2025-08-21 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2009-10005 | ContentKeeper Technologies - Web Appliance | ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot. | CVSS4.0: 8.7 - HIGH | 0 1 2 3 4 | Exploitation: pocAutomatable: yesTechnical Impact: partial | ContentKeeper Web Appliance < 125.10 Arbitrary File Access via mimencode | github |
| CVE-2010-20010 | Foxit Software - Foxit PDF Reader | Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file. | CVSS4.0: 8.4 - HIGH | 0 1 2 3 4 5 | Exploitation: noneAutomatable: noTechnical Impact: partial | Foxit PDF Reader < 4.2.0.0928 Title Stack Buffer Overflow | github |
| CVE-2011-10022 | SPlayer Project - SPlayer | SPlayer version 3.7 and earlier is vulnerable to a stack-based buffer overflow when processing HTTP responses containing an overly long Content-Type header. The vulnerability occurs due to improper bounds checking on the header value, allowing an attacker to overwrite the Structured Exception Handler (SEH) and execute arbitrary code. Exploitation requires the victim to open a media file that triggers an HTTP request to a malicious server, which responds with a crafted Content-Type header. | CVSS4.0: 8.6 - HIGH | 0 1 2 3 4 | Exploitation: noneAutomatable: noTechnical Impact: partial | SPlayer 3.7 Content-Type Header Buffer Overflow | github |
| CVE-2025-46932 | Adobe - Adobe Experience Manager | Adobe Experience Manager versions 6.5.22 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | CVSS3.1: 5.4 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) | github |
| CVE-2024-12223 | Nutanix - Prism Central | Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim user’s session and perform actions in their security context. | CVSS4.0: 9.3 - CRITICAL | 0 | Exploitation: noneAutomatable: yesTechnical Impact: total | Stored Cross-site Scripting (XSS) in Nutanix Prism Central | github |
| CVE-2025-1142 | IBM - Edge Application Manager | IBM Edge Application Manager 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | CVSS3.1: 5.4 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | IBM Edge Application Manager server-side request forgery | github |
| CVE-2024-39954 | Apache Software Foundation - Apache EventMesh Runtime | CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue. | CVSS3.1: 6.3 - MEDIUM | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | Apache EventMesh Runtime: SSRF | github |
This post is licensed under CC BY 4.0 by the author.