Aggregator

CVE-2025-9096 | ExpressGateway express-gateway up to 1.16.10 REST Endpoint lib/rest/routes/apps.js cross site scripting (EUVD-2025-25106)

VulDB Recent Entries
10 months 1 week ago
A vulnerability classified as problematic has been found in ExpressGateway express-gateway up to 1.16.10. This impacts an unknown function in the library lib/rest/routes/apps.js of the component REST Endpoint. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-9096. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-9095 | ExpressGateway express-gateway up to 1.16.10 REST Endpoint lib/rest/routes/users.js cross site scripting

VulDB Recent Entries
10 months 1 week ago
A vulnerability described as problematic has been identified in ExpressGateway express-gateway up to 1.16.10. This affects an unknown function in the library lib/rest/routes/users.js of the component REST Endpoint. Executing manipulation can lead to cross site scripting. This vulnerability is handled as CVE-2025-9095. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-9094 | ThingsBoard 4.1 Add Gateway special elements used in a template engine (EUVD-2025-25105)

VulDB Recent Entries
10 months 1 week ago
A vulnerability marked as critical has been reported in ThingsBoard 4.1. The impacted element is an unknown function of the component Add Gateway Handler. Performing manipulation results in improper neutralization of special elements used in a template engine. This vulnerability is known as CVE-2025-9094. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor replies, that "[t]he fix will come within upcoming release (v4.2) and will be inherited by maintenance releases of LTS versions (starting 4.0)."
vuldb.com

CVE-2025-9093 | BuzzFeed App 2024.9 on Android com.buzzfeed.android AndroidManifest.xml improper export of android application components

VulDB Recent Entries
10 months 1 week ago
A vulnerability labeled as problematic has been found in BuzzFeed App 2024.9 on Android. The affected element is an unknown function of the file AndroidManifest.xml of the component com.buzzfeed.android. Such manipulation leads to improper export of android application components. This vulnerability is traded as CVE-2025-9093. An attack has to be approached locally. Furthermore, there is an exploit available.
vuldb.com

CVE-2024-39930 漏洞分析

先知技术社区
10 months 1 week ago
Gogs(Go Git Service)是一款轻量级的自托管 Git 服务,广泛应用于内部代码托管场景。然而在其 0.13.0 版本之前,存在一个严重的远程代码执行漏洞。该漏洞源于其内置 SSH 服务对环境变量请求处理不当,攻击者可通过构造特殊的 env 请求,实现命令注入并远程执行任意命令。本文将详细分析该漏洞

记一次Comfy插件RCE复现(CVE-2024-21575 )

先知技术社区
10 months 1 week ago
本文复现并分析了ComfyUI-Impact-Pack插件中的远程代码执行(RCE)漏洞(CVE-2024-21575)。该漏洞源于插件的/upload/temp接口对文件上传路径验证不严,攻击者可通过目录穿越上传恶意文件至服务器特定目录实现RCE

Managed ad