, with patch urgency increasing due to code to exploit CVE-2025-1974 vulnerability being published databreachtoday.com/critical-k

##

ChrisShort@hachyderm.io at 2025-03-27T23:39:23.000Z ##

Ingress-nginx CVE-2025-1974: What You Need to Know #SuggestedRead #devopsish kubernetes.io/blog/2025/03/24/

##

DarkWebInformer@infosec.exchange at 2025-03-27T20:03:56.000Z ##

🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)

darkwebinformer.com/poc-code-t

##

jos1264@social.skynetcloud.site at 2025-03-27T07:45:03.000Z ##

CVE-2025-1974: Critical Set of Vulnerabilities in Ingress NGINX Controller for Kubernetes Leading to Unauthenticated RCE – Source: socprime.com ciso2ciso.com/cve-2025-1974-cr #rssfeedpostgeneratorecho #CyberSecurityNews #IngressNightmare #CVE-2025-1974 #Latestthreats #Vulnerability #socprimecom #socprime #Blog #CVE

##

sambowne@infosec.exchange at 2025-03-26T22:18:52.000Z ##

Ingress-nginx CVE-2025-1974: What You Need to Know | Kubernetes kubernetes.io/blog/2025/03/24/

##

ChrisShort@hachyderm.io at 2025-03-26T14:33:15.000Z ##

CVE-2025-1974 #SuggestedRead #devopsish github.com/kubernetes/kubernet

##

hdm@infosec.exchange at 2025-03-25T19:56:31.000Z ##

Jacob Sandum posted a detailed and well-written PoC for the IngressNightmare (CVE-2025-1974 ) vulnerability found in the Kubernetes ingress-nginx Admission Controller by Wiz (Woogle!). If you are looking for a quick way to reproduce the issue or validate detection and mitigation, take a look:
github.com/sandumjacob/Ingress

##

vmstan@vmst.io at 2025-03-25T14:22:26.000Z ##

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see status.vmst.io for more information. #vmstio

##

CVE-2025-24513
(4.8 MEDIUM)

EPSS: 0.06%

updated 2025-03-25T15:10:09

3 posts

A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal within the container. This could result in denial of service, or when combined with other vulnerabilities, limited disclosure of Secret objects from the cluster.

ChrisShort@hachyderm.io at 2025-03-31T23:07:48.000Z ##

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare #SuggestedRead #devopsish tenable.com/blog/cve-2025-1974

##

ChrisShort@hachyderm.io at 2025-03-27T12:35:34.000Z ##

CVE-2025-24513 #SuggestedRead #devopsish github.com/kubernetes/kubernet

##

vmstan@vmst.io at 2025-03-25T14:22:26.000Z ##

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see status.vmst.io for more information. #vmstio

##

CVE-2025-24514
(8.8 HIGH)

EPSS: 0.22%

updated 2025-03-25T15:10:03

5 posts

A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all

3 repos

https://github.com/hakaioffsec/IngressNightmare-PoC

https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps

https://github.com/lufeirider/IngressNightmare-PoC

ChrisShort@hachyderm.io at 2025-03-31T23:07:48.000Z ##

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare #SuggestedRead #devopsish tenable.com/blog/cve-2025-1974

##

ChrisShort@hachyderm.io at 2025-03-27T21:03:10.000Z ##

CVE-2025-24514 #SuggestedRead #devopsish github.com/kubernetes/kubernet

##

DarkWebInformer@infosec.exchange at 2025-03-27T20:03:56.000Z ##

🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)

darkwebinformer.com/poc-code-t

##

stf@chaos.social at 2025-03-25T16:54:19.000Z ##

oh, this ingress/nginx proxy vuln family: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514

maybe we need to rewrite that component in rust? oh, wait.

##

vmstan@vmst.io at 2025-03-25T14:22:26.000Z ##

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see status.vmst.io for more information. #vmstio

##

CVE-2025-1097
(8.8 HIGH)

EPSS: 0.16%

updated 2025-03-25T15:07:13

5 posts

A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can ac

3 repos

https://github.com/hakaioffsec/IngressNightmare-PoC

https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps

https://github.com/lufeirider/IngressNightmare-PoC

ChrisShort@hachyderm.io at 2025-03-31T23:07:48.000Z ##

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare #SuggestedRead #devopsish tenable.com/blog/cve-2025-1974

##

DarkWebInformer@infosec.exchange at 2025-03-27T20:03:56.000Z ##

🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)

darkwebinformer.com/poc-code-t

##

ChrisShort@hachyderm.io at 2025-03-27T17:18:20.000Z ##

CVE-2025-1097 #SuggestedRead #devopsish github.com/kubernetes/kubernet

##

stf@chaos.social at 2025-03-25T16:54:19.000Z ##

oh, this ingress/nginx proxy vuln family: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514

maybe we need to rewrite that component in rust? oh, wait.

##

vmstan@vmst.io at 2025-03-25T14:22:26.000Z ##

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see status.vmst.io for more information. #vmstio

##

CVE-2025-1098
(8.8 HIGH)

EPSS: 0.22%

updated 2025-03-25T15:06:45

5 posts

A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installati

3 repos

https://github.com/hakaioffsec/IngressNightmare-PoC

https://github.com/Esonhugh/ingressNightmare-CVE-2025-1974-exps

https://github.com/lufeirider/IngressNightmare-PoC

ChrisShort@hachyderm.io at 2025-03-31T23:07:48.000Z ##

CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514: Frequently Asked Questions About IngressNightmare #SuggestedRead #devopsish tenable.com/blog/cve-2025-1974

##

ChrisShort@hachyderm.io at 2025-03-28T00:54:38.000Z ##

CVE-2025-1098 #SuggestedRead #devopsish github.com/kubernetes/kubernet

##

DarkWebInformer@infosec.exchange at 2025-03-27T20:03:56.000Z ##

🚨PoC Code to Exploit the IngressNightmare Vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974)

darkwebinformer.com/poc-code-t

##

stf@chaos.social at 2025-03-25T16:54:19.000Z ##

oh, this ingress/nginx proxy vuln family: CVE-2025-1097, CVE-2025-1098, CVE-2025-24514

maybe we need to rewrite that component in rust? oh, wait.

##

vmstan@vmst.io at 2025-03-25T14:22:26.000Z ##

We will be performing an emergency upgrade of our cluster infrastructure to patch a series of critical security vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-1974, CVE-2025-24513, CVE-2025-24514) on our NGINX containers. As a result there may be a brief/intermittent disruption to Mastodon availability over the next hour. We apologize for the inconvenience, and hope you can quickly return to enjoying all the Nicole memes. Please see status.vmst.io for more information. #vmstio

##

CVE-2025-26512
(10.0 CRITICAL)

EPSS: 0.04%

updated 2025-03-25T00:30:26

1 posts

SnapCenter versions prior to 6.0.1P1 and 6.1P1 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed.

CVE-2025-2748
(6.5 MEDIUM)

EPSS: 0.75%

updated 2025-03-24T21:30:39

4 posts

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.

Nuclei template

AAKL at 2025-04-01T17:12:46.734Z ##

WatchTower: XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) labs.watchtowr.com/xss-to-rce-

##

AAKL@infosec.exchange at 2025-04-01T17:12:46.000Z ##

WatchTower: XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) labs.watchtowr.com/xss-to-rce- #cybersecurity #infosec

##

cR0w@infosec.exchange at 2025-04-01T13:52:41.000Z ##

I know that many of us tend to scoff at XSS vulns, but it's good to be reminded how they can be successfully used in a chain for something more interesting.

labs.watchtowr.com/xss-to-rce-

##

_r_netsec@infosec.exchange at 2025-04-01T10:13:06.000Z ##

XSS To RCE By Abusing Custom File Handlers - Kentico Xperience CMS (CVE-2025-2748) - watchTowr Labs labs.watchtowr.com/xss-to-rce-

##

CVE-2025-27407
(9.1 CRITICAL)

EPSS: 4.32%

updated 2025-03-24T14:49:02

1 posts

# Summary Loading a malicious schema definition in `GraphQL::Schema.from_introspection` (or `GraphQL::Schema::Loader.load`) can result in remote code execution. Any system which loads a schema by JSON from an untrusted source is vulnerable, including those that use [GraphQL::Client](https://github.com/github-community-projects/graphql-client) to load external schemas via GraphQL introspection.

obivan@infosec.exchange at 2025-03-28T07:32:00.000Z ##

CVE-2025-27407: Inside the Critical GraphQL-Ruby RCE Vulnerability cenobe.com/blog/cve-2025-27407/

##

CVE-2024-6827
(7.5 HIGH)

EPSS: 0.04%

updated 2025-03-21T23:56:31

1 posts

Gunicorn version 21.2.0 does not properly validate the value of the 'Transfer-Encoding' header as specified in the RFC standards, which leads to the default fallback method of 'Content-Length,' making it vulnerable to TE.CL request smuggling. This vulnerability can lead to cache poisoning, data exposure, session manipulation, SSRF, XSS, DoS, data integrity compromise, security bypass, information

mmguero@infosec.exchange at 2025-03-28T15:09:12.000Z ##

This has been a busy month for Malcolm! I pushed hard to get v25.03.0 out earlier this month, as it contained pretty much just the Keycloak integration one of our partners (and major funding sources) was waiting for. Rather than wait until April for the other stuff that would have gone into the regular end-of-the-month release, I decided to pull those items into this smaller release just a week and a half after the last one.

Malcolm v25.03.1 contains a few enhancements, bug fixes, and several component version updates, including one that addresses a CVE that may affect Hedgehog Linux Kiosk mode and Malcolm's API container.

NOTE: If you have not already upgraded to v25.03.0, read the notes for v25.02.0 and v25.03.0 and follow the Read Before Upgrading instructions on those releases.

Changes in this release

  • ✨ Features and enhancements
    • Incorporate new S7comm device identification log, s7comm_known_devices.log (#622)
    • Display current PCAP, Zeek, and Suricata capture results in Hedgehog Linux Kiosk mode (#566)
    • Keycloak authentication: configurable group or role membership restrictions for login (#633) (see Requiring user groups and realm roles)
    • Mark newly-discovered and uninventoried devices in logs during NetBox enrichment (#573)
    • Added "Apply recommended system tweaks automatically without asking for confirmation?" question to install.py to allow the user to accept changes to sysctl.conf, grub kernel parameters, etc., without having to answer "yes" to each one.
  • ✅ Component version updates
  • 🐛 Bug fixes
    • Fix install.py error when answering yes to "Pull Malcolm images?" with podman (#604)
    • Order of user-provided tags from PCAP upload interface not preserved (#624)
  • 📄 Configuration changes (in environment variables in ./config/) for Malcolm and in control_vars.conf for Hedgehog Linux
  • 🧹 Code and project maintenance
    • Ensure Malcolm's NetBox configuration Python scripts are baked into the image in addition to bind-mounting them in docker-compose.yml at runtime.

Malcolm is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻‍♀️.

Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, Podman 🦭, and Kubernetes ⎈. Check out the Quick Start guide for examples on how to get up and running.

Alternatively, dedicated official ISO installer images 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's releases page on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (release_cleaver.sh) and PowerShell 🪟 (release_cleaver.ps1). See Downloading Malcolm - Installer ISOs for instructions.

As always, join us on the Malcolm discussions board 💬 to engage with the community, or pop some corn 🍿 and watch a video 📼.

#Malcolm #HedgehogLinux #Zeek #Arkime #NetBox #OpenSearch #Elasticsearch #Suricata #SSO #OIDC #Keycloak #PCAP #NetworkTrafficAnalysis #networksecuritymonitoring #OT #ICS #icssecurity #CyberSecurity #Cyber #Infosec #INL #DHS #CISA #CISAgov

##

CVE-2024-9956
(7.8 HIGH)

EPSS: 0.03%

updated 2025-03-20T22:15:14.233000

1 posts

Inappropriate implementation in WebAuthentication in Google Chrome on Android prior to 130.0.6723.58 allowed a local attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium)

ringzer0@infosec.exchange at 2025-03-27T18:00:13.000Z ##

CVE-2024-9956 - PassKey Account Takeover in All Mobile Browsers: mastersplinter.work/research/p

##

CVE-2025-23120
(9.9 CRITICAL)

EPSS: 0.28%

updated 2025-03-20T18:30:30

1 posts

A vulnerability allowing remote code execution (RCE) for domain users.

codewhitesec@infosec.exchange at 2025-03-28T16:35:25.000Z ##

Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudypb 's blog. Don’t blacklist - replace BinaryFormatter.

##

CVE-2025-24201
(7.1 HIGH)

EPSS: 0.18%

updated 2025-03-20T15:30:32

1 posts

An out-of-bounds write issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in visionOS 2.3.2, iOS 18.3.2 and iPadOS 18.3.2, macOS Sequoia 15.3.2. Maliciously crafted web content may be able to break out of Web Content sandbox. This is a supplementary fix for an attack that was blocked in iOS 17.2. (Apple is aware of a report that this issue may have been e

applsec@infosec.exchange at 2025-03-31T17:45:32.000Z ##

📣 EMERGENCY UPDATES 📣

Apple pushed additional updates for 3 zero-days that may have been actively exploited.

🐛 CVE-2025-24200 (Accessibility) additional patches,
🐛 CVE-2025-24201 (WebKit) additional patches:
- iOS and iPadOS 15.8.4
- iOS and iPadOS 16.7.11

🐛 CVE-2025-24085 (CoreMedia) additional patches:
- iPadOS 17.7.6
- macOS Sonoma 14.7.5
- macOS Ventura 13.7.5

#apple #cybersecurity #infosec #security #ios

##

CVE-2025-29891
(4.2 MEDIUM)

EPSS: 0.02%

updated 2025-03-19T15:44:53

1 posts

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.9.0 before 4.10.2, from 4.0.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is present in Camel's default incoming header filter, that allows an attacker to include Camel specific

sans_isc@infosec.exchange at 2025-03-31T12:25:25.000Z ##

Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891) isc.sans.edu/diary/31814

##

CVE-2025-26633
(7.0 None)

EPSS: 1.29%

updated 2025-03-11T18:32:20

8 posts

Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.

0x40k@infosec.exchange at 2025-03-31T20:10:06.000Z ##

Seriously? Looks like Water Gamayun (aka EncryptHub) is back in action. They're dropping new Windows backdoors, SilentPrism and DarkWisp, using dodgy MSI installers and MSC files.

And get this: they're even exploiting a zero-day (CVE-2025-26633). Their aim? Snatching your data and crypto wallet seeds. 🤦‍♂️

So, you know the drill: double-check those MSIs, steer clear of MSCs from sketchy sources, keep your endpoint security patched, and lock down PowerShell. Yeah, standard procedure, right?

But honestly, how many times do we need to hammer this home? And seriously, where's the 'Security by Design' we keep hearing about? 🙄

As pentesters, we see clients are grateful for the help, but man, it's disheartening seeing the same fundamental gaps over and over.

What's your take? Is the real issue a lack of funds or a lack of know-how? Let me know below. 🤔

#infosec #pentesting #cybersecurity #russia

##

jos1264@social.skynetcloud.site at 2025-03-31T19:50:03.000Z ##

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp – Source:thehackernews.com ciso2ciso.com/russian-hackers- #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Russian

##

jos1264@social.skynetcloud.site at 2025-03-31T17:40:02.000Z ##

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp thehackernews.com/2025/03/russ

##

jos1264@social.skynetcloud.site at 2025-03-31T17:40:02.000Z ##

Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp thehackernews.com/2025/03/russ

##

ClubTeleMatique@mstdn.social at 2025-03-31T17:15:45.000Z ##

Hacker News: Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp thehackernews.com/2025/03/russ #news #IT

##

nopatience@swecyb.com at 2025-03-28T19:41:05.000Z ##

(trendmicro.com) A Deep Dive into Water Gamayun's Arsenal and Infrastructure trendmicro.com/en_us/research/

Executive Summary:
This research provides a comprehensive analysis of Water Gamayun (also known as EncryptHub and Larva-208), a suspected Russian threat actor exploiting the MSC EvilTwin zero-day vulnerability (CVE-2025-26633) in Microsoft Management Console. The threat actor employs sophisticated delivery methods including malicious provisioning packages, signed MSI files, and Windows MSC files to deploy multiple custom payloads. Their arsenal includes custom backdoors (SilentPrism and DarkWisp), multiple variants of the EncryptHub Stealer, and known malware like Stealc and Rhadamanthys. The research details the C&C infrastructure, data exfiltration techniques, and persistence mechanisms used by the group. Trend Micro researchers gained access to the C&C server components, enabling them to analyze the architecture, functionality, and evasion techniques employed by the threat actor.

#Cybersecurity #ThreatIntel #PowerShell #DarkWisp #SilentPrism #APT #WaterGamayun #EncryptHub #Russia #Rhadamanthys

##

0x40k@infosec.exchange at 2025-03-28T15:25:16.000Z ##

Seriously, EncryptHub isn't messing around! 🤯 They've jumped *right* on that Windows bug (CVE-2025-26633) that literally *just* got fixed. Talk about moving fast...

So, the exploit? It involves the Microsoft Management Console (MMC), those MSC files, and something called MUIPath. Sounds pretty techy, right? But basically, it's a clever workaround. EncryptHub crafts two MSC files – same name, one legit, one malicious. Windows doesn't double-check properly and ends up loading the nasty one. Boom! 💥

You see, as a pentester, I constantly witness attackers twisting legitimate system functions just like this. Your automated scanners? Yeah, they'll likely miss it completely. This kind of thing really needs hands-on analysis to catch. And yeah, updates are crucial, folks! Make sure you get CVE-2025-26633 patched ASAP. Oh, and those random MSI installers from sources you don't know? Big nope. Steer clear! ☝️

Have you run into attacks like this before? Or maybe you've got some other sneaky Windows tricks up your sleeve? Drop 'em in the comments!

#Pentest #Infosec #ZeroDay

##

VirusBulletin@infosec.exchange at 2025-03-27T10:24:42.000Z ##

Trend Micro researchers identified a campaign by the Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data. trendmicro.com/en_us/research/

##

CVE-2025-27218
(5.3 MEDIUM)

EPSS: 58.46%

updated 2025-02-20T21:15:26.510000

1 posts

Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization.

Nuclei template

sans_isc@infosec.exchange at 2025-03-27T17:06:18.000Z ##

Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 isc.sans.edu/diary/31806

##

CVE-2025-1302
(9.8 CRITICAL)

EPSS: 14.28%

updated 2025-02-18T19:25:35

1 posts

Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE) due to improper input sanitization. An attacker can execute aribitrary code on the system by exploiting the unsafe default usage of eval='safe' mode. **Note:** This is caused by an incomplete fix for CVE-2024-21534.

1 repos

https://github.com/EQSTLab/CVE-2025-1302

cR0w@infosec.exchange at 2025-04-01T16:16:36.000Z ##

IBM has published several sev:CRIT advisories the past couple days. I'll link to those but hopefully if you are protecting or targeting IBM you are already following their advisories for relevant products since there are plenty of them of varying severity ratings.

ibm.com/support/pages/bulletin/

Security Bulletin: IBM Automation Decision Services for Jan 2025 - Multiple CVEs addressed: ibm.com/support/pages/node/722

Security Bulletin: BAMOE 9 vulnerability in tomcat-embed-core library, version 10.1.34, transitively linked from Spring Boot: ibm.com/support/pages/node/722

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.: ibm.com/support/pages/node/722

Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791): ibm.com/support/pages/node/722

Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791): ibm.com/support/pages/node/722

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.: ibm.com/support/pages/node/722

##

CVE-2025-24200
(7.5 HIGH)

EPSS: 18.54%

updated 2025-02-11T15:33:28

1 posts

An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals.

1 repos

https://github.com/McTavishSue/CVE-2025-24200

applsec@infosec.exchange at 2025-03-31T17:45:32.000Z ##

📣 EMERGENCY UPDATES 📣

Apple pushed additional updates for 3 zero-days that may have been actively exploited.

🐛 CVE-2025-24200 (Accessibility) additional patches,
🐛 CVE-2025-24201 (WebKit) additional patches:
- iOS and iPadOS 15.8.4
- iOS and iPadOS 16.7.11

🐛 CVE-2025-24085 (CoreMedia) additional patches:
- iPadOS 17.7.6
- macOS Sonoma 14.7.5
- macOS Ventura 13.7.5

#apple #cybersecurity #infosec #security #ios

##

CVE-2025-24791
(4.4 MEDIUM)

EPSS: 0.01%

updated 2025-01-29T18:42:28

1 posts

### Issue Snowflake discovered and remediated a vulnerability in the Snowflake NodeJS Driver. File permissions checks of the temporary credential cache could be bypassed by an attacker with write access to the local cache directory. This vulnerability affects versions 1.12.0 through 2.0.1 on Linux. Snowflake fixed the issue in version 2.0.2. ### Vulnerability Details On Linux, when either EXTERN

cR0w@infosec.exchange at 2025-04-01T16:16:36.000Z ##

IBM has published several sev:CRIT advisories the past couple days. I'll link to those but hopefully if you are protecting or targeting IBM you are already following their advisories for relevant products since there are plenty of them of varying severity ratings.

ibm.com/support/pages/bulletin/

Security Bulletin: IBM Automation Decision Services for Jan 2025 - Multiple CVEs addressed: ibm.com/support/pages/node/722

Security Bulletin: BAMOE 9 vulnerability in tomcat-embed-core library, version 10.1.34, transitively linked from Spring Boot: ibm.com/support/pages/node/722

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.: ibm.com/support/pages/node/722

Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791): ibm.com/support/pages/node/722

Security Bulletin: IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions due to jsonpath-plus & snowflake-sdk (CVE-2025-1302 & CVE-2025-24791): ibm.com/support/pages/node/722

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 9.2.0.: ibm.com/support/pages/node/722

##

CVE-2025-24085
(7.8 HIGH)

EPSS: 2.43%

updated 2025-01-29T15:32:36

1 posts

A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.

1 repos

https://github.com/bronsoneaver/CVE-2025-24085

applsec@infosec.exchange at 2025-03-31T17:45:32.000Z ##

📣 EMERGENCY UPDATES 📣

Apple pushed additional updates for 3 zero-days that may have been actively exploited.

🐛 CVE-2025-24200 (Accessibility) additional patches,
🐛 CVE-2025-24201 (WebKit) additional patches:
- iOS and iPadOS 15.8.4
- iOS and iPadOS 16.7.11

🐛 CVE-2025-24085 (CoreMedia) additional patches:
- iPadOS 17.7.6
- macOS Sonoma 14.7.5
- macOS Ventura 13.7.5

#apple #cybersecurity #infosec #security #ios

##

CVE-2025-0282
(9.1 CRITICAL)

EPSS: 90.87%

updated 2025-01-28T18:32:27

1 posts

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution.

10 repos

https://github.com/AdaniKamal/CVE-2025-0282

https://github.com/watchtowrlabs/CVE-2025-0282

https://github.com/punitdarji/Ivanti-CVE-2025-0282

https://github.com/Hexastrike/Ivanti-Connect-Secure-Logs-Parser

https://github.com/rxwx/pulse-meter

https://github.com/sfewer-r7/CVE-2025-0282

https://github.com/absholi7ly/CVE-2025-0282-Ivanti-exploit

https://github.com/almanatra/CVE-2025-0282

https://github.com/44xo/CVE-2025-0282

https://github.com/AnonStorks/CVE-2025-0282-Full-version

0x40k@infosec.exchange at 2025-03-30T06:11:33.000Z ##

Just had a client tell me, "Oh, we've patched everything!" Famous last words, eh? 😔

Turns out, CISA's put out a warning about RESURGE malware that's hitting Ivanti systems. And get this – it even includes SPAWNCHIMERA functions. What does that mean? Essentially, attackers are already deep inside. We're talking the whole nasty package: rootkit, dropper, backdoor... you name it!

This specifically impacts Ivanti Connect Secure, Policy Secure, and ZTA Gateways.

So, what's the urgent takeaway for *you*? Get patching immediately (that's CVE-2025-0282)! You'll also want to reset passwords and seriously review your access controls. Better safe than sorry, right?

How are you folks keeping your systems safe from this kind of stuff? Let's talk tactics.

#Cybersecurity #Pentesting #IvantiGate

##

CVE-2024-40711
(9.8 CRITICAL)

EPSS: 56.19%

updated 2024-12-20T18:31:30

1 posts

A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE).

Nuclei template

3 repos

https://github.com/watchtowrlabs/CVE-2024-40711

https://github.com/XiaomingX/cve-2024-40711-poc

https://github.com/realstatus/CVE-2024-40711-Exp

codewhitesec@infosec.exchange at 2025-03-28T16:35:25.000Z ##

Our crew members @mwulftange & @frycos discovered & responsibly disclosed several new RCE gadgets that bypass #Veeam's blacklist for CVE-2024-40711 & CVE-2025-23120 as well as further entry points following @SinSinology & @chudypb 's blog. Don’t blacklist - replace BinaryFormatter.

##

CVE-2021-4034
(7.8 HIGH)

EPSS: 87.29%

updated 2024-11-04T18:32:23

1 posts

A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attacker can leverage this

100 repos

https://github.com/wechicken456/CVE-2021-4034-CTF-writeup

https://github.com/PwnFunction/CVE-2021-4034

https://github.com/ryaagard/CVE-2021-4034

https://github.com/Vulnmachines/HAProxy_CVE-2021-40346

https://github.com/wudicainiao/cve-2021-4034

https://github.com/Almorabea/pkexec-exploit

https://github.com/asepsaepdin/CVE-2021-4034

https://github.com/arthepsy/CVE-2021-4034

https://github.com/dadvlingd/CVE-2021-4034

https://github.com/jpmcb/pwnkit-go

https://github.com/TotallyNotAHaxxer/CVE-2021-4034

https://github.com/TomSgn/CVE-2021-4034

https://github.com/berdav/CVE-2021-4034

https://github.com/FDlucifer/Pwnkit-go

https://github.com/Rvn0xsy/CVE-2021-4034

https://github.com/nobelh/CVE-2021-4034

https://github.com/c3c/CVE-2021-4034

https://github.com/luijait/PwnKit-Exploit

https://github.com/nikaiw/CVE-2021-4034

https://github.com/oreosec/pwnkit

https://github.com/sofire/polkit-0.96-CVE-2021-4034

https://github.com/jm33-m0/go-lpe

https://github.com/PeterGottesman/pwnkit-exploit

https://github.com/x04000/CVE-2021-4034

https://github.com/DanaEpp/pwncat_pwnkit

https://github.com/LJP-TW/CVE-2021-4034

https://github.com/HellGateCorp/pwnkit

https://github.com/fei9747/CVE-2021-4034

https://github.com/drapl0n/pwnKit

https://github.com/evdenis/lsm_bpf_check_argc0

https://github.com/whokilleddb/CVE-2021-4034

https://github.com/lsclsclsc/CVE-2021-4034

https://github.com/mebeim/CVE-2021-4034

https://github.com/artemis-mike/cve-2021-4034

https://github.com/Y3A/CVE-2021-4034

https://github.com/alikarimi999/CVE-2021-40346

https://github.com/thatstraw/CVE-2021-4034

https://github.com/scent2d/PoC-CVE-2021-4034

https://github.com/nel0x/pwnkit-vulnerability

https://github.com/Audiobahn/CVE-2021-4034

https://github.com/tahaafarooq/poppy

https://github.com/EstamelGG/CVE-2021-4034-NoGCC

https://github.com/Ankit-Ojha16/CVE-2021-4034

https://github.com/Pixailz/CVE-2021-4034

https://github.com/ck00004/CVE-2021-4034

https://github.com/knqyf263/CVE-2021-40346

https://github.com/kimusan/pkwner

https://github.com/Anonymous-Family/CVE-2021-4034

https://github.com/gbrsh/CVE-2021-4034

https://github.com/dzonerzy/poc-cve-2021-4034

https://github.com/ly4k/PwnKit

https://github.com/deoxykev/CVE-2021-4034-Rust

https://github.com/Plethore/CVE-2021-4034

https://github.com/Silencecyber/cve-2021-4034

https://github.com/rvizx/CVE-2021-4034

https://github.com/pengalaman-1t/CVE-2021-4034

https://github.com/jostmart/-CVE-2021-4034

https://github.com/rhin0cer0s/CVE-2021-4034

https://github.com/jm33-m0/emp3r0r

https://github.com/n3rdh4x0r/CVE-2021-4034

https://github.com/teelrabbit/Polkit-pkexec-exploit-for-Linux

https://github.com/Al1ex/LinuxEelvation

https://github.com/Yakumwamba/POC-CVE-2021-4034

https://github.com/defhacks/cve-2021-4034

https://github.com/hohn/codeql-sample-polkit

https://github.com/battleoverflow/CVE-2021-4034

https://github.com/JohnHammond/CVE-2021-4034

https://github.com/TanmoyG1800/CVE-2021-4034

https://github.com/x04000/AutoPwnkit

https://github.com/callrbx/pkexec-lpe-poc

https://github.com/NeonWhiteRabbit/CVE-2021-4034-BASH-One-File-Exploit

https://github.com/Immersive-Labs-Sec/CVE-2021-4034

https://github.com/codiobert/pwnkit-scanner

https://github.com/chenaotian/CVE-2021-4034

https://github.com/OXDBXKXO/ez-pwnkit

https://github.com/zhzyker/CVE-2021-4034

https://github.com/NeonWhiteRabbit/CVE-2021-4034

https://github.com/NiS3x/CVE-2021-4034

https://github.com/donky16/CVE-2021-40346-POC

https://github.com/Fato07/Pwnkit-exploit

https://github.com/pyhrr0/pwnkit

https://github.com/Pol-Ruiz/CVE-2021-4034

https://github.com/luckythandel/CVE-2021-4034

https://github.com/Al1ex/CVE-2021-4034

https://github.com/0xalwayslucky/log4j-polkit-poc

https://github.com/Ayrx/CVE-2021-4034

https://github.com/joeammond/CVE-2021-4034

https://github.com/0x4ndy/CVE-2021-4034-PoC

https://github.com/Jesrat/make_me_root

https://github.com/moldabekov/CVE-2021-4034

https://github.com/clubby789/CVE-2021-4034

https://github.com/locksec/CVE-2021-4034

https://github.com/JoyGhoshs/CVE-2021-4034

https://github.com/An00bRektn/CVE-2021-4034

https://github.com/c3l3si4n/pwnkit

https://github.com/Kirill89/CVE-2021-4034

https://github.com/navisec/CVE-2021-4034-PwnKit

https://github.com/ayypril/CVE-2021-4034

https://github.com/TheJoyOfHacking/berdav-CVE-2021-4034

https://github.com/v-rzh/CVE-2021-4034

malmoeb@infosec.exchange at 2025-03-30T13:02:24.000Z ##

An attacker gained remote code execution on an outdated, internet-facing web application. The .bash_history of the compromised user (tomcat) revealed that the attacker had downloaded "PwnKit" from GitHub - an exploit targeting CVE-2021-4034, a well-known privilege escalation vulnerability.

Out of curiosity, I read about the vulnerability, its mechanics, and, most importantly, the forensic traces it might leave behind. I found this well-written article that provides an excellent breakdown:

The Tale of CVE-2021-4034 (PwnKit) – The 13-Year-Old Bug [1]

It even includes a "Detecting Compromise" section—thank you! ❤️

I always emphasize to our analysts the importance of studying attack techniques and reviewing exploit source code. Even if everything isn’t immediately clear, you might identify hardcoded values within the code that serve as valuable IOCs for targeted threat-hunting.

[1] hackthebox.com/blog/The-tale-o

##

CVE-2024-25108
(9.9 CRITICAL)

EPSS: 0.29%

updated 2024-10-11T21:35:12

2 posts

### Summary When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between `v0.10.4` and `v0.11.9`, inclusive. A proof of concept of this vulnerability exists.

thisismissem@hachyderm.io at 2025-04-02T13:05:16.000Z ##

This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.

You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.

I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)

#fediverse #security #nivenly #FediverseSecurityFund

RE: hachyderm.io/@nivenly/11426849

##

thisismissem@hachyderm.io at 2025-04-02T13:05:16.000Z ##

This is a program that I've been championing within @nivenly over the past year, after we noticed that security vulnerabilities weren't being disclosed responsibly, and not enough research was going into the security of Fediverse software.

You might remember my Pixelfed vulnerability from last year, where OAuth scopes weren't checked allowing for privilege escalation via the API (CVE-2024-25108), that was our very first test-case of this program.

I'm incredibly proud to be involved in launching the Fediverse Security Fund from Nivenly Foundation (a 501(c)4 not-for-profit cooperative)

#fediverse #security #nivenly #FediverseSecurityFund

RE: hachyderm.io/@nivenly/11426849

##

CVE-2024-8690
(4.4 MEDIUM)

EPSS: 0.03%

updated 2024-10-03T03:31:11

1 posts

A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity.

CVE-2024-20439
(9.8 CRITICAL)

EPSS: 88.54%

updated 2024-09-13T21:31:22

3 posts

A vulnerability in Cisco Smart Licensing Utility could allow an unauthenticated, remote attacker to log in to an affected system by using a static administrative credential. This vulnerability is due to an undocumented static user credential for an administrative account. An attacker could exploit this vulnerability by using the static credentials to log in to the affected system. A successful ex

Nuclei template

AAKL@infosec.exchange at 2025-04-01T15:07:09.000Z ##

CISA: April is Emergency Communications Month! cisa.gov/news-events/news/apri

From yesterday: CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability added to the KEV catalogue cve.org/CVERecord?id=CVE-2024- #Cisco #cybersecurity #Infosec

##

rogeragrimes@infosec.exchange at 2025-03-31T21:21:30.000Z ##

Cisco has a hard-coded credential. As bad as this sounds, this happens because we do not teach our programmers that it is very bad to do. It's happening in 100 other new software programs being coded today for the same reason.

cve.org/CVERecord?id=CVE-2024-

##

cisakevtracker@mastodon.social at 2025-03-31T19:01:00.000Z ##

CVE ID: CVE-2024-20439
Vendor: Cisco
Product: Smart Licensing Utility
Date Added: 2025-03-31
Vulnerability: Cisco Smart Licensing Utility Static Credential Vulnerability
Notes: sec.cloudapps.cisco.com/securi ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2023-38408
(9.8 CRITICAL)

EPSS: 45.31%

updated 2024-04-19T05:07:56

1 posts

The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.

7 repos

https://github.com/Nick-Morbid/cve-2023-38408

https://github.com/classic130/CVE-2023-38408

https://github.com/wxrdnx/CVE-2023-38408

https://github.com/LucasPDiniz/CVE-2023-38408

https://github.com/mrtacojr/CVE-2023-38408

https://github.com/fazilbaig1/cve_2023_38408_scanner

https://github.com/kali-mx/CVE-2023-38408

teleclimber@social.tchncs.de at 2025-03-25T19:10:31.000Z ##

Uh, is it normal for an automated #security scanner to be unaware of #debian patched packages?

Like how OpenSSH 9.2p1 is vulnerable to CVE-2023-38408 but the Debian version 1:9.2p1-2+deb12u5 is patched. But the security scanner sees the "9.2p1" string and sounds the alarm.

security-tracker.debian.org/tr

Is this a common problem for people running Debian servers?

##

CVE-2024-3721
(6.3 MEDIUM)

EPSS: 32.65%

updated 2024-04-13T12:30:30

1 posts

A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573

sans_isc@infosec.exchange at 2025-03-25T15:17:43.000Z ##

X-Wiki Search Vulnerability exploit attempts (CVE-2024-3721) isc.sans.edu/diary/31800

##

CVE-2019-9874
(9.8 CRITICAL)

EPSS: 33.80%

updated 2024-04-04T00:50:10

3 posts

Deserialization of Untrusted Data in the Sitecore.Security.AntiCSRF (aka anti CSRF) module in Sitecore CMS 7.0 to 7.2 and Sitecore XP 7.5 to 8.2 allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN.

0x40k@infosec.exchange at 2025-03-28T10:53:19.000Z ##

Whoa, CISA adding *old* Sitecore vulns (CVE-2019-9874/9875) to the KEV list now? It's kinda wild how long these things can lurk undetected, right? 🙈 That deserialization stuff is just nasty business – perfect recipe for some serious RCE.

Actually, this reminds me of a recent gig. The client was totally convinced everything was running smoothly... right up until the pentest report landed. 💥 Yeah, that "smooth sailing" vibe vanished *real* quick.

It really hammers home that you just can't let your guard down. Patch management isn't some simple click-and-forget deal, folks! You've gotta be proactive: checking those logs, hardening systems properly. And here's the kicker: *regular penetration testing is absolutely essential*. Seriously, automated scans alone just don't cut it – not even close.

So, who else has stumbled across these kinds of "old but gold" vulnerabilities lurking in the shadows? Drop your war stories below! 👇

#CyberSecurity #Pentesting #Sitecore #CISA #SecurityFail #RCE #InfoSec

##

AAKL@infosec.exchange at 2025-03-27T18:08:59.000Z ##

New: CISA has updated the KEV catalogue.

- CVE-2025-2783: Google Chromium Mojo Sandbox Escape Vulnerability cve.org/CVERecord?id=CVE-2025-

- Added yesterday:

- CVE-2019-9874: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability cve.org/CVERecord?id=CVE-2019-

- CVE-2019-9875: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability cve.org/CVERecord?id=CVE-2019- #CISA #cybersecurity #infosec #Google

##

cisakevtracker@mastodon.social at 2025-03-26T19:01:15.000Z ##

CVE ID: CVE-2019-9874
Vendor: Sitecore
Product: CMS and Experience Platform (XP)
Date Added: 2025-03-26
Vulnerability: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
Notes: support.sitecore.com/kb?id=kb_ ; nvd.nist.gov/vuln/detail/CVE-2
CVE URL: nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-0402
(10.0 CRITICAL)

EPSS: 24.75%

updated 2024-01-26T03:30:25

2 posts

An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace.

1 repos

https://github.com/doyensec/malicious-devfile-registry

CVE-2014-0401(CVSS UNKNOWN)

EPSS: 0.41%

updated 2023-02-01T05:07:50

1 posts

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

CVE-2021-32471(CVSS UNKNOWN)

EPSS: 5.43%

updated 2023-01-29T05:06:13

1 posts

Insufficient input validation in the Marvin Minsky 1967 implementation of the Universal Turing Machine allows program users to execute arbitrary code via crafted data. For example, a tape head may have an unexpected location after the processing of input composed of As and Bs (instead of 0s and 1s). NOTE: the discoverer states "this vulnerability has no real-world implications."

1 repos

https://github.com/intrinsic-propensity/turing-machine

CVE-2025-30215
(0 None)

EPSS: 0.00%

1 posts

N/A

timov@chaos.social at 2025-04-02T08:34:32.000Z ##

#natsio attention CVE-2025-30215 marked as CRITICAL according to github.com/nats-io/nats-server and github.com/nats-io/nats-server „This is a binary-only release containing fixes for CVE-2025-30215, a CRITICAL severity vulnerability affecting all NATS Server versions from v2.2.0, prior to v2.11.1 or v2.10.27. Public disclosure of the details, including the source code, will be made available no sooner than a week from the release date. All environments should update as soon as possible. …“

##

CVE-2025-31122
(0 None)

EPSS: 0.04%

1 posts

N/A

cR0w@infosec.exchange at 2025-03-31T17:16:39.000Z ##

This looks like a small project and I'm not trying to throw stones here. I am posting this as a legitimate learning opportunity for people.

github.com/Scratch-Coding-Hut/

sev:CRIT 9.0 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field.

So basically you can use a login link to login to any account you want to hack into without any effort. We need to fix this! There is a username thingy that you can use to hack into any account, but please don’t abuse this feature!

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2025-29495
(0 None)

EPSS: 0.00%

1 posts

N/A

FritzAdalis@infosec.exchange at 2025-03-27T16:19:38.000Z ##

@cR0w
Wonder what happened with cve-2025-29495...

##

cR0w@infosec.exchange at 2025-03-25T20:09:23.000Z ##

Moar hacking in space!

github.com/nasa/CryptoLib/secu

sec:CRIT 9.4 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.3 and prior, a Heap Overflow vulnerability occurs in the Crypto_TM_ProcessSecurity function (crypto_tm.c:1735:8). When processing the Secondary Header Length of a TM protocol packet, if the Secondary Header Length exceeds the packet's total length, a heap overflow is triggered during the memcpy operation that copies packet data into the dynamically allocated buffer p_new_dec_frame. This allows an attacker to overwrite adjacent heap memory, potentially leading to arbitrary code execution or system instability. A patch is available at commit 810fd66d592c883125272fef123c3240db2f170f.

nvd.nist.gov/vuln/detail/CVE-2

##

CVE-2024-55963
(0 None)

EPSS: 0.03%

1 posts

N/A

Visit counter For Websites