Amit Schendel - Daily CVE Reports (Page 5)

RCE

CVE-2025-24016: Unsafe Deserialization Vulnerability in Wazuh Leading to Remote Code Execution

Executive Summary CVE-2025-24016 is a critical remote code execution (RCE) vulnerability affecting Wazuh, a widely used open-source security information and event management (SIEM) platform. This vulnerability stems from unsafe deserialization of DistributedAPI (DAPI) parameters, allowing an attacker with API access to execute arbitrary Python code on the Wazuh server. Specifically,

SQLi

CVE-2025-25181: Advantive VeraCore SQL Injection Vulnerability Deep Dive

Executive Summary CVE-2025-25181 is a SQL injection vulnerability affecting Advantive VeraCore versions up to 2025.1.0. The vulnerability resides in the timeoutWarning.asp file and can be exploited by remote attackers to execute arbitrary SQL commands through the PmSess1 parameter. Successful exploitation can lead to unauthorized access to sensitive

SupplyChain

CVE-2025-30066: Supply Chain Attack on GitHub Action tj-actions/changed-files

Executive Summary CVE-2025-30066 describes a supply chain attack targeting the widely used GitHub Action tj-actions/changed-files. This attack involved a malicious actor compromising the action and injecting code that leaked secrets from affected public repositories into workflow logs. The vulnerability allowed unauthorized access to sensitive information, potentially leading to credential

TOCTOU

CVE-2024-0132: TOCTOU Vulnerability in NVIDIA Container Toolkit

Executive Summary CVE-2024-0132 is a critical Time-of-Check Time-of-Use (TOCTOU) vulnerability affecting the NVIDIA Container Toolkit versions 1.16.1 and earlier. This vulnerability arises when the toolkit is used with its default configuration, potentially allowing a malicious container image to gain unauthorized access to the host file system. Successful exploitation

Web

CVE-2025-29771: Cross-Site Scripting (XSS) Vulnerability in HtmlSanitizer

Executive Summary CVE-2025-29771 is a cross-site scripting (XSS) vulnerability affecting versions of the HtmlSanitizer library prior to 2.0.3. HtmlSanitizer is a JavaScript library used to sanitize HTML content, often employed in scenarios where user-generated content is rendered in web applications. The vulnerability arises when the library is used

Crypto

CVE-2025-29774: XML Signature Verification Bypass in xml-crypto

Executive Summary CVE-2025-29774 is a critical vulnerability in the xml-crypto library, an XML digital signature and encryption library for Node.js. This vulnerability, present in versions prior to 6.0.1, 3.2.1, and 2.1.6, allows an attacker to bypass signature verification mechanisms in systems that rely

Linux

CVE-2025-21590: Deep Dive into the Junos OS Improper Isolation Vulnerability

Executive Summary CVE-2025-21590 is an Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks' Junos OS. This vulnerability allows a local attacker with high privileges to execute arbitrary code, compromising the integrity of the affected device. The issue is exploitable only through shell access and cannot be

CVE-2025-1767: Kubernetes GitRepo Volume Vulnerability

Executive Summary CVE-2025-1767 is a medium-severity vulnerability affecting Kubernetes clusters that utilize the deprecated in-tree gitRepo volume feature. This vulnerability allows an attacker with sufficient privileges to exploit the gitRepo volume to access local Git repositories from other pods on the same node. The vulnerability has a CVSS v3.1

Ruby

CVE-2025-27407: Remote Code Execution in graphql-ruby via Malicious Schema Loading

Executive Summary CVE-2025-27407 is a critical vulnerability in the graphql-ruby library, a popular Ruby implementation of GraphQL. The vulnerability arises from the unsafe handling of schema definitions loaded via GraphQL::Schema.from_introspection or GraphQL::Schema::Loader.load. Systems that load schemas from untrusted JSON sources are particularly at risk.

Apple

CVE-2025-24201: A Deep Dive into the WebKit Zero-Day Vulnerability

Executive Summary CVE-2025-24201 is a critical zero-day vulnerability discovered in Apple's WebKit browser engine, which powers Safari and all other browsers on iOS and iPadOS devices. This vulnerability, categorized as an out-of-bounds write, allows attackers to execute arbitrary code on affected devices by tricking users into visiting maliciously

Web

CVE-2025-26936: Critical Code Injection Vulnerability in Fresh Framework

CVE-2025-26936 is a critical code injection vulnerability (CWE-94: Improper Control of Generation of Code) affecting the Fresh Framework WordPress plugin, versions up to and including 1.70.0. This vulnerability allows unauthenticated attackers to execute arbitrary code remotely on a target system, potentially leading to full compromise of the affected

CVE-2025-25182: Understanding the Critical Authentication Bypass in Stroom

Executive Summary CVE-2025-25182 is a critical security vulnerability affecting Stroom, a data processing, storage, and analysis platform widely used in enterprise environments. Classified as CWE-290: Authentication Bypass by Spoofing, this flaw occurs when Stroom is misconfigured with AWS Application Load Balancer (ALB) Authentication Integration. It permits attackers to bypass authentication,