2025-07-25 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2025-33109 | IBM - i | IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 is vulnerable to a privilege escalation caused by an invalid database authority check. A bad actor could execute a database procedure or function without having all required permissions, in addition to causing denial of service for some database actions. | CVSS3.1: 7.5 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | IBM i privilege escalation | github |
| CVE-2016-15044 | Kaltura - Video Platform | A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process. | CVSS4.0: 9.3 - CRITICAL | 0 1 2 3 | Exploitation: pocAutomatable: yesTechnical Impact: total | Kaltura < 11.1.0-2 PHP Object Injection RCE | github |
| CVE-2025-40680 | Capillary io - CapillaryScope | Lack of sensitive data encryption in CapillaryScope v2.5.0 of Capillary io, which stores both the proxy credentials and the JWT session token in plain text within different registry keys on the Windows operating system. Any authenticated local user with read access to the registry can extract these sensitive values. | CVSS4.0: 6.9 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | Encryption of sensitive data in CapillaryScope missing | github |
This post is licensed under CC BY 4.0 by the author.