Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: TL;DR
This vulnerability affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development.
Sites that use other server software (such as Apache, nginx or Caddy) are not affected.
Introduction
For use with PHP's built-in web server, Kirby provides a router.php file. The router delegates requests to static files to PHP so that assets and other static files in the document root can be accessed by the browser.
This logic was vulnerable against path traversal attacks. By using special elements such as .. and / separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the ../ sequence, which in most modern operating systems is interpreted as the parent directory of the current location.
Impact
The missing path traversal check allowed attackers to navigate all files on the server that were accessible to the PHP process, including files outside of the Kirby installation.
The vulnerable implementation delegated all existing files to PHP, including existing files outside of the document root. This leads to a different response that allows attackers to determine whether the requested file exists.
Because Kirby's router only delegates such requests to PHP and does not load or execute them, contents of the files were not exposed as PHP treats requests to files outside of the document root as invalid.
Patches
The probl...
CVSS: LOW (2.3) EPSS Score: 0.04%
May 13th, 2025 (25 days ago)
|
|
|
Description: Impact
The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address (potentially bypassing spam and email client security systems).
Patches
This issue affects all (supported) versions Umbraco Forms and is patched in 13.4.2 and 15.1.2.
Workarounds
Unpatched or unsupported versions can workaround this issue by using the 'Send email with template (Razor)' workflow instead or writing a custom workflow type.
To avoid accidentally using the vulnerable workflow again, the SendEmail workflow type can be removed using the following composer (tested on Umbraco 10, 13, 14 and 15):
using Umbraco.Cms.Core.Composing;
using Umbraco.Forms.Core.Providers.Extensions;
using Umbraco.Forms.Core.Providers.WorkflowTypes;
internal sealed class RemoveFormsSendEmailWorkflowTypeComposer : IComposer
{
public void Compose(IUmbracoBuilder builder)
=> builder.FormsWorkflows().Exclude();
}
References
https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-2qrj-g9hq-chph
https://nvd.nist.gov/vuln/detail/CVE-2025-47280
https://github.com/advisories/GHSA-2qrj-g9hq-chph
CVSS: LOW (2.3) EPSS Score: 0.03%
May 13th, 2025 (25 days ago)
|
|
|
Description: Impact
The 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address (potentially bypassing spam and email client security systems).
Patches
This issue affects all (supported) versions Umbraco Forms and is patched in 13.4.2 and 15.1.2.
Workarounds
Unpatched or unsupported versions can workaround this issue by using the 'Send email with template (Razor)' workflow instead or writing a custom workflow type.
To avoid accidentally using the vulnerable workflow again, the SendEmail workflow type can be removed using the following composer (tested on Umbraco 10, 13, 14 and 15):
using Umbraco.Cms.Core.Composing;
using Umbraco.Forms.Core.Providers.Extensions;
using Umbraco.Forms.Core.Providers.WorkflowTypes;
internal sealed class RemoveFormsSendEmailWorkflowTypeComposer : IComposer
{
public void Compose(IUmbracoBuilder builder)
=> builder.FormsWorkflows().Exclude();
}
References
https://github.com/umbraco/Umbraco.Forms.Issues/security/advisories/GHSA-2qrj-g9hq-chph
https://nvd.nist.gov/vuln/detail/CVE-2025-47280
https://github.com/advisories/GHSA-2qrj-g9hq-chph
CVSS: LOW (2.3) EPSS Score: 0.03%
May 13th, 2025 (25 days ago)
|
|
|
Description: Summary
Users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the -U flag. This doesn't happen with the original sudo.
PoC
The initial test has been done in a container running Ubuntu 24.04 and installing oxidizr, running sudo-rs 0.2.2.
A user (bob) has been added with only ps command executable through sudo:
root ALL=(ALL:ALL) ALL
bob ALL=(ALL:ALL) /usr/bin/ps
The user is not able to read the /etc/sudoers file and running sudo -l -Uroot with original sudo (version 1.9.15p5) causes the following error:
Sorry, user bob is not allowed to execute 'list' as root on 43d4aed3cdbd.
The same command with sudo-rs is run without denying the execution:
User root may run the following commands on 43d4aed3cdbd:
(ALL : ALL) ALL
The same happens for other non-root users:
bob@43d4aed3cdbd:~$ sudo -l -Ufoo
User foo may run the following commands on 43d4aed3cdbd:
(ALL : ALL) /usr/bin/whoami
The behavior has been also been observed for version 0.2.5.
Impact
Users with limited sudo privileges can enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks.
Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory.
Credits
This issue was identified by Sonia Zorba.
Referenc...
CVSS: LOW (3.3) EPSS Score: 0.01%
May 13th, 2025 (25 days ago)
|
CVE-2025-47280 |
Description: Umbraco Forms is a form builder that integrates with the Umbraco content management system. Starting in the 7.x branch and prior to versions 13.4.2 and 15.1.2, the 'Send email' workflow does not HTML encode the user-provided field values in the sent email message, making any form with this workflow configured vulnerable, as it allows sending the message from a trusted system and address, potentially bypassing spam and email client security systems. This issue affects all (supported) versions Umbraco Forms and is patched in 13.4.2 and 15.1.2. Unpatched or unsupported versions can workaround this issue by using the `Send email with template (Razor)` workflow instead or writing a custom workflow type. To avoid accidentally using the vulnerable workflow again, the `SendEmail` workflow type can be removed using a composer available in the GitHub Security Advisory for this vulnerability.
CVSS: LOW (2.3) EPSS Score: 0.03% SSVC Exploitation: none
May 13th, 2025 (25 days ago)
|
|
CVE-2025-47278 |
Description: Flask is a web server gateway interface (WSGI) web application framework. In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the `itsdangerous` library. A list of keys can be passed, and it expects the last (top) key in the list to be the most recent key, and uses that for signing. Flask was incorrectly constructing that list in reverse, passing the signing key first. Sites that have opted-in to use key rotation by setting `SECRET_KEY_FALLBACKS` care likely to unexpectedly be signing their sessions with stale keys, and their transition to fresher keys will be impeded. Sessions are still signed, so this would not cause any sort of data integrity loss. Version 3.1.1 contains a patch for the issue.
CVSS: LOW (1.8) EPSS Score: 0.02%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-30207 |
Description: Kirby is an open-source content management system. A vulnerability in versions prior to 3.9.8.3, 3.10.1.2, and 4.7.1 affects all Kirby setups that use PHP's built-in server. Such setups are commonly only used during local development. Sites that use other server software (such as Apache, nginx or Caddy) are not affected. A missing path traversal check allowed attackers to navigate all files on the server that were accessible to the PHP process, including files outside of the Kirby installation. The vulnerable implementation delegated all existing files to PHP, including existing files outside of the document root. This leads to a different response that allows attackers to determine whether the requested file exists. Because Kirby's router only delegates such requests to PHP and does not load or execute them, contents of the files were not exposed as PHP treats requests to files outside of the document root as invalid. The problem has been patched in Kirby 3.9.8.3, Kirby 3.10.1.2, and Kirby 4.7.1. In all of the mentioned releases, the maintainers of Kirby have updated the router to check if existing static files are within the document root. Requests to files outside the document root are treated as page requests of the error page and will no longer allow to determine whether the file exists or not.
CVSS: LOW (2.3) EPSS Score: 0.04%
May 13th, 2025 (25 days ago)
|
|
CVE-2025-30012 |
Description: The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM stack to accept binary Java objects in specific encoding format. On successful exploitation, an authenticated attacker with high privileges could send malicious payload request and receive an outbound DNS request, resulting in deserialization of data in the application. This vulnerability has low impact on confidentiality, integrity and availability of the application.
CVSS: LOW (3.9) EPSS Score: 0.05% SSVC Exploitation: none
May 13th, 2025 (25 days ago)
|
|
CVE-2024-35281 |
Description: An improper isolation or compartmentalization vulnerability [CWE-653] in FortiClientMac version 7.4.2 and below, version 7.2.8 and below, 7.0 all versions and FortiVoiceUCDesktop 3.0 all versions desktop application may allow an authenticated attacker to inject code via Electron environment variables.
CVSS: LOW (2.3) EPSS Score: 0.02%
May 13th, 2025 (25 days ago)
|
|
CVE-2024-12533 |
Description: Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore Technology 4 allows Input Data Manipulation.This issue affects SecureCore Technology 4: from 4.0.1.0 before 4.0.1.1018, from 4.1.0.1 before 4.1.0.573, from 4.2.0.1 before 4.2.0.338, from 4.2.1.1 before 4.2.1.300, from 4.3.0.1 before 4.3.0.244, from 4.3.1.1 before 4.3.1.187, from 4.4.0.1 before 4.4.0.299, from 4.5.0.1 before 4.5.0.231, from 4.5.1.1 before 4.5.1.103, from 4.5.5.1 before 4.5.5.36, from 4.6.0.1 before 4.6.0.67.
CVSS: LOW (3.3) EPSS Score: 0.02%
May 13th, 2025 (25 days ago)
|