Contact DMCA Privacy

Robuta

Sponsor of the Day: Jerkmate
https://www.zend.com/php-security-center/CVE-2025-6491 CVE-2025-6491 | Zend cve 20256491zend https://explore.alas.aws.amazon.com/CVE-2025-38166.html CVE-2025-38166 cve 202538166 https://explore.alas.aws.amazon.com/CVE-2025-39900.html CVE-2025-39900 cve 2025 https://www.ruby-lang.org/en/news/2025/09/18/dos-rexml-cve-2025-58767/ CVE-2025-58767: DoS vulnerability in REXML | Ruby There is a DoS vulnerability in REXML gem. This vulnerability has been assigned the CVE identifier CVE-2025-58767. We strongly recommend upgrading the REXML ... cve 2025dos vulnerabilityruby https://www.haproxy.com/blog/october-2025-cve-2025-11230-haproxy-mjson-library-denial-of-service-vulnerability CVE-2025-11230: Denial of service vulnerability in HAProxy mjson library Oct 6, 2025 - The latest versions of HAProxy Community and HAProxy Enterprise have patches for a high severity denial of service vulnerability in the mjson library. cve 2025service vulnerabilitydenialhaproxylibrary https://www.fujifilm.com/fb/en/news/11919e Notification about the vulnerability (CVE-2025-8355/8356) in Xerox FreeFlow Core | FUJIFILM... vulnerability cve 2025freeflow corenotification83558356 https://explore.alas.aws.amazon.com/CVE-2025-38571.html CVE-2025-38571 cve 2025 https://www.percona.com/blog/cve-2025-14847-mongobleed-a-high-severity-memory-leak-in-mongodb/ CVE-2025-14847 (MongoBleed) — A High-Severity Memory Leak in MongoDB Dec 31, 2025 - The mongobleed vulnerability allows an unauthenticated remote attacker with network access to extract fragments of uninitialized server memory cve 2025 14847high severitymemory leakmongobleedmongodb https://www.herodevs.com/vulnerability-directory/cve-2025-22232 Vulnerability Directory | CVE-2025-22232 | Spring | HeroDevs Patch CVE-2025-22232 immediately to secure your systems from critical vulnerabilities. Protect your applications and prevent exploits with the latest updates... vulnerability directory cvespring herodevs2025 https://bugzilla.redhat.com/show_bug.cgi?id=2372373 2372373 – (CVE-2025-49794) CVE-2025-49794 libxml: Heap use after free (UAF) leads to Denial of... cve 2025libxmlheapusefree https://explore.alas.aws.amazon.com/CVE-2025-21763.html CVE-2025-21763 cve 2025 https://discuss.elastic.co/t/impact-of-cve-2025-46295/384442 Impact of CVE-2025-46295 - Elastic Security - Discuss the Elastic Stack CVE-2025-46295 I just downloaded elastic-9.2.3 for Windows. Our security scanner is flagging it because commons-text-1.4.jar is found in the directory... elastic security discusscve 2025impactstack https://explore.alas.aws.amazon.com/CVE-2025-68285.html CVE-2025-68285 cve 2025 https://www.postgresql.org/support/security/CVE-2025-4207/ PostgreSQL: CVE-2025-4207: PostgreSQL GB18030 encoding validation can read one byte past end of... postgresql cve 2025read one4207encodingvalidation https://security.archlinux.org/CVE-2025-49796 CVE-2025-49796 - libxml2 - Arch Linux libxml2 arch linuxcve 2025 https://feedly.com/cve/CVE-2025-14707 CVE-2025-14707 - Exploits & Severity - Feedly A security flaw has been discovered in Shiguangwu sgwbox N3 2.0.25. Affected is an unknown function of the file /usr/sbin/http_eshell_server of the component... exploits severity feedlycve 202514707 https://www.herodevs.com/vulnerability-directory/cve-2025-12848 Vulnerability Directory | CVE-2025-12848 | Drupal 7 | HeroDevs A medium-severity XSS flaw affects Drupal’s Webform Multiple File Upload module (≤7.1.6), allowing malicious filenames to trigger injected scripts. Learn... vulnerability directory cvedrupal 7 herodevs2025 https://www.rapid7.com/blog/post/etr-cve-2025-37164-critical-unauthenticated-rce-affecting-hewlett-packard-enterprise-oneview/ CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView On December 17, 2025, Hewlett Packard Enterprise (HPE) published an advisory for CVE-2025-37164, a CVSS 10.0 vulnerability in HPE OneView. hewlett packard enterprisecve 2025critical unauthenticatedrceaffecting https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-31650 1242008 – (CVE-2025-31650) VUL-0: CVE-2025-31650: tomcat,tomcat10: DoS via malformed HTTP/2 cve 2025dos viavultomcat https://explore.alas.aws.amazon.com/CVE-2025-23247.html CVE-2025-23247 cve 2025 https://ubuntu.com/security/CVE-2025-71099 CVE-2025-71099 | Ubuntu Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things. cve 2025ubuntu https://explore.alas.aws.amazon.com/CVE-2025-38498.html CVE-2025-38498 cve 2025 https://explore.alas.aws.amazon.com/CVE-2025-9179.html CVE-2025-9179 cve 20259179 https://www.hackrtu.com/blog/cg-0day-en-002/ CVE-2025-1679 and CVE-2025-1680: Two new CVEs in Moxa devices Discover the CVE-2025-1679 and CVE-2025-1680 detected by our researchers on a Moxa device and their impact. cve 2025two new16791680cves https://modsecurity.org/20250805/improper-error-handling-cve-2025-54571-2025-august/ Improper error handling: CVE-2025-54571 - 2025 August | Modsecurity Project We would like to share our take on CVE-2025-54571, which was published on August 5, 2025. error handlingcve 2025modsecurity projectimproperaugust https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/ CVE-2025-31324 SAP Zero-Day Vulnerability | Full Threat Brief Jan 7, 2026 - Onapsis Threat Intelligence breaks down the SAP zero-day CVE-2025-31324 vulnerability. Learn about the exploit, risks, and remediation steps. cve 2025 31324zero day vulnerabilitythreat briefsapfull https://feedly.com/cve/CVE-2025-21406 CVE-2025-21406 - Exploits & Severity - Feedly Windows Telephony Service Remote Code Execution Vulnerability CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H exploits severity feedlycve 2025 https://www.herodevs.com/vulnerability-directory/cve-2025-0716 Vulnerability Directory | CVE-2025-0716 | AngularJS | HeroDevs vulnerability directory cveangularjs herodevs20250716 https://explore.alas.aws.amazon.com/CVE-2025-38000.html CVE-2025-38000 cve 202538000 https://ubuntu.com/security/CVE-2025-61726 CVE-2025-61726 | Ubuntu Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things. cve 2025ubuntu https://www.openoffice.org/security/cves/CVE-2025-64404.html CVE-2025-64404 cve 202564404 https://ubuntu.com/security/CVE-2025-53367 CVE-2025-53367 | Ubuntu Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things. cve 2025 53367ubuntu https://nvd.nist.gov/vuln/detail/CVE-2025-40909 NVD - CVE-2025-40909 nvd cve 2025 https://unit42.paloaltonetworks.com/tag/cve-2025-55182/ CVE-2025-55182 Archives - Unit 42 cve 2025 55182archives unit 42 https://explore.alas.aws.amazon.com/CVE-2025-39677.html CVE-2025-39677 cve 2025 https://bugzilla.redhat.com/show_bug.cgi?id=2379386 2379386 – (CVE-2025-53506) CVE-2025-53506 tomcat: Apache Tomcat denial of service cve 2025tomcatapachedenialservice https://nvd.nist.gov/vuln/detail/CVE-2025-58188 NVD - CVE-2025-58188 nvd cve 2025 https://nvd.nist.gov/vuln/detail/CVE-2025-61725 NVD - CVE-2025-61725 nvd cve 2025 https://security.archlinux.org/CVE-2025-48976 CVE-2025-48976 - tomcat9 tomcat10 - Arch Linux tomcat9 tomcat10 archcve 2025linux https://community.broadcom.com/tanzu/blogs/beltran-rueda-borrego/2025/05/29/argocd-fix-for-critical-cve-2025-1974?CommunityKey=56a49fa1-c592-460c-aa05-019446f8102f Argo CD fix for critical CVE-2025-47933 argo cdcve 2025fixcritical https://notepad-plus-plus.org/news/v886-released/ v8.8.6 release: Clarifying the CVE-2025-56383 Non-Issue | Notepad++ v8 8 6cve 2025non issuereleaseclarifying https://nvd.nist.gov/vuln/detail/CVE-2025-41245 NVD - CVE-2025-41245 nvd cve 2025 https://security.archlinux.org/CVE-2025-32801 CVE-2025-32801 - kea - Arch Linux kea arch linuxcve 202532801 https://bugzilla.redhat.com/show_bug.cgi?id=2354669 2354669 – (CVE-2025-2784) CVE-2025-2784 libsoup: Heap buffer over-read in... cve 2025heap buffer2784libsoupread https://explore.alas.aws.amazon.com/CVE-2025-37955.html CVE-2025-37955 cve 2025 https://snowbit.io/security/mongobleed-cve-2025-14847-critical-unauthenticated-mongodb-memory-disclosure/ MongoBleed (CVE-2025-14847): Critical Unauthenticated MongoDB Memory Disclosure - Snowbit Dec 29, 2025 - The broadest, cloud-native cybersecurity offering available cve 2025 14847critical unauthenticatedmemory disclosuremongobleedmongodb https://7asecurity.com/blog/tag/cve-2025-31484/ CVE-2025-31484 Archives - 7ASecurity Blog Articles tagged with "CVE-2025-31484" archives 7asecurity blogcve 2025 https://explore.alas.aws.amazon.com/CVE-2025-14010.html CVE-2025-14010 cve 202514010 https://www.rapid7.com/blog/post/etr-critical-veeam-backup-replication-cve-2025-23121/ Critical Veeam Backup & Replication CVE-2025-23121 On Tuesday, June 17, 2025, backup and recovery software provider #Veeam published a security advisory for a critical remote code execution (RCE) vulnerability,... veeam backup replicationcve 2025critical https://www.postgresql.org/support/security/CVE-2025-8713/ PostgreSQL: CVE-2025-8713: PostgreSQL optimizer statistics can expose sampled data within a view,... postgresql cve 2025data within8713optimizerstatistics https://curl.se/docs/CVE-2025-10148.html curl - predictable WebSocket mask - CVE-2025-10148 cve 2025curlpredictablewebsocketmask https://explore.alas.aws.amazon.com/CVE-2025-23273.html CVE-2025-23273 cve 2025 https://curl.se/docs/CVE-2025-0167.html curl - netrc and default credential leak - CVE-2025-0167 credential leakcve 2025curlnetrcdefault https://www.zend.com/php-security-center/CVE-2025-14177 CVE-2025-14177 | Zend cve 2025zend https://www.openoffice.org/security/cves/CVE-2025-64403.html CVE-2025-64403 cve 2025 https://www.herodevs.com/vulnerability-directory/cve-2025-52434 Vulnerability Directory | CVE-2025-52434 | Apache Tomcat | HeroDevs Patch CVE-2025-52434 immediately to secure your systems from critical vulnerabilities. Protect your applications and prevent exploits with the latest updates... vulnerability directory cveapache tomcat herodevs2025 https://unit42.paloaltonetworks.com/mongobleed-cve-2025-14847/ Threat Brief: MongoDB Vulnerability (CVE-2025-14847) Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7. vulnerability cve 2025threat briefmongodb14847 https://security.archlinux.org/CVE-2025-48988 CVE-2025-48988 - tomcat9 tomcat10 - Arch Linux cve 2025 48988tomcat9 tomcat10 archlinux https://www.ruby-lang.org/en/news/2025/10/07/uri-cve-2025-61594/ CVE-2025-61594: URI Credential Leakage Bypass previous fixes | Ruby We published security advisory for CVE-2025-61594. cve 2025uricredentialleakagebypass https://nvd.nist.gov/vuln/detail/CVE-2025-38406 NVD - CVE-2025-38406 nvd cve 202538406 https://www.herodevs.com/vulnerability-directory/cve-2025-22233 Vulnerability Directory | CVE-2025-22233 | Spring | HeroDevs Patch CVE-2025-22233 immediately to secure your systems from critical vulnerabilities. Protect your applications and prevent exploits with the latest updates... vulnerability directory cvespring herodevs2025 https://nvd.nist.gov/vuln/detail/CVE-2025-53506 NVD - CVE-2025-53506 nvd cve 2025 https://thehackernews.com/2025/05/china-linked-apts-exploit-sap-cve-2025.html China-Linked APTs Exploit SAP CVE-2025-31324 to Breach 581 Critical Systems Worldwide 581 SAP NetWeaver instances hacked via CVE-2025-31324 + Confirmed China-nexus APT involvement + Critical infrastructure at risk. cve 2025 31324china linkedcritical systemsaptsexploit https://securelist.com/cve-2025-55182-exploitation/118331/ Attacks on Kaspersky honeypots exploit CVE-2025-55182 | Securelist Mar 3, 2026 - Threat actors are now exploiting CVE-2025-55182, and attacks are poised to grow. Here’s what you need to know about the vulnerability, how our honeypots are... cve 2025 55182attackskasperskyhoneypotsexploit https://security.archlinux.org/CVE-2025-49795 CVE-2025-49795 - libxml2 - Arch Linux libxml2 arch linuxcve 2025 https://nvd.nist.gov/vuln/detail/CVE-2025-53533 NVD - CVE-2025-53533 nvd cve 2025 https://curl.se/docs/CVE-2025-14524.html curl - bearer token leak on cross-protocol redirect - CVE-2025-14524 redirect cvecurlbearertokenleak https://community.broadcom.com/tanzu/blogs/carlos-rodriguez-hernandez/2025/06/05/security-fix-released-for-python-cve-2025-4517?CommunityKey=56a49fa1-c592-460c-aa05-019446f8102f Critical Security Fix Released for Python – CVE-2025-4517 critical securitycve 2025fixreleasedpython https://feedly.com/cve/CVE-2025-21376 CVE-2025-21376 - Exploits & Severity - Feedly Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H exploits severity feedlycve 2025 https://www.rapid7.com/blog/post/crushftp-zero-day-exploited-in-the-wild/ CVE-2025-54309: Crush FTP Vulnerability Exploited in the Wild On July 18, 2025, CrushFTP disclosed CVE-2025-54309, a critical vulnerability affecting versions below 10.8.5 and 11.3.4_23 across all platforms. cve 2025vulnerability exploitedcrushftpwild https://www.ipa.go.jp/security/security-alert/2025/alert20251211.html Adobe ColdFusionの脆弱性対策について(CVE-2025-61809) | 情報セキュリティ | IPA 独立行政法人 情報処理推進機構 情報処理推進機構(IPA)の「Adobe ColdFusionの脆弱性対策について(CVE-2025-61809)」に関する情報です。 cve 2025adobeipa https://security.archlinux.org/CVE-2025-53367 CVE-2025-53367 - djvulibre - Arch Linux cve 2025 53367djvulibre arch linux https://vercel.com/changelog/cve-2025-55182 Summary of CVE-2025-55182 - Vercel Vercel has provided a patch for CVE-2025-55182 affecting any frameworks allowing Server Components usage. cve 2025 55182summaryvercel https://explore.alas.aws.amazon.com/CVE-2025-32910.html CVE-2025-32910 cve 2025 https://feedly.com/cve/CVE-2025-11363 CVE-2025-11363 - Exploits & Severity - Feedly The Royal Addons for Elementor WordPress plugin before 1.7.1037 does not have proper authorisation, allowing unauthenticated users to upload media files via... exploits severity feedlycve 2025 https://explore.alas.aws.amazon.com/CVE-2025-58185.html CVE-2025-58185 cve 2025 https://nvd.nist.gov/vuln/detail/CVE-2025-29943 NVD - CVE-2025-29943 nvd cve 2025 https://community.notepad-plus-plus.org/topic/27173/libcurl-8-14-1-cve-2025-5399 libcurl 8.14.1 CVE-2025-5399 | Notepad++ Community updater\libcurl.dll version is 8.13.0 Fixed version is 8.14.2 When are you planning to update updater\libcurl.dll? https://nvd.nist.gov/vuln/detail/CVE-2025-... 8 14 1cve 2025notepad communitylibcurl5399 https://nvd.nist.gov/vuln/detail/CVE-2025-1131 NVD - CVE-2025-1131 nvd cve 20251131 https://ubuntu.com/security/CVE-2025-68340 CVE-2025-68340 | Ubuntu Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things. cve 2025ubuntu https://feedly.com/cve/CVE-2025-14706 CVE-2025-14706 - Exploits & Severity - Feedly A vulnerability was identified in Shiguangwu sgwbox N3 2.0.25. This impacts an unknown function of the file /usr/sbin/http_eshell_server of the component... exploits severity feedlycve 202514706 https://www.openoffice.org/security/cves/CVE-2025-64405.html CVE-2025-64405 cve 2025 https://jfrog.com/blog/2025-55182-and-2025-66478-react2shell-all-you-need-to-know/ React2Shell (CVE-2025-55182): Detection & Mitigation Guide - UPDATED Dec 14, 2025 - Updated and latest information regarding the critical React RCE vulnerability (React2Shell CVE-2025-55182) . Learn how to detect and protect with JFrog. react2shell cve 2025detection mitigationguide updated55182 https://detection.fyi/tags/cve.2025-30406/ cve.2025-30406 | Detection.FYI cve 2025detection fyi https://hub.ntc.swiss/ntcf-2025-1294 Cross-Site Scripting Vulnerability in additional-tca Extension for TYPO3 (CVE-2025-30083) Details about two Cross-Site Scripting Vulnerabilities in ns_backup Extension for TYPO3 (CVE-2025-30083) cross site scriptingcve 2025vulnerabilityadditionaltca https://unit42.paloaltonetworks.com/microsoft-cve-2025-59287/ Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated... CVE-2025-59287 is a critical RCE vulnerability identified in Microsoft’s WSUS. Our observations from cases show a consistent methodology. remote code executioncve 2025actively exploitedwild updatedmicrosoft https://www.herodevs.com/vulnerability-directory/cve-2025-41235 Vulnerability Directory | CVE-2025-41235 | Spring | HeroDevs Patch CVE-2025-41235 immediately to secure your systems from critical vulnerabilities. Protect your applications and prevent exploits with the latest updates... vulnerability directory cvespring herodevs2025 https://cve.circl.lu/cve/CVE-2025-48976 CVE-2025-48976 - Vulnerability-Lookup Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources. cve 2025vulnerability lookup https://www.aikido.dev/blog/react-next-js-dos-vulnerability-cve-2025-55184 React & Next.js DoS Vulnerability (CVE-2025-55184) Explained Dec 12, 2025 - CVE-2025-55184 is a React Server Components DoS flaw related to React2Shell. Learn who’s affected, how it works, and how to fully patch it. react next jsdos vulnerability cve2025explained https://www.anquanke.com/post/id/312467 CVE-2025-9868 Nexus Repository 2 – 远程浏览器插件导致的未授权 SSRF 漏洞复现-安全KER - 安全资讯平台 cve 2025nexus repository9868ssrf https://www.herodevs.com/vulnerability-directory/cve-2025-41254 Vulnerability Directory | CVE-2025-41254 | Spring | HeroDevs HeroDevs patched CVE-2025-41254, a Spring Framework WebSocket CSRF vulnerability allowing unauthorized STOMP messages. Apply NES for Spring to stay protected. vulnerability directory cve2025 41254spring herodevs https://www.suse.com/security/cve/CVE-2025-49125.html CVE-2025-49125 Common Vulnerabilities and Exposures | SUSE Secure your Linux systems from CVE-2025-49125. Stay ahead of potential threats with the latest security updates from SUSE. cve 2025common vulnerabilitiesexposures suse https://cve.circl.lu/cve/CVE-2025-4575 CVE-2025-4575 - Vulnerability-Lookup Vulnerability-Lookup - Fast vulnerability lookup correlation from different sources. cve 2025vulnerability lookup4575 https://www.haproxy.com/blog/react2shell-cve-2025-55182-mitigation-haproxy HAProxy Enterprise WAF Blocks React2Shell (CVE-2025-55182) Jan 20, 2026 - Protect your infrastructure from React2Shell (CVE-2025-55182) using HAProxy. Learn about immediate mitigation strategies and automatic WAF protection. react2shell cve 2025haproxy enterprisewafblocks55182 https://www.herodevs.com/vulnerability-directory/cve-2025-9551 Vulnerability Directory | CVE-2025-9551 | Drupal 7 | HeroDevs The Drupal Protected Pages module (≤7.2.4) has no rate limiting on page password forms, allowing attackers to brute-force access without lockout or throttling.... vulnerability directory cvedrupal 7 herodevs20259551 https://nvd.nist.gov/vuln/detail/CVE-2025-31257 NVD - CVE-2025-31257 nvd cve 2025 https://docs.escape.tech/documentation/reference/vulnerabilities/react2shell_2/ React2Shell CVE-2025-55182 - Javascript RCE - Escape Documentation react2shell cve 2025escape documentation55182javascriptrce https://explore.alas.aws.amazon.com/CVE-2025-23345.html CVE-2025-23345 cve 2025 https://www.postgresql.org/support/security/CVE-2025-8714/ PostgreSQL: CVE-2025-8714: PostgreSQL pg_dump lets superuser of origin server execute arbitrary... postgresql cve 2025pg dumporigin server8714lets https://www.openoffice.org/security/cves/CVE-2025-64406.html CVE-2025-64406 cve 2025