2025-07-16 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2024-42650 | n/a - n/a | NanoMQ 0.17.5 was discovered to contain a segmentation fault via the component /nanomq/pub_handler.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PUBLISH message. | CNA n/a CVSS3.1: 7.5 - HIGH | 0 1 2 | Exploitation: pocAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-41239 | VMware - ESXiVMware - Cloud FoundationVMware - WorkstationVMware - FusionVMware - Telco Cloud PlatformVMware - Telco Cloud InfrastructureVMware - Tools | VMware ESXi, Workstation, Fusion, and VMware Tools contains an information disclosure vulnerability due to the usage of an uninitialised memory in vSockets. A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to leak memory from processes communicating with vSockets. | CVSS3.1: 7.1 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | vSockets information-disclosure vulnerability | github |
| CVE-2025-26186 | n/a - n/a | SQL Injection vulnerability in openSIS v.9.1 allows a remote attacker to execute arbitrary code via the id parameter in Ajax.php | CNA n/a CVSS3.1: 8.1 - HIGH | 0 1 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
| CVE-2024-51770 | Hewlett Packard Enterprise - HPE AutoPass License Server | An information disclosure vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.17. | CNA n/a CVSS3.1: 7.5 - HIGH | 0 | Exploitation: noneAutomatable: yesTechnical Impact: partial | undefined | github |
| CVE-2025-30483 | Dell - ECSDell - ObjectScale | Dell ECS versions prior to 3.8.1.5/ ObjectScale version 4.0.0.0 contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | CVSS3.1: 5.5 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | undefined | github |
| CVE-2025-24294 | Ruby - resolv | The attack vector is a potential Denial of Service (DoS). The vulnerability is caused by an insufficient check on the length of a decompressed domain name within a DNS packet. An attacker can craft a malicious DNS packet containing a highly compressed domain name. When the resolv library parses such a packet, the name decompression process consumes a large amount of CPU resources, as the library does not limit the resulting length of the name. This resource consumption can cause the application thread to become unresponsive, resulting in a Denial of Service condition. | CNA n/a CVSS3.1: 5.3 - MEDIUM | 0 | Exploitation: noneAutomatable: yesTechnical Impact: partial | undefined | github |
| CVE-2025-24477 | Fortinet - FortiOS | A heap-based buffer overflow in Fortinet FortiOS versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.7, 7.2.4 through 7.2.11 allows an attacker to escalate its privileges via a specially crafted CLI command | CVSS3.1: 4 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | undefined | github |
This post is licensed under CC BY 4.0 by the author.