CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: Exposure of Sensitive Information to an Unauthorized Actor, Insertion of Sensitive Information into Log File vulnerability in the OpenIdAuthorizer of Apache IoTDB.
This issue affects Apache IoTDB: from 0.10.0 through 1.3.3, from 2.0.1-beta before 2.0.2.
Users are recommended to upgrade to version 1.3.4 and 2.0.2, which fix the issue.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-26864
https://lists.apache.org/thread/2kcjnlypppk8qjh17dpz0jvkcpn6l162
http://www.openwall.com/lists/oss-security/2025/05/14/4
https://github.com/apache/iotdb/pull/14863
https://github.com/apache/iotdb/commit/34fcaff6b72470d5ad369307dde7fae8897aea7e
https://github.com/advisories/GHSA-5fc3-pqf2-57cx
CVSS: HIGH (7.5) EPSS Score: 0.04%
May 15th, 2025 (about 1 month ago)
|
CVE-2025-48050 |
Description: In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory.
CVSS: HIGH (7.5) EPSS Score: 0.05%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-30421 |
Description: There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-30420 |
Description: There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-30419 |
Description: There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-30418 |
Description: There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2025-30417 |
Description: There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
CVSS: HIGH (7.8) EPSS Score: 0.02%
May 15th, 2025 (about 1 month ago)
|
|
CVE-2024-22293 |
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5.
CVSS: HIGH (7.1) EPSS Score: 0.06% SSVC Exploitation: none
May 15th, 2025 (about 1 month ago)
|
|
|
Description: Summary
Using a constructed (camera) device path with the config/add/add_camera motionEye web API allows an attacker with motionEye admin user credentials to execute any UNIX shell code within a non-interactive shell as executing user of the motionEye instance, motion by default.
function call stack
post
add_camera
config.add_camera
v4l2ctl.list_resolutions
utils.call_subprocess
subprocess.run
PoC
build
RUN_USER="user"
RUN_UID=$(id -u ${RUN_USER})
RUN_GID=$(id -g ${RUN_USER})
TIMESTAMP="$(date '+%Y%m%d-%H%M')"
docker build \
--network host \
--build-arg="RUN_UID=${RUN_UID?}" \
--build-arg="RUN_GID=${RUN_GID?}" \
-t "${USER?}/motioneye:${TIMESTAMP}" \
--no-cache \
-f docker/Dockerfile .
reproduce
Run:
docker run --rm -d -p 8765:8765 --hostname="motioneye" -v /etc/localtime:/etc/localtime:ro -v /tmp/motioneyeconfig:/etc/motioneye -v /tmp/motioneyeconfig:/var/lib/motioneye
bash-4.2$ docker logs ceb435eacf55 -f
configure_logging cmd motioneye: False
configure logging to file: None
INFO: hello! this is motionEye server 0.43.1b3
DEBUG: found motion executable "/usr/bin/motion" version "4.7.0"
DEBUG: found ffmpeg executable "/usr/bin/ffmpeg" version "7.1.1-1+b1"
DEBUG: listing config dir /etc/motioneye...
DEBUG: found camera with id 1
DEBUG: reading camera config from /etc/motioneye/camera-1.conf...
DEBUG: loading additional config structure for camera, without separators
DEBUG: Using selector: EpollSelector
DEBUG: searching...
CVSS: HIGH (8.9) EPSS Score: 0.06%
May 15th, 2025 (about 1 month ago)
|
|
|
Description: Summary
The vulnerability allows an attacker to inject a malicious script into the context of a web page, which can lead to data theft, unauthorized actions on behalf of the user, and other attacks.
Details
The vulnerability is reproducible when sending a properly formatted request to the POST /projects/upload-example/ endpoint. In the source code, the vulnerability is located at label_studio/projects/views.py.
39: @require_http_methods(['POST'])
40: def upload_example_using_config(request):
41: """Generate upload data example by config only"""
42: config = request.POST.get('label_config', '')
43:
44: org_pk = get_organization_from_request(request)
45: secure_mode = False
46: if org_pk is not None:
47: org = generics.get_object_or_404(Organization, pk=org_pk)
48: secure_mode = org.secure_mode
49:
50: try:
51: Project.validate_label_config(config)
52: task_data, _, _ = get_sample_task(config, secure_mode)
53: task_data = playground_replacements(request, task_data)
54: except (ValueError, ValidationError, lxml.etree.Error):
55: response = HttpResponse('error while example generating', status=status.HTTP_400_BAD_REQUEST)
56: else:
57: response = HttpResponse(json.dumps(task_data))
58: return response
The vulnerability is specifically located in line 57, where HttpResponse is used.
57: response = HttpResponse(json.dumps(task_data))
PoC
Send the following request after changi...
CVSS: HIGH (7.6) EPSS Score: 0.06%
May 15th, 2025 (about 1 month ago)
|