CVE-2024-0183 |
Description: A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability. Es wurde eine Schwachstelle in RRJ Nueva Ecija Engineer Online Portal 1.0 ausgemacht. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/students.php der Komponente NIA Office. Mittels dem Manipulieren mit unbekannten Daten kann eine basic cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung.
CVSS: LOW (2.4) EPSS Score: 0.06% SSVC Exploitation: poc
May 13th, 2025 (25 days ago)
|
![]() |
Description: Summary
Users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list .
PoC
As root:
# mkdir /tmp/foo
# chmod a-rwx /tmp/foo
# touch /tmp/foo/secret_file
As a user without any (or limited) sudo rights:
$ sudo --list /tmp/foo/nonexistent_file
sudo-rs: '/tmp/foo/nonexistent_file': command not found
$ $ sudo --list /tmp/foo/secret_file
sudo-rs: Sorry, user eve may not run sudo on host.
I.e. the user can distinguish whether files exist.
Related
Original sudo (vulnerable version tested by us: 1.9.15p5) exhibited similar behaviour for files with the executable bit set.
Impact
Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks.
Credits
This issue was identified by sudo-rs developer Marc Schoolderman
References
https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-98cv-wqjx-wx8f
https://nvd.nist.gov/vuln/detail/CVE-2025-46717
https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.6
https://github.com/advisories/GHSA-98cv-wqjx-wx8f
CVSS: LOW (3.3) EPSS Score: 0.01%
May 13th, 2025 (25 days ago)
|
CVE-2025-40571 |
Description: A vulnerability has been identified in Mendix OIDC SSO (Mendix 10 compatible) (All versions < V4.0.0), Mendix OIDC SSO (Mendix 9 compatible) (All versions). The Mendix OIDC SSO module grants read and write access to all tokens exclusively to the Administrator role and could result in privilege misuse by an adversary modifying the module during Mendix development.
CVSS: LOW (2.2) EPSS Score: 0.03%
May 13th, 2025 (26 days ago)
|
CVE-2025-22246 |
Description: Cloud Foundry UAA release versions from v77.21.0 to v7.31.0 are vulnerable to a private key exposure in logs.
CVSS: LOW (3.0) EPSS Score: 0.01%
May 13th, 2025 (26 days ago)
|
CVE-2025-46825 |
Description: Kanboard is project management software that focuses on the Kanban methodology. Versions 1.2.26 through 1.2.44 have a Stored Cross-Site Scripting (XSS) Vulnerability in the `name` parameter of the `http://localhost/?controller=ProjectCreationController&action=create` form. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Note that the default content security policy (CSP) blocks the JavaScript attack, though it can be exploited if an instance is badly configured and the software is vulnerable to CSS injection because of the unsafe-inline on the default CSP. Version 1.2.45 contains a fix for the issue.
CVSS: LOW (1.3) EPSS Score: 0.06%
May 12th, 2025 (26 days ago)
|
CVE-2025-31239 |
Description: A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 11.5, macOS Sonoma 14.7.6, tvOS 18.5, iPadOS 17.7.7, iOS 18.5 and iPadOS 18.5, macOS Sequoia 15.5, visionOS 2.5, macOS Ventura 13.7.6. Parsing a file may lead to an unexpected app termination.
CVSS: LOW (3.3) EPSS Score: 0.01%
May 12th, 2025 (26 days ago)
|
CVE-2025-46748 |
Description: An authenticated user attempting to change their password could do so without using the current password.
CVSS: LOW (2.7) EPSS Score: 0.03%
May 12th, 2025 (26 days ago)
|
CVE-2025-46744 |
Description: An authenticated administrator could modify the Created By username for a user account
CVSS: LOW (2.7) EPSS Score: 0.03%
May 12th, 2025 (26 days ago)
|
CVE-2025-47729 |
Description: TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users.
CVSS: LOW (1.9) EPSS Score: 8.55%
May 12th, 2025 (26 days ago)
|
CVE-2025-47274 |
Description: ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only applies to secrets which were used in containers whose run configs exist at a point in time - other secrets remaining inaccessible. ToolHive 0.0.33 fixes the issue. Some workarounds are available. Stop and delete any running MCP servers, or manually remove any runconfigs from `$HOME/Library/Application Support/toolhive/runconfigs/` (macOS) or `$HOME/.state/toolhive/runconfigs/` (Linux).
CVSS: LOW (2.4) EPSS Score: 0.01%
May 12th, 2025 (26 days ago)
|