2025-06-19 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2024-1016 | Solar - FTP Server | A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been declared as problematic. This vulnerability affects unknown code of the component PASV Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252286 is the identifier assigned to this vulnerability.In Solar FTP Server 2.1.1/2.1.2 wurde eine Schwachstelle ausgemacht. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalität der Komponente PASV Command Handler. Dank Manipulation mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. Als bestmögliche Massnahme wird Patching empfohlen. | CVSS3.1: 5.3 - MEDIUM | 0 1 2 | Exploitation: pocAutomatable: yesTechnical Impact: partial | Solar FTP Server PASV Command denial of service | github |
| CVE-2025-26199 | n/a - n/a | An issue in CloudClassroom PHP Project v.1.0 allows a remote attacker to execute arbitrary code via the cleartext submission of passwords. | CNA n/a CVSS3.1: 9.8 - CRITICAL | 0 | Exploitation: pocAutomatable: yesTechnical Impact: total | undefined | github |
| CVE-2025-20260 | Cisco - ClamAV | A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process. | CVSS3.1: 9.8 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: partial | ClamAV PDF Scanning Buffer Overflow Vulnerability | github |
| CVE-2022-28975 | n/a - n/a | A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field. | CNA n/a CVSS3.1: 5.4 - MEDIUM | 0 1 | Exploitation: pocAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2020-13880 | n/a - n/a | IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write. | CNA n/a CVSS3.1: 9.8 - CRITICAL | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2021-38243 | n/a - n/a | xunruicms up to v4.5.1 was discovered to contain a remote code execution (RCE) vulnerability in /index.php. This vulnerability allows attackers to execute arbitrary code via a crafted GET request. | CNA n/a CVSS3.1: 9.8 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | undefined | github |
| CVE-2023-42453 | matrix-org - synapse | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. | CVSS3.1: 3.1 - LOW | 0 1 2 3 4 5 | Exploitation: noneAutomatable: noTechnical Impact: partial | Improper validation of receipts allows forged read receipts in matrix synapse | github |
| CVE-2020-24682 | B&R Industrial Automation - Automation StudioB&R Industrial Automation - NET/PVI | Unquoted Search Path or Element vulnerability in B&R Industrial Automation Automation Studio, B&R Industrial Automation NET/PVI allows Target Programs with Elevated Privileges.This issue affects Automation Studio: from 4.0 through 4.6, from 4.7.0 before 4.7.7 SP, from 4.8.0 before 4.8.6 SP, from 4.9.0 before 4.9.4 SP; NET/PVI: from 4.0 through 4.6, from 4.7.0 before 4.7.7, from 4.8.0 before 4.8.6, from 4.9.0 before 4.9.4. | CVSS3.1: 7.2 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | Automation Studio and PVI Multiple unquoted service path vulnerabilities | github |
This post is licensed under CC BY 4.0 by the author.