CVE-2025-20117 |
Description: A vulnerability in the CLI of Cisco APIC could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to insufficient validation of arguments that are passed to specific CLI commands. An attacker could exploit this vulnerability by including crafted input as the argument of an affected CLI command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of root.
CVSS: MEDIUM (5.1) EPSS Score: 0.01%
February 26th, 2025 (4 months ago)
|
CVE-2025-20116 |
Description: A vulnerability in the web UI of Cisco APIC could allow an authenticated, remote attacker to perform a stored XSS attack on an affected system. To exploit this vulnerability, the attacker must have valid administrative credentials.
This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by injecting malicious code into specific pages of the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web UI or access sensitive, browser-based information.
CVSS: MEDIUM (4.8) EPSS Score: 0.03%
February 26th, 2025 (4 months ago)
|
CVE-2025-20111 |
Description: A vulnerability in the health monitoring diagnostics of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, adjacent attacker to cause the device to reload unexpectedly, resulting in a denial of service (DoS) condition.
This vulnerability is due to the incorrect handling of specific Ethernet frames. An attacker could exploit this vulnerability by sending a sustained rate of crafted Ethernet frames to an affected device. A successful exploit could allow the attacker to cause the device to reload.
CVSS: HIGH (7.4) EPSS Score: 0.04%
February 26th, 2025 (4 months ago)
|
CVE-2025-1634 |
Description: A flaw was found in the quarkus-resteasy extension, which causes memory leaks when client requests with low timeouts are made. If a client request times out, a buffer is not released correctly, leading to increased memory usage and eventual application crash due to OutOfMemoryError.
EPSS Score: 0.07%
February 26th, 2025 (4 months ago)
|
CVE-2025-0941 |
Description: MET ONE 3400+ instruments running software v1.0.41 can, under rare conditions, temporarily store credentials in plain text within the system. This data is not available to unauthenticated users.
CVSS: MEDIUM (5.8) EPSS Score: 0.02%
February 26th, 2025 (4 months ago)
|
CVE-2024-53427 |
Description: jq v1.7.1 contains a stack-buffer-overflow in the decNumberCopy function within decNumber.c.
EPSS Score: 0.01%
February 26th, 2025 (4 months ago)
|
![]() |
Description: Forensic investigators have found that North Korean Lazarus hackers stole $1.5 billion from Bybit after hacking a developer's device at the multisig wallet platform Safe{Wallet}. [...]
February 26th, 2025 (4 months ago)
|
![]() |
Description: A malicious PyPi package named 'automslc' has been downloaded over 100,000 times from the Python Package Index since 2019, abusing hard-coded credentials to pirate music from the Deezer streaming service. [...]
February 26th, 2025 (4 months ago)
|
![]() |
Description: Bluesky has deleted the most viral post reporting on an internal government protest agains the President of the United States and the world's richest man.
February 26th, 2025 (4 months ago)
|
CVE-2025-25462 |
Description: A SQL Injection vulnerability was found in /admin/add-propertytype.php in PHPGurukul Land Record System Project in PHP v1.0 allows remote attackers to execute arbitrary code via the propertytype POST request parameter.
EPSS Score: 0.08%
February 26th, 2025 (4 months ago)
|