CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-31131 |
Description: YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. This vulnerability is fixed in 4.5.2.
CVSS: HIGH (8.6) EPSS Score: 26.41%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-31121 |
Description: OpenEMR is a free and open source electronic health records and medical practice management application. Prior to 7.0.3.1, the Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. This vulnerability is fixed in 7.0.3.1.
CVSS: HIGH (7.0) EPSS Score: 0.06%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-30354 |
Description: Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This vulnerability's attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user—specifically, downloading and opening an externally provided malicious Bruno collection. The vulnerability is fixed in 1.39.1.
CVSS: HIGH (8.7) EPSS Score: 0.02%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-30210 |
Description: Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content (in this case the Environment name) as raw HTML which then gets injected into DOM on hover. This, combined with loose Content Security Policy restrictions, allowed any valid HTML text containing inline script to get executed on hovering over the respective Environment's name. This vulnerability's attack surface is limited strictly to scenarios where users import collections from untrusted or malicious sources. The exploit requires deliberate action from the user—specifically, downloading and opening an externally provided malicious Bruno or Postman collection export and the user hovers on the environment name. This vulnerability is fixed in 1.39.1.
CVSS: HIGH (8.7) EPSS Score: 0.03%
April 1st, 2025 (3 months ago)
|
|
Description: Impact
Versions after 2.x and before 3.x of io.jooby:jooby-pac4j can cause deserialization of untrusted data
Patches
2.17.0 (2.x)
3.7.0 (3.x)
Workarounds
Not using io.jooby:jooby-pac4j until it gets patches.
Check what values you put/save on session
References
Version 2.x:
https://github.com/jooby-project/jooby/blob/v2.x/modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/SessionStoreImpl.java#L39-L45
Version 3.x:
https://github.com/jooby-project/jooby/blob/v3.6.1/modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/SessionStoreImpl.java#L77-L84
Cause
In module pac4j io.jooby.internal.pac4j.SessionStoreImpl#get , it is used to handle sessions , and trying to get key value. In strToObject function ,it's trying to deserialize value when value starts with "b64~" , which might cause deserialization of untrusted data.
modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/SessionStoreImpl.java
Here's a small demo using SessionStoreImpl#get to handle sessions ,and user can pass parameters.
And following below is exploiting successfully(execute calculator)
References
https://github.com/jooby-project/jooby/security/advisories/GHSA-7c5v-895v-w4q5
https://nvd.nist.gov/vuln/detail/CVE-2025-31129
https://github.com/jooby-project/jooby/commit/3e13562cf36d7407813eae464e0f4b598de15692
https://github.com/jooby-project/jooby/blob/v2.x/modules/jooby-pac4j/src/main/java/io/jooby/internal/pac4j/SessionStoreImpl.java#L39-L45
https://github.com/jooby-project/jooby/blob/v3.6...
CVSS: HIGH (8.8) EPSS Score: 0.04%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-22231 |
Description: VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can escalate their privileges to root on the appliance running VMware Aria Operations.
CVSS: HIGH (7.8) EPSS Score: 0.02%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-3085 |
Description: A MongoDB server under specific conditions running on Linux with TLS and CRL revocation status checking enabled, fails to check the revocation status of the intermediate certificates in the peer's certificate chain. In cases of MONGODB-X509, which is not enabled by default, this may lead to improper authentication. This issue may also affect intra-cluster authentication. This issue affects MongoDB Server v5.0 versions prior to 5.0.31, MongoDB Server v6.0 versions prior to 6.0.20, MongoDB Server v7.0 versions prior to 7.0.16 and MongoDB Server v8.0 versions prior to 8.0.4.
Required Configuration : MongoDB Server must be running on Linux Operating Systems and CRL revocation status checking must be enabled
CVSS: HIGH (8.1) EPSS Score: 0.03%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-1660 |
Description: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.02%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-1659 |
Description: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.02%
April 1st, 2025 (3 months ago)
|
|
CVE-2025-1658 |
Description: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
CVSS: HIGH (7.8) EPSS Score: 0.02%
April 1st, 2025 (3 months ago)
|