CVE-2025-47292 |
Description: Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the `DebateAlternateArgumentsResolver` deserializes a `Cursor`, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this vulnerability can lead to Remote Code Execution. The vulnerability is fixed in commit 812f2a7d271b76deab1175bdaf2be0b8102dd198.
CVSS: CRITICAL (9.5) EPSS Score: 0.52%
May 14th, 2025 (24 days ago)
|
CVE-2024-24780 |
Description: Remote Code Execution with untrusted URI of UDF vulnerability in Apache IoTDB. The attacker who has privilege to create UDF can register malicious function from untrusted URI.
This issue affects Apache IoTDB: from 1.0.0 before 1.3.4.
Users are recommended to upgrade to version 1.3.4, which fixes the issue.
CVSS: CRITICAL (9.8) EPSS Score: 0.38%
May 14th, 2025 (24 days ago)
|
![]() |
Description: Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.
The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0.
"A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to
CVSS: CRITICAL (9.6) EPSS Score: 8.83%
May 14th, 2025 (25 days ago)
|
![]() |
Description: Impact
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification.
Patches
Upgrade to v0.10.0 or greater. This vulnerability is not present in versions of OpenPubkey after v0.9.0.
References
CVE-2025-3757
References
https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq
https://nvd.nist.gov/vuln/detail/CVE-2025-3757
https://github.com/advisories/GHSA-537f-gxgm-3jjq
CVSS: CRITICAL (9.3) EPSS Score: 0.02%
May 13th, 2025 (25 days ago)
|
![]() |
Description: Impact
Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and would allow an attacker to bypass OPKSSH authentication.
Patches
The vulnerability does not exist in more recent versions of OPKSSH. his only impacts OPKSSH when used to verify ssh keys on a server, the OPKSSH client is unaffected. To remediate upgrade to a version of OPKSSH v0.5.0 or greater.
To determine if you are vulnerable run on your server:
opkssh --version
If the version is less than 0.5.0 you should upgrade. To upgrade to the latest version run:
wget -qO- "https://raw.githubusercontent.com/openpubkey/opkssh/main/scripts/install-linux.sh" | sudo bash
References
CVE-2025-4658
The upstream vulnerability in OpenPubkey is CVE-2025-3757 and has the security advisory https://github.com/openpubkey/openpubkey/security/advisories/GHSA-537f-gxgm-3jjq
References
https://github.com/openpubkey/opkssh/security/advisories/GHSA-56wx-66px-9j66
https://nvd.nist.gov/vuln/detail/CVE-2025-4658
https://github.com/openpubkey/opkssh
https://github.com/advisories/GHSA-56wx-66px-9j66
CVSS: CRITICAL (9.3) EPSS Score: 0.03%
May 13th, 2025 (25 days ago)
|
CVE-2025-43567 |
Description: Adobe Connect versions 12.8 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality and integrity impact as high.
CVSS: CRITICAL (9.3) EPSS Score: 0.11%
May 13th, 2025 (25 days ago)
|
CVE-2025-43564 |
Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.
CVSS: CRITICAL (9.1) EPSS Score: 0.08%
May 13th, 2025 (25 days ago)
|
CVE-2025-43563 |
Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify sensitive data without proper authorization. Exploitation of this issue does not require user interaction.
CVSS: CRITICAL (9.1) EPSS Score: 0.09%
May 13th, 2025 (25 days ago)
|
CVE-2025-43562 |
Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
CVSS: CRITICAL (9.1) EPSS Score: 1.04%
May 13th, 2025 (25 days ago)
|
CVE-2025-43561 |
Description: ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could leverage this vulnerability to bypass authentication mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed.
CVSS: CRITICAL (9.1) EPSS Score: 0.32%
May 13th, 2025 (25 days ago)
|