Les dernières vulnérabilités publiées sur la National Vulnerability Database (NVD)

CVE-2024-55895 - IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-55895
Partager : LinkedIn / Twitter / Facebook

CVE-2024-11180 - The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer Widget ekit_countdown_timer_title parameter in all versions up to, and including, 3.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-11180
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2840 - The DAP to Autoresponders Email Syncing plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2840
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2803 - The So-Called Air Quotes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 0.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2803
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2266 - The Checkout Mestres do WP for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the cwmpUpdateOptions() function in versions 8.6.5 to 8.7.5. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site.
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2266
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2249 - The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj_soundslides_options_subpanel() function in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2249
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2006 - The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the "Allow guest users without accounts to create topics and replies" setting is enabled.
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2006
Partager : LinkedIn / Twitter / Facebook

CVE-2024-13557 - The Shortcodes by United Themes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.1.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-13557
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1217 - In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-1217
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31374 - Rejected reason: Not used
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31374
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31373 - Rejected reason: Not used
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31373
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31372 - Rejected reason: Not used
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31372
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31371 - Rejected reason: Not used
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31371
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31370 - Rejected reason: Not used
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31370
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31369 - Rejected reason: Not used
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31369
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31368 - Rejected reason: Not used
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31368
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31367 - Rejected reason: Not used
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31367
Partager : LinkedIn / Twitter / Facebook

CVE-2024-7577 - IBM InfoSphere Information Server 11.7 could disclose sensitive user credentials from log files during new installation of the product.
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-7577
Partager : LinkedIn / Twitter / Facebook

CVE-2024-51477 - IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-51477
Partager : LinkedIn / Twitter / Facebook

CVE-2024-43186 - IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that is stored locally under certain conditions.
29/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-43186
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2782 - The WatchGuard Terminal Services Agent on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Terminal Services Agent: from 12.0 through 12.10.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2782
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2781 - The WatchGuard Mobile VPN with SSL Client on Windows does not properly configure directory permissions when installed in a non-default directory. This could allow an authenticated local attacker to escalate to SYSTEM privileges on a vulnerable system. This issue affects Mobile VPN with SSL Client: from 11.0 through 12.11.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2781
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28097 - OneNav 1.1.0 is vulnerable to Cross Site Scripting (XSS) in custom headers.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28097
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28096 - OneNav 1.1.0 is vulnerable to Server-Side Request Forgery (SSRF) in custom headers.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28096
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28094 - shopxo v6.4.0 has a ssrf/xss vulnerability in multiple places.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28094
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28093 - ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) in Email Settings.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28093
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28092 - ShopXO v6.4.0 is vulnerable to Server-Side Request Forgery (SSRF) via image upload function.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28092
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28091 - maccms10 v2025.1000.4047 has a Server-Side Request Forgery (SSRF) vulnerability via Add Article.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28091
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28090 - maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) in the Collection Custom Interface feature.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28090
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28089 - maccms10 v2025.1000.4047 is vulnerable to Server-Side Request Forgery (SSRF) via the Scheduled Task function.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28089
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28087 - Sourcecodester Online Exam System 1.0 is vulnerable to SQL Injection via dash.php.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28087
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25579 - TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Command Injection in /bin/boa via bandstr.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-25579
Partager : LinkedIn / Twitter / Facebook

CVE-2024-58130 - In app/Controller/Component/RestResponseComponent.php in MISP before 2.4.193, REST endpoints have a lack of sanitization for non-JSON responses.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-58130
Partager : LinkedIn / Twitter / Facebook

CVE-2024-58129 - In MISP before 2.4.193, menu_custom_right_link_html parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks against every page.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-58129
Partager : LinkedIn / Twitter / Facebook

CVE-2024-58128 - In MISP before 2.4.193, menu_custom_right_link parameters can be set via the UI (i.e., without using the CLI) and thus attackers with admin privileges can conduct XSS attacks via a global menu link.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-58128
Partager : LinkedIn / Twitter / Facebook

CVE-2024-23338 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-53427. Reason: This candidate is a duplicate of CVE-2024-53427. Notes: All CVE users should reference CVE-2024-53427 instead of this candidate.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-23338
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2927 - A vulnerability was found in ESAFENET CDG 5.6.3.154.205. It has been classified as critical. Affected is an unknown function of the file /parameter/getFileTypeList.jsp. The manipulation of the argument typename leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2927
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28256 - An issue in TOTOLINK A3100R V4.1.2cu.5247_B20211129 allows a remote attacker to execute arbitrary code via the setWebWlanIdx of the file /lib/cste_modules/wireless.so.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28256
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28254 - Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions().
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28254
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22953 - A SQL injection vulnerability exists in the Epicor HCM 2021 1.9, specifically in the filter parameter of the JsonFetcher.svc endpoint. An attacker can exploit this vulnerability by injecting malicious SQL payloads into the filter parameter, enabling the unauthorized execution of arbitrary SQL commands on the backend database. If certain features (like xp_cmdshell) are enabled, this may lead to remote code execution.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22953
Partager : LinkedIn / Twitter / Facebook

CVE-2024-6875 - A vulnerability was found in the Infinispan component in Red Hat Data Grid. The REST compare API may have a buffer leak and an out of memory error can occur when sending continual requests with large POST data to the REST API.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-6875
Partager : LinkedIn / Twitter / Facebook

CVE-2024-57083 - A prototype pollution in the component Module.mergeObjects (redoc/bundles/redoc.lib.js:2) of redoc
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-57083
Partager : LinkedIn / Twitter / Facebook

CVE-2024-56975 - InvoicePlane (all versions tested as of December 2024) v.1.6.11 and before contains a remote code execution vulnerability in the upload_file method of the Upload controller.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-56975
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38988 - alizeait unflatto
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-38988
Partager : LinkedIn / Twitter / Facebook

CVE-2024-38985 - janryWang products depath v1.0.6 and cool-path v1.1.2 were discovered to contain a prototype pollution via the set() method at setIn (lib/index.js:90). This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-38985
Partager : LinkedIn / Twitter / Facebook

CVE-2024-24292 - A Prototype Pollution issue in Aliconnect /sdk v.0.0.6 allows an attacker to execute arbitrary code via the aim function in the aim.js component.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-24292
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2926 - A vulnerability was found in HDF5 up to 1.14.6 and classified as problematic. This issue affects the function H5O__cache_chk_serialize of the file src/H5Ocache.c. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2926
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2925 - A vulnerability has been found in HDF5 up to 1.14.6 and classified as problematic. This vulnerability affects the function H5MM_realloc of the file src/H5MM.c. The manipulation of the argument mem leads to double free. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2925
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2924 - A vulnerability, which was classified as problematic, was found in HDF5 up to 1.14.6. This affects the function H5HL__fl_deserialize of the file src/H5HLcache.c. The manipulation of the argument free_block leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2924
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2923 - A vulnerability, which was classified as problematic, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5F_addr_encode_len of the file src/H5Fint.c. The manipulation of the argument pp leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2923
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2922 - A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2922
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31164 - heap-buffer overflow in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via create_line_with_spline.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31164
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31163 - Segmentation fault in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via put_patternarc function.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31163
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31162 - Floating point exception in fig2dev in version 3.2.9a allows an attacker to availability via local input manipulation via get_slope function.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31162
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2921 - A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Affected is an unknown function of the file /etc/passwd. The manipulation with the input Realtek leads to use of default password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2921
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2920 - A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /?tc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2920
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2919 - A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2919
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2917 - A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2917
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2916 - A vulnerability, which was classified as critical, has been found in Aishida Call Center System up to 20250314. This issue affects some unknown processing of the file /doscall/weixin/open/amr2mp3. The manipulation of the argument File leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2916
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2915 - A vulnerability classified as problematic was found in HDF5 up to 1.14.6. This vulnerability affects the function H5F__accum_free of the file src/H5Faccum.c. The manipulation of the argument overlap_size leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2915
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2914 - A vulnerability classified as problematic has been found in HDF5 up to 1.14.6. This affects the function H5FS__sinfo_Srialize_Sct_cb of the file src/H5FScache.c. The manipulation of the argument sect leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2914
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2913 - A vulnerability was found in HDF5 up to 1.14.6. It has been rated as problematic. Affected by this issue is the function H5FL__blk_gc_list of the file src/H5FL.c. The manipulation of the argument H5FL_blk_head_t leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2913
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2912 - A vulnerability was found in HDF5 up to 1.14.6. It has been declared as problematic. Affected by this vulnerability is the function H5O_msg_flush of the file src/H5Omessage.c. The manipulation of the argument oh leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2912
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2713 - Google gVisor's runsc component exhibited a local privilege escalation vulnerability due to incorrect handling of file access permissions, which allowed unprivileged users to access restricted files. This occurred because the process initially ran with root-like permissions until the first fork.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2713
Partager : LinkedIn / Twitter / Facebook

CVE-2025-31010 - Cross-Site Request Forgery (CSRF) vulnerability in ReichertBrothers SimplyRETS Real Estate IDX allows Cross Site Request Forgery. This issue affects SimplyRETS Real Estate IDX: from n/a through 3.0.3.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-31010
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30372 - Emlog is an open source website building system. Emlog Pro versions pro-2.5.7 and pro-2.5.8 contain an SQL injection vulnerability. `search_controller.php` does not use addslashes after urldecode, allowing the preceeding addslashes to be bypassed by URL double encoding. This could result in potential leakage of sensitive information from the user database. Version pro-2.5.9 fixes the issue.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30372
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30371 - Metabase is a business intelligence and embedded analytics tool. Versions prior to v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8 are vulnerable to circumvention of local link access protection in GeoJson endpoint. Self hosted Metabase instances that are using the GeoJson feature could be potentially impacted if their Metabase is colocated with other unsecured resources. This is fixed in v0.52.16.4, v1.52.16.4, v0.53.8, and v1.53.8. Migrating to Metabase Cloud or redeploying Metabase in a dedicated subnet with strict outbound port controls is an available workaround.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30371
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30211 - Erlang/OTP is a set of libraries for the Erlang programming language. Prior to versions OTP-27.3.1, 26.2.5.10, and 25.3.2.19, a maliciously formed KEX init message can result with high memory usage. Implementation does not verify RFC specified limits on algorithm names (64 characters) provided in KEX init message. Big KEX init packet may lead to inefficient processing of the error data. As a result, large amount of memory will be allocated for processing malicious data. Versions OTP-27.3.1, OTP-26.2.5.10, and OTP-25.3.2.19 fix the issue. Some workarounds are available. One may set option `parallel_login` to `false` and/or reduce the `max_sessions` option.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-30211
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29928 - authentik is an open-source identity provider. Prior to versions 2024.12.4 and 2025.2.3, when authentik was configured to use the database for session storage (which is a non-default setting), deleting sessions via the Web Interface or the API would not revoke the session and the session holder would continue to have access to authentik. authentik 2025.2.3 and 2024.12.4 fix this issue. Switching to the cache-based session storage until the authentik instance can be upgraded is recommended. This will however also delete all existing sessions and users will have to re-authenticate.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-29928
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22767 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in globalpayments GlobalPayments WooCommerce allows Reflected XSS. This issue affects GlobalPayments WooCommerce: from n/a through 1.13.0.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22767
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22575 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in extendyourweb SUPER RESPONSIVE SLIDER allows Reflected XSS. This issue affects SUPER RESPONSIVE SLIDER: from n/a through 1.4.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22575
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22566 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ULTIMATE VIDEO GALLERY allows Reflected XSS. This issue affects ULTIMATE VIDEO GALLERY: from n/a through 1.4.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22566
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22526 - Deserialization of Untrusted Data vulnerability in NotFound PHP/MySQL CPU performance statistics allows Object Injection. This issue affects PHP/MySQL CPU performance statistics: from n/a through 1.2.1.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22526
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22523 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Schedule allows Blind SQL Injection. This issue affects Schedule: from n/a through 1.0.0.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22523
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22501 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Improve My City Improve My City allows Reflected XSS. This issue affects Improve My City: from n/a through 1.6.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22501
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22360 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WP Azure offload allows Reflected XSS. This issue affects WP Azure offload: from n/a through 2.0.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22360
Partager : LinkedIn / Twitter / Facebook

CVE-2025-22356 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stencies Stencies allows Reflected XSS. This issue affects Stencies: from n/a through 0.58.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-22356
Partager : LinkedIn / Twitter / Facebook

CVE-2024-54362 - Path Traversal vulnerability in NotFound GetShop ecommerce allows Path Traversal. This issue affects GetShop ecommerce: from n/a through 1.3.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-54362
Partager : LinkedIn / Twitter / Facebook

CVE-2024-54291 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in NotFound PluginPass allows Manipulating Web Input to File System Calls. This issue affects PluginPass: from n/a through 0.9.10.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-54291
Partager : LinkedIn / Twitter / Facebook

CVE-2024-51624 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jajapagamentos Já-Já Pagamentos for WooCommerce allows Reflected XSS. This issue affects Já-Já Pagamentos for WooCommerce: from n/a through 1.3.0.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-51624
Partager : LinkedIn / Twitter / Facebook

CVE-2024-48615 - Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-48615
Partager : LinkedIn / Twitter / Facebook

CVE-2024-39311 - Publify is a self hosted Web publishing platform on Rails. Prior to version 10.0.1 of Publify, corresponding to versions prior to 10.0.2 of the `publify_core` rubygem, publisher on a `publify` application is able to perform a cross-site scripting (XSS) attack on an administrator using the redirect functionality. The exploitation of this XSS vulnerability requires the administrator to click a malicious link. An attack could attempt to hide their payload by using HTML, or other encodings, as to not make it obvious to an administrator that this is a malicious link. A publisher may attempt to use this vulnerability to escalate their privileges and become an administrator. Version 10.0.1 of Publify and version 10.0.2 of the `publify_core` rubygem fix the issue.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-39311
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2901 - A flaw was found in the JBoss EAP Management Console, where a stored Cross-site scripting vulnerability occurs when an application improperly sanitizes user input before storing it in a data store. When this stored data is later included in web pages without adequate sanitization, malicious scripts can execute in the context of users who view these pages, leading to potential data theft, session hijacking, or other malicious activities.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2901
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2877 - A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2877
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2865 - SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code (resources) stored on another malicious website owned by the attacker.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2865
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2864 - SaTECH BCU in its firmware version 2.1.3 allows an attacker to inject malicious code into the legitimate website owning the affected device, once the cookie is set. This attack only impacts the victim's browser (reflected XSS).
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2864
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2863 - Cross-site request forgery (CSRF) vulnerability in the web application of saTECH BCU firmware version 2.1.3, which could allow an unauthenticated local attacker to exploit active administrator sessions and perform malicious actions. The malicious actions that can be executed by the attacker depend on the logged-in user, and may include rebooting the device or modifying roles and permissions.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2863
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2862 - SaTECH BCU, in its firmware version 2.1.3, performs weak password encryption. This allows an attacker with access to the device's system or website to obtain the credentials, as the storage methods used are not strong enough in terms of encryption.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2862
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2861 - SaTECH BCU in its firmware version 2.1.3 uses the HTTP protocol. The use of the HTTP protocol for web browsing has the problem that information is exchanged in unencrypted text. Since sensitive data such as credentials are exchanged, an attacker could obtain them and log in legitimately.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2861
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2860 - SaTECH BCU in its firmware version 2.1.3, allows an authenticated attacker to access information about the credentials that users have within the web (.xml file). In order to exploit this vulnerability, the attacker must know the path, regardless of the user's privileges on the website.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2860
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2859 - An attacker with access to the network where the vulnerable device is located could capture traffic and obtain cookies from the user, allowing them to steal a user's active session and make changes to the device via the web, depending on the privileges obtained by the user.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2859
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2858 - Privilege escalation vulnerability in the saTECH BCU firmware version 2.1.3. An attacker with access to the CLI of the device could make use of the nice command to bypass all restrictions and elevate privileges as a superuser.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2858
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28221 - Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the set_local_time function, which allows remote attackers to cause web server crash via parameter time passed to the binary through a POST request.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28221
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28220 - Tenda W6_S v1.0.0.4_510 has a Buffer Overflow vulnerability in the setcfm function, which allows remote attackers to cause web server crash via parameter funcpara1 passed to the binary through a POST request.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28220
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28219 - Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-28219
Partager : LinkedIn / Twitter / Facebook

CVE-2025-1781 - There is a XXE in W3CSS Validator versions before cssval-20250226 that allows an attacker to use specially-crafted XML objects to coerce server-side request forgery (SSRF). This could be exploited to read arbitrary local files if an attacker has access to exception messages.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-1781
Partager : LinkedIn / Twitter / Facebook

CVE-2025-0986 - IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data loss or errors when performing gzip compression using HW acceleration.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-0986
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2911 - Unauthorised access to the call forwarding service system in MeetMe products in versions prior to 2024-09 allows an attacker to identify multiple users and perform brute force attacks via extensions.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2911
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2910 - User enumeration in the password reset module of the MeetMe authentication service in versions prior to 2024-09 allows an attacker to determine whether an email address is registered through specific error messages.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2910
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2909 - The lack of encryption in the DuoxMe (formerly Blue) application binary in versions prior to 3.3.1 for iOS devices allows an attacker to gain unauthorised access to the application code and discover sensitive information.
28/03/2025 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2025-2909
Partager : LinkedIn / Twitter / Facebook

Soutenez No Hack Me sur Tipeee

Les annonces ayant été modifiées dernièrement

CVE-2025-31160 - atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.
29/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-31160
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28253 - Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Dashboard v5.3.4 exists in class/class-mainwp-post-handler.php, where unsanitized user input from $_POST['sites'], $_POST['clients'], and $_POST['search'] is passed into the MainWP_User::render_table function. Despite using sanitize_text_field and wp_unslash, the values are not adequately protected against HTML or script injection. This flaw could allow an attacker to inject malicious scripts.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28253
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30093 - HTCondor 23.0.x before 23.0.22, 23.10.x before 23.10.22, 24.0.x before 24.0.6, and 24.6.x before 24.6.1 allows authenticated attackers to bypass authorization restrictions.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-30093
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29306 - An issue in FoxCMS v.1.2.5 allows a remote attacker to execute arbitrary code via the case display page in the index.html component.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29306
Partager : LinkedIn / Twitter / Facebook

CVE-2023-53027 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-53027
Partager : LinkedIn / Twitter / Facebook

CVE-2023-53003 - In the Linux kernel, the following vulnerability has been resolved: EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info The memory for llcc_driv_data is allocated by the LLCC driver. But when it is passed as the private driver info to the EDAC core, it will get freed during the qcom_edac driver release. So when the qcom_edac driver gets probed again, it will try to use the freed data leading to the use-after-free bug. Hence, do not pass llcc_driv_data as pvt_info but rather reference it using the platform_data pointer in the qcom_edac driver.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-53003
Partager : LinkedIn / Twitter / Facebook

CVE-2023-52935 - In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix ->anon_vma race If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requires it to be locked. Page table traversal is allowed under any one of the mmap lock, the anon_vma lock (if the VMA is associated with an anon_vma), and the mapping lock (if the VMA is associated with a mapping); and so to be able to remove page tables, we must hold all three of them. retract_page_tables() bails out if an ->anon_vma is attached, but does this check before holding the mmap lock (as the comment above the check explains). If we racily merged an existing ->anon_vma (shared with a child process) from a neighboring VMA, subsequent rmap traversals on pages belonging to the child will be able to see the page tables that we are concurrently removing while assuming that nothing else can access them. Repeat the ->anon_vma check once we hold the mmap lock to ensure that there really is no concurrent page table access. Hitting this bug causes a lockdep warning in collapse_and_free_pmd(), in the line "lockdep_assert_held_write(&vma->anon_vma->root->rwsem)". It can also lead to use-after-free access.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-52935
Partager : LinkedIn / Twitter / Facebook

CVE-2023-52931 - In the Linux kernel, the following vulnerability has been resolved: drm/i915: Avoid potential vm use-after-free Adding the vm to the vm_xa table makes it visible to userspace, which could try to race with us to close the vm. So we need to take our extra reference before putting it in the table. (cherry picked from commit 99343c46d4e2b34c285d3d5f68ff04274c2f9fb4)
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2023-52931
Partager : LinkedIn / Twitter / Facebook

CVE-2022-49761 - In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in run_one_delayed_ref() Currently we have a btrfs_debug() for run_one_delayed_ref() failure, but if end users hit such problem, there will be no chance that btrfs_debug() is enabled. This can lead to very little useful info for debugging. This patch will: - Add extra info for error reporting Including: * logical bytenr * num_bytes * type * action * ref_mod - Replace the btrfs_debug() with btrfs_err() - Move the error reporting into run_one_delayed_ref() This is to avoid use-after-free, the @node can be freed in the caller. This error should only be triggered at most once. As if run_one_delayed_ref() failed, we trigger the error message, then causing the call chain to error out: btrfs_run_delayed_refs() `- btrfs_run_delayed_refs() `- btrfs_run_delayed_refs_for_head() `- run_one_delayed_ref() And we will abort the current transaction in btrfs_run_delayed_refs(). If we have to run delayed refs for the abort transaction, run_one_delayed_ref() will just cleanup the refs and do nothing, thus no new error messages would be output.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2022-49761
Partager : LinkedIn / Twitter / Facebook

CVE-2022-49755 - In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait While performing fast composition switch, there is a possibility that the process of ffs_ep0_write/ffs_ep0_read get into a race condition due to ep0req being freed up from functionfs_unbind. Consider the scenario that the ffs_ep0_write calls the ffs_ep0_queue_wait by taking a lock &ffs->ev.waitq.lock. However, the functionfs_unbind isn't bounded so it can go ahead and mark the ep0req to NULL, and since there is no NULL check in ffs_ep0_queue_wait we will end up in use-after-free. Fix this by making a serialized execution between the two functions using a mutex_lock(ffs->mutex).
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2022-49755
Partager : LinkedIn / Twitter / Facebook

CVE-2022-49753 - In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of client_count in dma_chan_get() The first time dma_chan_get() is called for a channel the channel client_count is incorrectly incremented twice for public channels, first in balance_ref_count(), and again prior to returning. This results in an incorrect client count which will lead to the channel resources not being freed when they should be. A simple test of repeated module load and unload of async_tx on a Dell Power Edge R7425 also shows this resulting in a kref underflow warning. [ 124.329662] async_tx: api initialized (async) [ 129.000627] async_tx: api initialized (async) [ 130.047839] ------------[ cut here ]------------ [ 130.052472] refcount_t: underflow; use-after-free. [ 130.057279] WARNING: CPU: 3 PID: 19364 at lib/refcount.c:28 refcount_warn_saturate+0xba/0x110 [ 130.065811] Modules linked in: async_tx(-) rfkill intel_rapl_msr intel_rapl_common amd64_edac edac_mce_amd ipmi_ssif kvm_amd dcdbas kvm mgag200 drm_shmem_helper acpi_ipmi irqbypass drm_kms_helper ipmi_si syscopyarea sysfillrect rapl pcspkr ipmi_devintf sysimgblt fb_sys_fops k10temp i2c_piix4 ipmi_msghandler acpi_power_meter acpi_cpufreq vfat fat drm fuse xfs libcrc32c sd_mod t10_pi sg ahci crct10dif_pclmul libahci crc32_pclmul crc32c_intel ghash_clmulni_intel igb megaraid_sas i40e libata i2c_algo_bit ccp sp5100_tco dca dm_mirror dm_region_hash dm_log dm_mod [last unloaded: async_tx] [ 130.117361] CPU: 3 PID: 19364 Comm: modprobe Kdump: loaded Not tainted 5.14.0-185.el9.x86_64 #1 [ 130.126091] Hardware name: Dell Inc. PowerEdge R7425/02MJ3T, BIOS 1.18.0 01/17/2022 [ 130.133806] RIP: 0010:refcount_warn_saturate+0xba/0x110 [ 130.139041] Code: 01 01 e8 6d bd 55 00 0f 0b e9 72 9d 8a 00 80 3d 26 18 9c 01 00 75 85 48 c7 c7 f8 a3 03 9d c6 05 16 18 9c 01 01 e8 4a bd 55 00 0b e9 4f 9d 8a 00 80 3d 01 18 9c 01 00 0f 85 5e ff ff ff 48 c7 [ 130.157807] RSP: 0018:ffffbf98898afe68 EFLAGS: 00010286 [ 130.163036] RAX: 0000000000000000 RBX: ffff9da06028e598 RCX: 0000000000000000 [ 130.170172] RDX: ffff9daf9de26480 RSI: ffff9daf9de198a0 RDI: ffff9daf9de198a0 [ 130.177316] RBP: ffff9da7cddf3970 R08: 0000000000000000 R09: 00000000ffff7fff [ 130.184459] R10: ffffbf98898afd00 R11: ffffffff9d9e8c28 R12: ffff9da7cddf1970 [ 130.191596] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 130.198739] FS: 00007f646435c740(0000) GS:ffff9daf9de00000(0000) knlGS:0000000000000000 [ 130.206832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 130.212586] CR2: 00007f6463b214f0 CR3: 00000008ab98c000 CR4: 00000000003506e0 [ 130.219729] Call Trace: [ 130.222192] [ 130.224305] dma_chan_put+0x10d/0x110 [ 130.227988] dmaengine_put+0x7a/0xa0 [ 130.231575] __do_sys_delete_module.constprop.0+0x178/0x280 [ 130.237157] ? syscall_trace_enter.constprop.0+0x145/0x1d0 [ 130.242652] do_syscall_64+0x5c/0x90 [ 130.246240] ? exc_page_fault+0x62/0x150 [ 130.250178] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 130.255243] RIP: 0033:0x7f6463a3f5ab [ 130.258830] Code: 73 01 c3 48 8b 0d 75 a8 1b 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa b8 b0 00 00 00 0f 05 3d 01 f0 ff ff 73 01 c3 48 8b 0d 45 a8 1b 00 f7 d8 64 89 01 48 [ 130.277591] RSP: 002b:00007fff22f972c8 EFLAGS: 00000206 ORIG_RAX: 00000000000000b0 [ 130.285164] RAX: ffffffffffffffda RBX: 000055b6786edd40 RCX: 00007f6463a3f5ab [ 130.292303] RDX: 0000000000000000 RSI: 0000000000000800 RDI: 000055b6786edda8 [ 130.299443] RBP: 000055b6786edd40 R08: 0000000000000000 R09: 0000000000000000 [ 130.306584] R10: 00007f6463b9eac0 R11: 0000000000000206 R12: 000055b6786edda8 [ 130.313731] R13: 0000000000000000 R14: 000055b6786edda8 R15: 00007fff22f995f8 [ 130.320875] [ 130.323081] ---[ end trace eff7156d56b5cf25 ]--- cat /sys/class/dma/dma0chan*/in_use would get the wrong result. 2 2 2 Test-by: Jie Hai
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2022-49753
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29072 - An integer overflow in Nethermind Juno before v.12.05 within the Sierra bytecode decompression logic within the "cairo-lang-starknet-classes" library could allow remote attackers to trigger an infinite loop (and high CPU usage) by submitting a malicious Declare v2/v3 transaction. This results in a denial-of-service condition for affected Starknet full-node implementations.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29072
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28138 - TOTOLINK A800R V4.1.2cu.5137_B20200730 contains a remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28138
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28135 - TOTOLINK A810R V4.1.2cu.5182_B20201026 was found to contain a buffer overflow vulnerability in downloadFile.cgi.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28135
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26265 - A segmentation fault in openairinterface5g v2.1.0 allows attackers to cause a Denial of Service (DoS) via a crafted UE Context Modification response.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-26265
Partager : LinkedIn / Twitter / Facebook

CVE-2025-25686 - semcms
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-25686
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2854 - A vulnerability classified as critical was found in code-projects Payroll Management System 1.0. Affected by this vulnerability is an unknown functionality of the file update_employee.php. The manipulation of the argument emp_type leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2854
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29497 - libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHFILLSTYLES function.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29497
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29496 - libming v0.4.8 was discovered to contain a segmentation fault via the decompileDUPLICATECLIP function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29496
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29494 - libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETMEMBER function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29494
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29493 - libming v0.4.8 was discovered to contain a segmentation fault via the decompileGETPROPERTY function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29493
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29492 - libming v0.4.8 was discovered to contain a segmentation fault via the decompileSETVARIABLE function.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29492
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29491 - An allocation-size-too-big error in the parseSWF_DEFINEBINARYDATA function of libming v0.48 allows attackers to cause a Denial of Service (DoS) via supplying a crafted SWF file.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29491
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29490 - libming v0.4.8 was discovered to contain a segmentation fault via the decompileCALLMETHOD function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29490
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29489 - libming v0.4.8 was discovered to contain a memory leak via the parseSWF_MORPHLINESTYLES function.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29489
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29488 - libming v0.4.8 was discovered to contain a memory leak via the parseSWF_INITACTION function.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29488
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29487 - An out-of-memory error in the parseABC_STRING_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29487
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29486 - libming v0.4.8 was discovered to contain a memory leak via the parseSWF_PLACEOBJECT3 function.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29486
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29485 - libming v0.4.8 was discovered to contain a segmentation fault via the decompileRETURN function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted SWF file.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29485
Partager : LinkedIn / Twitter / Facebook

CVE-2025-29484 - An out-of-memory error in the parseABC_NS_SET_INFO function of libming v0.4.8 allows attackers to cause a Denial of Service (DoS) due to allocator exhaustion.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-29484
Partager : LinkedIn / Twitter / Facebook

CVE-2025-21879 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free on inode when scanning root during em shrinking At btrfs_scan_root() we are accessing the inode's root (and fs_info) in a call to btrfs_fs_closing() after we have scheduled the inode for a delayed iput, and that can result in a use-after-free on the inode in case the cleaner kthread does the iput before we dereference the inode in the call to btrfs_fs_closing(). Fix this by using the fs_info stored already in a local variable instead of doing inode->root->fs_info.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-21879
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2857 - Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. The original vulnerability was being exploited in the wild. *This only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 136.0.4, Firefox ESR < 128.8.1, and Firefox ESR < 115.21.1.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2857
Partager : LinkedIn / Twitter / Facebook

CVE-2025-21867 - In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() KMSAN reported a use-after-free issue in eth_skb_pkt_type()[1]. The cause of the issue was that eth_skb_pkt_type() accessed skb's data that didn't contain an Ethernet header. This occurs when bpf_prog_test_run_xdp() passes an invalid value as the user_data argument to bpf_test_init(). Fix this by returning an error when user_data is less than ETH_HLEN in bpf_test_init(). Additionally, remove the check for "if (user_size > size)" as it is unnecessary. [1] BUG: KMSAN: use-after-free in eth_skb_pkt_type include/linux/etherdevice.h:627 [inline] BUG: KMSAN: use-after-free in eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165 eth_skb_pkt_type include/linux/etherdevice.h:627 [inline] eth_type_trans+0x4ee/0x980 net/ethernet/eth.c:165 __xdp_build_skb_from_frame+0x5a8/0xa50 net/core/xdp.c:635 xdp_recv_frames net/bpf/test_run.c:272 [inline] xdp_test_run_batch net/bpf/test_run.c:361 [inline] bpf_test_run_xdp_live+0x2954/0x3330 net/bpf/test_run.c:390 bpf_prog_test_run_xdp+0x148e/0x1b10 net/bpf/test_run.c:1318 bpf_prog_test_run+0x5b7/0xa30 kernel/bpf/syscall.c:4371 __sys_bpf+0x6a6/0xe20 kernel/bpf/syscall.c:5777 __do_sys_bpf kernel/bpf/syscall.c:5866 [inline] __se_sys_bpf kernel/bpf/syscall.c:5864 [inline] __x64_sys_bpf+0xa4/0xf0 kernel/bpf/syscall.c:5864 x64_sys_call+0x2ea0/0x3d90 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd9/0x1d0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: free_pages_prepare mm/page_alloc.c:1056 [inline] free_unref_page+0x156/0x1320 mm/page_alloc.c:2657 __free_pages+0xa3/0x1b0 mm/page_alloc.c:4838 bpf_ringbuf_free kernel/bpf/ringbuf.c:226 [inline] ringbuf_map_free+0xff/0x1e0 kernel/bpf/ringbuf.c:235 bpf_map_free kernel/bpf/syscall.c:838 [inline] bpf_map_free_deferred+0x17c/0x310 kernel/bpf/syscall.c:862 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa2b/0x1b60 kernel/workqueue.c:3310 worker_thread+0xedf/0x1550 kernel/workqueue.c:3391 kthread+0x535/0x6b0 kernel/kthread.c:389 ret_from_fork+0x6e/0x90 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 CPU: 1 UID: 0 PID: 17276 Comm: syz.1.16450 Not tainted 6.12.0-05490-g9bb88c659673 #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-3.fc41 04/01/2014
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-21867
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2825 - CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2825
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2783 - Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High)
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2783
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2639 - A vulnerability has been found in JIZHICMS up to 1.7.0 and classified as problematic. This vulnerability affects unknown code of the file /user/release.html of the component Article Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
28/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2639
Partager : LinkedIn / Twitter / Facebook

CVE-2025-2787 - KNIME Business Hub is affected by the Ingress-nginx CVE-2025-1974 ( a.k.a IngressNightmare ) vulnerability which affects the ingress-nginx component. In the worst case a complete takeover of the Kubernetes cluster is possible. Since the affected component is only reachable from within the cluster, i.e. requires an authenticated user, the severity in the context of KNIME Business Hub is slightly lower. Besides applying the publicly known workarounds, we strongly recommend updating to one of the following versions of KNIME Business Hub: * 1.13.3 or above * 1.12.4 or above * 1.11.4 or above * 1.10.4 or above *
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-2787
Partager : LinkedIn / Twitter / Facebook

CVE-2024-55965 - An issue was discovered in Appsmith before 1.51. Users invited as "App Viewer" incorrectly have access to development information of a workspace (specifically, a list of datasources in a workspace they're a member of). This information disclosure does not expose sensitive data in the datasources, such as database passwords and API Keys.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-55965
Partager : LinkedIn / Twitter / Facebook

CVE-2025-30073 - An issue was discovered in OPC cardsystems Webapp Aufwertung 2.1.0. The reference assigned to transactions can be reused. When completing a payment, the first or all transactions with the same reference are completed, depending on timing. This can be used to transfer more money onto employee cards than is paid.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-30073
Partager : LinkedIn / Twitter / Facebook

CVE-2025-28361 - Unauthorized stack overflow vulnerability in Telesquare TLR-2005KSH v.1.1.4 allows a remote attacker to obtain sensitive information via the systemutil.cgi component.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-28361
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26011 - Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setUsernamePassword.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-26011
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26010 - Telesquare TLR-2005KSH 1.1.4 allows unauthorized password modification when requesting the admin.cgi parameter with setUserNamePassword.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-26010
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26009 - Telesquare TLR-2005KSH 1.1.4 has an Information Disclosure vulnerability when requesting systemutilit.cgi.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-26009
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26008 - In Telesquare TLR-2005KSH 1.1.4, an unauthorized stack overflow vulnerability exists when requesting admin.cgi parameter with setSyncTimeHost.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-26008
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26007 - Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability in the login interface when requesting systemtil.cgi.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-26007
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26006 - Telesquare TLR-2005KSH 1.1.4 has an unauthorized stack overflow vulnerability when requesting the admin.cgi parameter with setAutorest.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-26006
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26005 - Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack overflow vulnerability when requesting admin.cgi parameter with setNtp.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-26005
Partager : LinkedIn / Twitter / Facebook

CVE-2024-55964 - An issue was discovered in Appsmith before 1.52. An incorrectly configured PostgreSQL instance in the Appsmith image leads to remote command execution inside the Appsmith Docker container. The attacker must be able to access Appsmith, login to it, create a datasource, create a query against that datasource, and execute that query.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-55964
Partager : LinkedIn / Twitter / Facebook

CVE-2024-55963 - An issue was discovered in Appsmith before 1.51. A user on Appsmith that doesn't have admin permissions can trigger the restart API on Appsmith, causing a server restart. This is still within the Appsmith container, and the impact is limited to Appsmith's own server only, but there is a denial of service because it can be continually restarted. This is due to incorrect access control checks, which should check for super user permissions on the incoming request.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2024-55963
Partager : LinkedIn / Twitter / Facebook

CVE-2025-26004 - Telesquare TLR-2005KSH 1.1.4 is vulnerable to unauthorized stack buffer overflow vulnerability when requesting admin.cgi parameter with setDdns.
27/03/2025 | https://nvd.nist.gov/vuln/detail/CVE-2025-26004
Partager : LinkedIn / Twitter / Facebook