Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-30087 |
Description: Best Practical RT (Request Tracker) 4.4 through 4.4.7 and 5.0 through 5.0.7 allows XSS via injection of crafted parameters in a search URL.
CVSS: HIGH (7.2) EPSS Score: 0.09%
May 28th, 2025 (11 days ago)
|
|
Description: Improper Access Control vulnerability in Apache Commons.
A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.
Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().
Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests.
This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils
1.x are recommended to upgrade to version 1.11.0, which fixes the issue.
Users of the artifact org...
CVSS: HIGH (8.8) EPSS Score: 0.24%
May 28th, 2025 (11 days ago)
|
|
|
Description: Improper Access Control vulnerability in Apache Commons.
A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.
Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().
Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests.
This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils
1.x are recommended to upgrade to version 1.11.0, which fixes the issue.
Users of the artifact org...
CVSS: HIGH (8.8) EPSS Score: 0.24%
May 28th, 2025 (11 days ago)
|
|
|
Description: Summary
Amazon Redshift Python Connector is a pure Python connector to Redshift (i.e., driver) that implements the Python Database API Specification 2.0.
When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider.
Impact
An insecure connection could allow an actor to intercept the token exchange process and retrieve an access token.
Impacted versions: >=2.0.872;<=2.1.6
Patches
Upgrade Amazon Redshift Python Connector to version 2.1.7 and ensure any forked or derivative code is patched to incorporate the new fixes.
Workarounds
None
References
If you have any questions or comments about this advisory we ask that you contact AWS/Amazon Security via our vulnerability reporting page [1] or directly via email to [email protected]. Please do not create a public GitHub issue.
[1] Vulnerability reporting page: https://aws.amazon.com/security/vulnerability-reporting
References
https://github.com/aws/amazon-redshift-python-driver/security/advisories/GHSA-r244-wg5g-6w2r
https://nvd.nist.gov/vuln/detail/CVE-2025-5279
https://aws.amazon.com/security/security-bulletins
https://github.com/advisories/GHSA-r244-wg5g-6w2r
CVSS: HIGH (7.0) EPSS Score: 0.03%
May 28th, 2025 (12 days ago)
|
|
|
Description: Impact
There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher.
When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain.
Example
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: my-service
spec:
routes:
- match: PathPrefix(‘/service’)
kind: Rule
services:
- name: service-a
port: 8080
middlewares:
- name: my-middleware-a
- match: PathPrefix(‘/service/sub-path’)
kind: Rule
services:
- name: service-a
port: 8080
In such a case, the request http://mydomain.example.com/service/sub-path/%2e%2e/other-path will reach the backend my-service-a without operating the middleware my-middleware-a unless the computed path is http://mydomain.example.com/service/other-path and should be computes by the first router (operating my-middleware-a).
Patches
https://github.com/traefik/traefik/releases/tag/v2.11.25
https://github.com/traefik/traefik/releases/tag/v3.4.1
For more information
If you have any questions or comments about this advisory, please open an issue.
Original Description
### Summary
Path traversal with "/../" using URL encodings ("/%2e%2e") allows for circumventing routing rules.
Details
When having defined a route, you can p...
CVSS: HIGH (8.8)
May 28th, 2025 (12 days ago)
|
|
|
Description: Impact
There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher.
When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain.
Example
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: my-service
spec:
routes:
- match: PathPrefix(‘/service’)
kind: Rule
services:
- name: service-a
port: 8080
middlewares:
- name: my-middleware-a
- match: PathPrefix(‘/service/sub-path’)
kind: Rule
services:
- name: service-a
port: 8080
In such a case, the request http://mydomain.example.com/service/sub-path/%2e%2e/other-path will reach the backend my-service-a without operating the middleware my-middleware-a unless the computed path is http://mydomain.example.com/service/other-path and should be computes by the first router (operating my-middleware-a).
Patches
https://github.com/traefik/traefik/releases/tag/v2.11.25
https://github.com/traefik/traefik/releases/tag/v3.4.1
For more information
If you have any questions or comments about this advisory, please open an issue.
Original Description
### Summary
Path traversal with "/../" using URL encodings ("/%2e%2e") allows for circumventing routing rules.
Details
When having defined a route, you can p...
CVSS: HIGH (8.8)
May 28th, 2025 (12 days ago)
|
|
|
Description: Impact
There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher.
When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a URL encoded string in its path, it’s possible to target a backend, exposed using another router, by-passing the middlewares chain.
Example
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: my-service
spec:
routes:
- match: PathPrefix(‘/service’)
kind: Rule
services:
- name: service-a
port: 8080
middlewares:
- name: my-middleware-a
- match: PathPrefix(‘/service/sub-path’)
kind: Rule
services:
- name: service-a
port: 8080
In such a case, the request http://mydomain.example.com/service/sub-path/%2e%2e/other-path will reach the backend my-service-a without operating the middleware my-middleware-a unless the computed path is http://mydomain.example.com/service/other-path and should be computes by the first router (operating my-middleware-a).
Patches
https://github.com/traefik/traefik/releases/tag/v2.11.25
https://github.com/traefik/traefik/releases/tag/v3.4.1
For more information
If you have any questions or comments about this advisory, please open an issue.
Original Description
### Summary
Path traversal with "/../" using URL encodings ("/%2e%2e") allows for circumventing routing rules.
Details
When having defined a route, you can p...
CVSS: HIGH (8.8)
May 28th, 2025 (12 days ago)
|
|
CVE-2025-48734 |
Description: Improper Access Control vulnerability in Apache Commons.
A special BeanIntrospector class was added in version 1.9.2. This can be used to stop attackers from using the declared class property of Java enum objects to get access to the classloader. However this protection was not enabled by default. PropertyUtilsBean (and consequently BeanUtilsBean) now disallows declared class level property access by default.
Releases 1.11.0 and 2.0.0-M2 address a potential security issue when accessing enum properties in an uncontrolled way. If an application using Commons BeanUtils passes property paths from an external source directly to the getProperty() method of PropertyUtilsBean, an attacker can access the enum’s class loader via the “declaredClass” property available on all Java “enum” objects. Accessing the enum’s “declaredClass” allows remote attackers to access the ClassLoader and execute arbitrary code. The same issue exists with PropertyUtilsBean.getNestedProperty().
Starting in versions 1.11.0 and 2.0.0-M2 a special BeanIntrospector suppresses the “declaredClass” property. Note that this new BeanIntrospector is enabled by default, but you can disable it to regain the old behavior; see section 2.5 of the user's guide and the unit tests.
This issue affects Apache Commons BeanUtils 1.x before 1.11.0, and 2.x before 2.0.0-M2.Users of the artifact commons-beanutils:commons-beanutils
1.x are recommended to upgrade to version 1.11.0, which fixes the issue.
Users of the ...
CVSS: HIGH (8.8) EPSS Score: 0.24%
May 28th, 2025 (12 days ago)
|
|
CVE-2025-45997 |
Description: Sourcecodester Web-based Pharmacy Product Management System 0.0.1 has a file upload vulnerability. An attacker can upload a PHP file disguised as an image by modifying the Content-Type header to image/jpg.
CVSS: HIGH (8.6) EPSS Score: 0.06%
May 28th, 2025 (12 days ago)
|
|
CVE-2025-4134 |
Description: Lack of file validation in do_update_vps in Avast Business Antivirus for Linux 4.5 on Linux allows local user to spoof or tamper with the update file via an unverified file write.
CVSS: HIGH (7.3) EPSS Score: 0.01%
May 28th, 2025 (12 days ago)
|