CVE News Feed
Updates on the latest vulnerabilities detected.
-
CVE-2025-24294 - Apache Resolv DNS Denial of Service Vulnerability
CVE ID :CVE-2025-24294
Published : July 12, 2025, 4:15 a.m. | 1 hour, 11 minutes ago
Description :The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2024-38648 - Ivanti DSM Decryption Secret Disclosure
CVE ID :CVE-2024-38648
Published : July 12, 2025, 4:15 a.m. | 1 hour, 11 minutes ago
Description :A hardcoded secret in Ivanti DSM before 2024.2 allows an authenticated attacker on an adjacent network to decrypt sensitive data including user credentials.
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2023-39339 - Ivanti Policy Secure Arbitrary File Read Vulnerability
CVE ID :CVE-2023-39339
Published : July 12, 2025, 4:15 a.m. | 1 hour, 11 minutes ago
Description :A vulnerability exists on all versions of Ivanti Policy Secure below 22.6R1 where an authenticated administrator can perform an arbitrary file read via a maliciously crafted web request.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2023-39338 - Apache Sentry Unauthorized Service Access
CVE ID :CVE-2023-39338
Published : July 12, 2025, 4:15 a.m. | 1 hour, 11 minutes ago
Description :Enables an authenticated user (enrolled device) to access a service protected by Sentry even if they are not authorized according to the sentry policy to access that service. It does not enable the user to authenticate to or use the service, it just provides the tunnel access.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2023-38036 - Ivanti Avalanche Manager Buffer Overflow Vulnerability
CVE ID :CVE-2023-38036
Published : July 12, 2025, 4:15 a.m. | 1 hour, 11 minutes ago
Description :A security vulnerability within Ivanti Avalanche Manager before version 6.4.1 may allow an unauthenticated attacker to create a buffer overflow that could result in service disruption or arbitrary code execution.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-53879 - Apache Struts Deserialization Vulnerability
CVE ID :CVE-2025-53879
Published : July 12, 2025, 3:15 a.m. | 2 hours, 11 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-53878 - Apache HTTP Server Denial of Service
CVE ID :CVE-2025-53878
Published : July 12, 2025, 3:15 a.m. | 2 hours, 11 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-53877 - Apache Struts Command Injection
CVE ID :CVE-2025-53877
Published : July 12, 2025, 3:15 a.m. | 2 hours, 11 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-53876 - Apache HTTP Server Authentication Bypass
CVE ID :CVE-2025-53876
Published : July 12, 2025, 3:15 a.m. | 2 hours, 11 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-53875 - Apache HTTP Server Cross-Site Request Forgery
CVE ID :CVE-2025-53875
Published : July 12, 2025, 3:15 a.m. | 2 hours, 11 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-53874 - Apache HTTP Server Authentication Bypass
CVE ID :CVE-2025-53874
Published : July 12, 2025, 3:15 a.m. | 2 hours, 11 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-53873 - Apache HTTP Server Unvalidated User Input
CVE ID :CVE-2025-53873
Published : July 12, 2025, 3:15 a.m. | 2 hours, 11 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-53872 - Cisco WebEx Meeting Center Unvalidated Redirect
CVE ID :CVE-2025-53872
Published : July 12, 2025, 3:15 a.m. | 2 hours, 11 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-53871 - Apache HTTP Server Remote Command Execution
CVE ID :CVE-2025-53871
Published : July 12, 2025, 3:15 a.m. | 2 hours, 11 minutes ago
Description :Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-5199 - Canonical Multipass Privilege Escalation Vulnerability
CVE ID :CVE-2025-5199
Published : July 12, 2025, 12:15 a.m. | 5 hours, 11 minutes ago
Description :In Canonical Multipass up to and including version 1.15.1 on macOS, incorrect default permissions allow a local attacker to escalate privileges by modifying files executed with administrative privileges by a Launch Daemon during system startup.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-7460 - TOTOLINK T6 HTTP POST Request Handler Buffer Overflow Vulnerability
CVE ID :CVE-2025-7460
Published : July 11, 2025, 10:15 p.m. | 7 hours, 11 minutes ago
Description :A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-53636 - Open OnDemand Shell App Log Flood Denial of Service Vulnerability
CVE ID :CVE-2025-53636
Published : July 11, 2025, 10:15 p.m. | 7 hours, 11 minutes ago
Description :Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-7459 - Code-projects Mobile Shop SQL Injection Vulnerability
CVE ID :CVE-2025-7459
Published : July 11, 2025, 9:15 p.m. | 8 hours, 11 minutes ago
Description :A vulnerability classified as critical was found in code-projects Mobile Shop 1.0. This vulnerability affects unknown code of the file /EditMobile.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-7457 - Campcodes Online Movie Theater Seat Reservation System SQL Injection Vulnerability
CVE ID :CVE-2025-7457
Published : July 11, 2025, 9:15 p.m. | 8 hours, 11 minutes ago
Description :A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1.0. This affects an unknown part of the file /admin/manage_movie.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more... -
CVE-2025-7456 - Campcodes Online Movie Theater Seat Reservation System SQL Injection
CVE ID :CVE-2025-7456
Published : July 11, 2025, 8:15 p.m. | 9 hours, 11 minutes ago
Description :A vulnerability, which was classified as critical, has been found in Campcodes Online Movie Theater Seat Reservation System 1.0. Affected by this issue is some unknown functionality of the file /reserve.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...