2025-09-17 Daily Vulns
NEW:
| CVE | vendor-product | description | metric | Referenceurl | title | GithubURL | |
|---|---|---|---|---|---|---|---|
| CVE-2024-12367 | Vegagrup Software - Vega Master | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing.This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available. | CVSS3.1: 8.6 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: partial | Information Disclosure in Vegagrup Software’s Vega Master | github |
| CVE-2009-20005 | InterSystems Corporation - InterSystems Caché | A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined. | CVSS4.0: 9.3 - CRITICAL | 0 1 2 3 4 | Exploitation: pocAutomatable: yesTechnical Impact: total | InterSystems Caché UtilConfigHome.csp Stack Buffer Overflow | github |
| CVE-2025-24088 | Apple - macOS | The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26. An app may be able to override MDM-enforced settings from profiles. | CNA n/a CVSS3.1: 7.5 - HIGH | 0 | Exploitation: noneAutomatable: yesTechnical Impact: partial | undefined | github |
| CVE-2025-10491 | MongoDB Inc - MongoDB Server | The MongoDB Windows installation MSI may leave ACLs unset on custom installation directories allowing a local attacker to introduce executable code to MongoDB’s process via DLL hijacking. This issue affects MongoDB Server v6.0 version prior to 6.0.25, MongoDB Server v7.0 version prior to 7.0.21 and MongoDB Server v8.0 version prior to 8.0.5 | CVSS3.1: 7.8 - HIGH | 0 | Exploitation: noneAutomatable: noTechnical Impact: total | MongoDB Windows installation MSI may leave ACLs unset on custom installation directories | github |
This post is licensed under CC BY 4.0 by the author.