Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
CVE-2025-5636 |
Description: A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. This issue affects some unknown processing of the component SET Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in PCMan FTP Server 2.0.7 entdeckt. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Komponente SET Command Handler. Durch Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.04%
June 5th, 2025 (1 day ago)
|
|
CVE-2025-5635 |
Description: A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. This vulnerability affects unknown code of the component PLS Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PCMan FTP Server 2.0.7 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente PLS Command Handler. Durch das Beeinflussen mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.04%
June 5th, 2025 (1 day ago)
|
|
CVE-2025-5634 |
Description: A vulnerability classified as critical has been found in PCMan FTP Server 2.0.7. This affects an unknown part of the component NOOP Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine Schwachstelle in PCMan FTP Server 2.0.7 entdeckt. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Komponente NOOP Command Handler. Durch Manipulieren mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.04%
June 5th, 2025 (1 day ago)
|
|
CVE-2025-5629 |
Description: A vulnerability, which was classified as critical, was found in Tenda AC10 up to 15.03.06.47. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg of the component HTTP Handler. The manipulation of the argument startIp/endIp leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in Tenda AC10 bis 15.03.06.47 gefunden. Es betrifft die Funktion formSetPPTPServer der Datei /goform/SetPptpServerCfg der Komponente HTTP Handler. Mit der Manipulation des Arguments startIp/endIp mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.05%
June 5th, 2025 (1 day ago)
|
|
Description: Impact
A vulnerability in Multer versions >=1.4.4-lts.1, <2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process.
Patches
Users should upgrade to 2.0.1
Workarounds
None
References
https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9
https://github.com/expressjs/multer/issues/1233
https://github.com/expressjs/multer/pull/1256
References
https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg
https://nvd.nist.gov/vuln/detail/CVE-2025-48997
https://github.com/expressjs/multer/issues/1233
https://github.com/expressjs/multer/pull/1256
https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9
https://github.com/advisories/GHSA-g5hg-p3ph-g8qg
CVSS: HIGH (8.7) EPSS Score: 0.04%
June 5th, 2025 (1 day ago)
|
|
|
Description: Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-35036
https://github.com/hibernate/hibernate-validator/pull/1138
https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e
https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1
https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78
https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893
https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext
https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final
https://hibernate.atlassian.net/browse/HV-1816
https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1
https://in.relation.to...
CVSS: HIGH (7.9)
June 5th, 2025 (1 day ago)
|
|
CVE-2025-5619 |
Description: A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Eine Schwachstelle wurde in Tenda CH22 1.0.0.1 entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist die Funktion formaddUserName der Datei /goform/addUserName. Durch die Manipulation des Arguments Password mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.05%
June 5th, 2025 (1 day ago)
|
|
|
Description: Impact
This vulnerability may lead to:
Information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data.
Reproduce
Follow these steps to set up a test environment for reproducing the vulnerability:
Install dependencies and clone the repository:
pip install uv
git clone https://github.com/AstrBotDevs/AstrBot && cd AstrBot
uv run main.py
Alternatively, deploy the program via pip:
mkdir astrbot && cd astrbot
uvx astrbot init
uvx astrbot run
In another terminal, run the following command to exploit the vulnerability:
curl -L http://0.0.0.0:6185/api/chat/get_file?filename=../../../data/cmd_config.json
This request will read the cmd_config.json config file, leading to the leakage of sensitive data such as LLM API keys, usernames, and password hashes (MD5).
Patches
The vulnerability has been addressed in Pull Request #1676 and is included in versions >= v3.5.13. All users are strongly encouraged to upgrade to v3.5.13 or later.
Workarounds
Users can edit the cmd_config.json file to disable the dashboard feature as a temporary workaround. However, it is strongly recommended to upgrade to version v3.5.13 or later as soon as possible to fully resolve this issue.
References
Pull Request #1676
Issue #1675
References
https://github.com/AstrBotDevs/AstrBot/security/advisories/GHSA-cq37-g2qp-3c2p
https://nvd.nist.gov/vuln/detail/CVE-2025-48957
https://github.com/AstrBotDevs/AstrBot/issues/1675
https://github.com/AstrBotDevs/AstrBot/pull/...
CVSS: HIGH (7.5) EPSS Score: 0.07%
June 5th, 2025 (1 day ago)
|
|
|
Description: Summary
Source code may be stolen when you access a malicious web site with non-Chromium based browser.
Details
The Origin header is checked to prevent Cross-site WebSocket hijacking from happening which was reported by CVE-2018-14732.
But webpack-dev-server always allows IP address Origin headers.
https://github.com/webpack/webpack-dev-server/blob/55220a800ba4e30dbde2d98785ecf4c80b32f711/lib/Server.js#L3113-L3127
This allows websites that are served on IP addresses to connect WebSocket.
By using the same method described in the article linked from CVE-2018-14732, the attacker get the source code.
related commit: https://github.com/webpack/webpack-dev-server/commit/72efaab83381a0e1c4914adf401cbd210b7de7eb (note that checkHost function was only used for Host header to prevent DNS rebinding attacks so this change itself is fine.
This vulnerability does not affect Chrome 94+ (and other Chromium based browsers) users due to the non-HTTPS private access blocking feature.
PoC
Download reproduction.zip and extract it
Run npm i
Run npx webpack-dev-server
Open http://{ipaddress}/?target=http://localhost:8080&file=main with a non-Chromium browser (I used Firefox 134.0.1)
Edit src/index.js in the extracted directory
You can see the content of src/index.js
The script in the POC site is:
window.webpackHotUpdate = (...args) => {
console.log(...args);
for (i in args[1]) {
document.body.innerText = args[1][i].toString() + document.body.innerText
console.log(args...
CVSS: HIGH (7.5)
June 4th, 2025 (1 day ago)
|
|
CVE-2025-5609 |
Description: A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip. The manipulation of the argument lanMask leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In Tenda AC18 15.03.05.05 wurde eine kritische Schwachstelle entdeckt. Es geht um die Funktion fromadvsetlanip der Datei /goform/AdvSetLanip. Durch Manipulation des Arguments lanMask mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (8.7) EPSS Score: 0.05% SSVC Exploitation: poc
June 4th, 2025 (1 day ago)
|