CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!
Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: TL;DR
This vulnerability affects all Kirby sites that use the collection() helper or $kirby->collection() method with a dynamic collection name (such as a collection name that depends on request or user data).
Sites that only use fixed calls to the collection() helper/$kirby->collection() method (i.e. calls with a simple string for the collection name) are not affected.
Introduction
Kirby's collection() helper and $kirby->collection() method (in the following abbreviated to the collection() helper) allow to load PHP logic files that are normally stored in the site/collections folder or registered by plugins through the collections plugin extension.
If the collection() helper is called with an arbitrary collection name, Kirby first checks if a file with this name exists in the collections root (which defaults to site/collections).
This logic was vulnerable against path traversal attacks. By using special elements such as .. and / separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the ../ sequence, which in most modern operating systems is interpreted as the parent directory of the current location.
Because Kirby's collection() helper did not protect against path traversal, the provided collection name could include special sequences that would cause Kirby to look outside of the configured collections root and access arbitrary files.
Impact
The missin...
CVSS: MEDIUM (6.3) EPSS Score: 0.08%
May 13th, 2025 (about 1 month ago)
|
|
|
Description: TL;DR
This vulnerability affects all Kirby sites that use the snippet() helper or $kirby->snippet() method with a dynamic snippet name (such as a snippet name that depends on request or user data).
Sites that only use fixed calls to the snippet() helper/$kirby->snippet() method (i.e. calls with a simple string for the snippet name) are not affected.
Introduction
Kirby's snippet() helper and $kirby->snippet() method (in the following abbreviated to the snippet() helper) allow to load PHP snippet files that are normally stored in the site/snippets folder or registered by plugins through the snippets plugin extension.
If the snippet() helper is called with an arbitrary snippet name, Kirby first checks if a file with this name exists in the snippets root (which defaults to site/snippets).
This logic was vulnerable against path traversal attacks. By using special elements such as .. and / separators, attackers can escape outside of the restricted location to access files or directories that are elsewhere on the system. One of the most common special elements is the ../ sequence, which in most modern operating systems is interpreted as the parent directory of the current location.
Because Kirby's snippet() helper did not protect against path traversal, the provided snippet name could include special sequences that would cause Kirby to look outside of the configured snippets root and access arbitrary files.
Impact
The missing path traversal check allowed attackers to navigate an...
CVSS: MEDIUM (6.3) EPSS Score: 0.08%
May 13th, 2025 (about 1 month ago)
|
CVE-2025-45746 |
Description: In ZKT ZKBio CVSecurity 6.4.1_R an unauthenticated attacker can craft JWT token using the hardcoded secret to authenticate to the service console.
CVSS: MEDIUM (6.5) EPSS Score: 0.12%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-30011 |
Description: The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the affected SRM packages which allows an unauthenticated attacker to send an malicious request to the application, which could disclose the internal version details of the affected system. This vulnerability has low impact on confidentiality, with no effect on integrity and availability of the application.
CVSS: MEDIUM (5.3) EPSS Score: 0.05% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-30329 |
Description: Animate versions 24.0.8, 23.0.11 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: MEDIUM (5.5) EPSS Score: 0.02%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-30320 |
Description: InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: MEDIUM (5.5) EPSS Score: 0.02% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-30319 |
Description: InDesign Desktop versions ID19.5.2, ID20.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the application, causing a disruption in service. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVSS: MEDIUM (5.5) EPSS Score: 0.02% SSVC Exploitation: none
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-32703 |
Description: Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.
CVSS: MEDIUM (5.5) EPSS Score: 0.04%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-30394 |
Description: Sensitive data storage in improperly locked memory in Remote Desktop Gateway Service allows an unauthorized attacker to deny service over a network.
CVSS: MEDIUM (5.9) EPSS Score: 0.07%
May 13th, 2025 (about 1 month ago)
|
|
CVE-2025-29974 |
Description: Integer underflow (wrap or wraparound) in Windows Kernel allows an unauthorized attacker to disclose information over an adjacent network.
CVSS: MEDIUM (5.7) EPSS Score: 0.07%
May 13th, 2025 (about 1 month ago)
|