2025-32 Java Security Weekly News - Canonical, Red Hat, GitHub, Spring
2025 » Published on August 22, 2025
 | Ubuntu Security Notices |
 | Red Hat Security Advisory |
 | Github Security Advisories |
| [GHSA-prj3-ccx8-p6x4] Netty affected by MadeYouReset HTTP/2 DDoS vulnerability io.netty:netty-codec-http2 - impacts versions: >= 4.2.0.Alpha1, <= 4.2.3.Final fixed in: 4.2.4.Final io.netty:netty-codec-http2 - impacts versions: <= 4.1.123.Final fixed in: 4.1.124.Final |
 | Spring Security Advisories |
 | io.netty:netty-codec-http2 |
| HIGH | CVE-2025-55163 Netty is an asynchronous, event-driven network application framework. Prior to versions 4.1.124.Final and 4.2.4.Final, Netty is vulnerable to MadeYouReset DDoS. This is a logical vulnerability in the HTTP/2 protocol, that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit - which results in resource exhaustion and distributed denial of service. This issue has been patched in versions 4.1.124.Final and 4.2.4.Final. Published Wednesday, August 13, 2025 |
| | Additional Java CVEs |
| N/A | CVE-2025-57728 In JetBrains IntelliJ IDEA before 2025.2 improper access control allowed Code With Me guest to discover hidden files Published Wednesday, August 20, 2025 |
| 7.5 | CVE-2025-54254 Adobe Experience Manager versions 6.5.23 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files on the local file system. Exploitation of this issue does not require user interaction. Published Tuesday, August 5, 2025 |
| 6.9 | CVE-2025-42946 Due to directory traversal vulnerability in SAP S/4HANA (Bank Communication Management), an attacker with high privileges and access to a specific transaction and method in Bank Communication Management could gain unauthorized access to sensitive operating system files. This could allow the attacker to potentially read or delete these files hence causing a high impact on confidentiality and low impact on integrity. There is no impact on availability of the system. Published Tuesday, August 12, 2025 |
| 6.1 | CVE-2025-42948 Due to a Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver ABAP Platform, an unauthenticated attacker could generate a malicious link and make it publicly accessible. If an authenticated user clicks on this link, the injected input is processed during the website?s page generation, resulting in the creation of malicious content. When this malicious content gets executed, the attacker could gain the ability to access/modify information within the scope of victim?s browser. Published Tuesday, August 12, 2025 |
| 6.1 | CVE-2025-42975 SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability. Published Tuesday, August 12, 2025 |
| N/A | CVE-2025-3089 ServiceNow has addressed a Broken Access Control vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could allow a low privileged user to bypass access controls and perform a limited set of actions typically reserved for higher privileged users, potentially leading to unauthorized data modifications. This issue is addressed in the listed patches and family releases, which have been made available to hosted and self-hosted customers, as well as partners. Published Tuesday, August 12, 2025 |
| N/A | CVE-2025-55668 Session Fixation vulnerability in Apache Tomcat via rewrite valve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. Older, EOL versions may also be affected. Users are recommended to upgrade to version 11.0.8, 10.1.42 or 9.0.106, which fix the issue. Published Wednesday, August 13, 2025 |
| N/A | CVE-2025-41242 Spring Framework MVC applications can be vulnerable to a Path Traversal Vulnerability when deployed on a non-compliant Servlet container. An application can be vulnerable when all the following are true: * the application is deployed as a WAR or with an embedded Servlet container * the Servlet container does not reject suspicious sequences https://jakarta.ee/specifications/servlet/6.1/jakarta-servlet-spec-6.1.html#uri-path-canonicalization * the application serves static resources https://docs.spring.io/spring-framework/reference/web/webmvc/mvc-config/static-resources.html#page-title with Spring resource handling We have verified that applications deployed on Apache Tomcat or Eclipse Jetty are not vulnerable, as long as default security features are not disabled in the configuration. Because we cannot check exploits against all Servlet containers and configuration variants, we strongly recommend upgrading your application. Published Monday, August 18, 2025 |
| N/A | CVE-2025-57727 In JetBrains IntelliJ IDEA before 2025.2 credentials disclosure was possible via remote reference Published Wednesday, August 20, 2025 |
| N/A | CVE-2025-57730 In JetBrains IntelliJ IDEA before 2025.2 hTML injection was possible via Remote Development feature Published Wednesday, August 20, 2025 |
| 6.5 | CVE-2024-9453 A vulnerability was found in Red Hat OpenShift Jenkins. The bearer token is not obfuscated in the logs and potentially carries a high risk if those logs are centralized when collected. The token is typically valid for one year. This flaw allows a malicious user to jeopardize the environment if they have access to sensitive information. Published Friday, July 4, 2025 |
| 5.5 | CVE-2025-21433 Transient DOS when importing a PKCS#8-encoded RSA private key with a zero-sized modulus. Published Tuesday, July 8, 2025 |
| 10.0 | CVE-2025-54253 Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacker could leverage this vulnerability to bypass security mechanisms and execute code. Exploitation of this issue does not require user interaction and scope is changed. Published Tuesday, August 5, 2025 |
| 5.3 | CVE-2025-8419 A vulnerability was found in Keycloak-services. Special characters used during e-mail registration may perform SMTP Injection and unexpectedly send short unwanted e-mails. The email is limited to 64 characters (limited local part of the email), so the attack is limited to very shorts emails (subject and little data, the example is 60 chars). This flaw's only direct consequence is an unsolicited email being sent from the Keycloak server. However, this action could be a precursor for more sophisticated attacks. Published Wednesday, August 6, 2025 |
| 7.5 | CVE-2024-56339 IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 could allow a remote attacker to bypass security restrictions caused by a failure to honor security configuration. Published Thursday, August 7, 2025 |
| N/A | CVE-2025-25231 Omnissa Workspace ONE UEM contains a Secondary Context Path Traversal Vulnerability. A malicious actor may be able to gain access to sensitive information by sending crafted GET requests (read-only) to restricted API endpoints. Published Monday, August 11, 2025 |
| 3.5 | CVE-2024-41983 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application displays SQL statement in the error messages encountered during the generation of reports using Cockpit tool. Published Tuesday, August 12, 2025 |
| N/A | CVE-2025-48989 Improper Resource Shutdown or Release vulnerability in Apache Tomcat made Tomcat vulnerable to the made you reset attack. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.9, from 10.1.0-M1 through 10.1.43 and from 9.0.0.M1 through 9.0.107. Older, EOL versions may also be affected. Users are recommended to upgrade to one of versions 11.0.10, 10.1.44 or 9.0.108 which fix the issue. Published Wednesday, August 13, 2025 |
| N/A | CVE-2025-8904 Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below. Published Wednesday, August 13, 2025 |
| 7.5 | CVE-2025-33142 IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security for TLS connections. Published Thursday, August 14, 2025 |
| 7.5 | CVE-2025-36047 IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. Published Thursday, August 14, 2025 |
| N/A | CVE-2025-57729 In JetBrains IntelliJ IDEA before 2025.2 unexpected plugin startup was possible due to automatic LSP server start Published Wednesday, August 20, 2025 |
| N/A | CVE-2025-57734 In JetBrains TeamCity before 2025.07.1 aWS credentials were exposed in Docker script files Published Wednesday, August 20, 2025 |
| 5.9 | CVE-2025-36034 IBM InfoSphere DataStage Flow Designer in IBM InfoSphere Information Server 11.7 discloses sensitive user information in API requests in clear text that could be intercepted using man in the middle techniques. Published Thursday, June 26, 2025 |
| 6.5 | CVE-2025-36023 IBM Cloud Pak for Business Automation 24.0.0 through 24.0.0 IF005 and 24.0.1 through 24.0.1 IF002 could allow an authenticated user to view sensitive user and system information due to an indirect object reference through a user-controlled key. Published Friday, August 8, 2025 |
| N/A | CVE-2025-4655 SSRF vulnerability in FreeMarker templates in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 allows template editors to bypass access validations via crafted URLs. Published Saturday, August 9, 2025 |
| N/A | CVE-2025-8885 Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcprov, bc-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java. This issue affects Bouncy Castle for Java: from BC 1.0 through 1.77, from BC-FJA 1.0.0 through 1.0.2.5, from BC-FJA 2.0.0 through 2.0.0. Published Tuesday, August 12, 2025 |
| N/A | CVE-2025-9092 Uncontrolled Resource Consumption vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0 bc-fips (API modules) allows Excessive Allocation. This vulnerability is associated with program files org.Bouncycastle.Crypto.Fips.NativeLoader. This issue affects Bouncy Castle for Java - BC-FJA 2.1.0: from BC-FJA 2.1.0 through 2.1.0. Published Saturday, August 16, 2025 |
| 5.4 | CVE-2025-33008 IBM Sterling B2B Integrator 6.2.1.0 and IBM Sterling File Gateway 6.2.1.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Published Tuesday, August 19, 2025 |
| 2.7 | CVE-2025-2988 IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7, 6.2.0.0 through 6.2.0.4, and 6.2.1.0 could disclose sensitive server information to an unauthorized user that could aid in further attacks against the system. Published Tuesday, August 19, 2025 |
| N/A | CVE-2025-57733 In JetBrains TeamCity before 2025.07.1 sMTP injection was possible allowing modification of email content Published Wednesday, August 20, 2025 |
| N/A | CVE-2025-43740 A Stored cross-site scripting vulnerability in the Liferay Portal 7.4.3.120 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.9 through 2024.Q1.19 allows an remote authenticated attacker to inject JavaScript through the message boards feature available via the web interface. Published Tuesday, August 19, 2025 |
| 4.3 | CVE-2025-2670 IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and internal state. Published Wednesday, July 9, 2025 |
| 7.5 | CVE-2025-36097 IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow. An attacker can send a specially crafted request that cause the server to consume excessive memory resources. Published Wednesday, July 16, 2025 |
| 9.8 | CVE-2025-54445 Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0. Published Wednesday, July 23, 2025 |
| 7.4 | CVE-2025-2824 IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. Published Friday, August 1, 2025 |
| 9.8 | CVE-2025-3354 IBM Tivoli Monitoring 6.3.0.7 through 6.3.0.7 Service Pack 20 is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. Published Wednesday, August 6, 2025 |
| N/A | CVE-2025-48913 If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilities. This interface is now restricted to reject those protocols, removing this possibility. Users are recommended to upgrade to versions 3.6.8, 4.0.9 or 4.1.3, which fix this issue. Published Friday, August 8, 2025 |
| N/A | CVE-2025-53606 Deserialization of Untrusted Data vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): 2.4.0. Users are recommended to upgrade to version 2.5.0, which fixes the issue. Published Friday, August 8, 2025 |
| 8.8 | CVE-2025-50465 OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The testPlatform parameter can be used to build a SQL query. Published Friday, August 8, 2025 |
| 6.5 | CVE-2025-50466 OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The entityType parameter can be used to build a SQL query. Published Friday, August 8, 2025 |
| N/A | CVE-2025-50468 OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query. Published Friday, August 8, 2025 |
| N/A | CVE-2025-25229 Omnissa Workspace ONE UEM contains a Server-Side Request Forgery (SSRF) Vulnerability. A malicious actor with user privileges may be able to access restricted internal system information, potentially enabling enumeration of internal network resources. Published Monday, August 11, 2025 |
| N/A | CVE-2025-44001 Mattermost Confluence Plugin version <1.5.0 fails to check the access of the user to the channel which allows attackers to get channel subscription details without proper access to the channel via API call to the Get Channel Subscriptions details endpoint. Published Monday, August 11, 2025 |
| N/A | CVE-2025-44004 Mattermost Confluence Plugin version <1.5.0 fails to check the authorization of the user to the Mattermost instance which allows attackers to create a channel subscription without proper authorization via API call to the create channel subscription endpoint. Published Monday, August 11, 2025 |
| N/A | CVE-2025-49221 Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to access subscription details without via API call to GET subscription endpoint. Published Monday, August 11, 2025 |
| N/A | CVE-2025-52931 Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to update channel subscription endpoint with an invalid request body. Published Monday, August 11, 2025 |
| N/A | CVE-2025-54463 Mattermost Confluence Plugin version <1.5.0 fails to handle unexpected request body which allows attackers to crash the plugin via constant hit to server webhook endpoint with an invalid request body. Published Monday, August 11, 2025 |
| N/A | CVE-2025-43735 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript into the google_gadget. Published Tuesday, August 12, 2025 |
| 7.5 | CVE-2025-36124 IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions caused by a failure to honor JMS messaging configuration Published Tuesday, August 12, 2025 |
| N/A | CVE-2025-43734 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a remote authenticated attacker to inject JavaScript code in the first display label field in the configuration of a custom sort widget. This malicious payload is then reflected and executed by clay button taglib when refreshing the page. Published Tuesday, August 12, 2025 |
| 4.8 | CVE-2025-36000 IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. Published Tuesday, August 12, 2025 |
| N/A | CVE-2025-8916 Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcpkix, bcprov, bcpkix-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertP... https://github.Com/bcgit/bc-java/blob/main/pkix/src/main/java/org/bouncycastle/pkix/jcajce/PKIXCertPathReviewer.java , https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathRevi... https://github.Com/bcgit/bc-java/blob/main/prov/src/main/java/org/bouncycastle/x509/PKIXCertPathReviewer.java . This issue affects Bouncy Castle for Java: from BC 1.44 through 1.78, from BCPKIX FIPS 1.0.0 through 1.0.7, from BCPKIX FIPS 2.0.0 through 2.0.7. Published Wednesday, August 13, 2025 |
| 8.7 | CVE-2025-40758 A vulnerability has been identified in Mendix SAML (Mendix 10.12 compatible) (All versions < V4.0.3), Mendix SAML (Mendix 10.21 compatible) (All versions < V4.1.2), Mendix SAML (Mendix 9.24 compatible) (All versions < V3.6.21). Affected versions of the module insufficiently enforce signature validation and binding checks. This could allow unauthenticated remote attackers to hijack an account in specific SSO configurations. Published Thursday, August 14, 2025 |
| N/A | CVE-2025-31987 HCL Connections Docs may mishandle validation of certain uploaded documents leading to denial of service due to resource exhaustion. Published Thursday, August 14, 2025 |
| N/A | CVE-2025-31961 HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. Published Friday, August 15, 2025 |
| N/A | CVE-2025-54466 Improper Control of Generation of Code ('Code Injection') vulnerability leading to a possible RCE in Apache OFBiz scrum plugin. This issue affects Apache OFBiz: before 24.09.02 only when the scrum plugin is used. Even unauthenticated attackers can exploit this vulnerability. Users are recommended to upgrade to version 24.09.02, which fixes the issue. Published Friday, August 15, 2025 |
| N/A | CVE-2025-43733 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.7 allows a remote authenticated attacker to inject JavaScript code via the content page's name field. This malicious payload is then reflected and executed within the user's browser when viewing the "document View Usages" page. Published Monday, August 18, 2025 |
| 7.5 | CVE-2025-33090 IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to cause a denial of service using a specially crafted regular expression that would cause excessive resource consumption. Published Monday, August 18, 2025 |
| N/A | CVE-2025-43732 Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.17 and 7.4 GA through update 92 is vulnerable to Insecure Direct Object Reference (IDOR) in the groupId parameter of the _com_liferay_roles_selector_web_portlet_RolesSelectorPortlet_groupId. When an organization administrator modifies this parameter id value, they can gain unauthorized access to user lists from other organizations. Published Monday, August 18, 2025 |
| N/A | CVE-2025-43731 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows an remote authenticated user to inject JavaScript in message board threads and categories. Published Monday, August 18, 2025 |
| N/A | CVE-2025-43739 Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allow any authenticated user to modify the content of emails sent through the calendar portlet, allowing an attacker to send phishing emails to any other user in the same organization. Published Tuesday, August 19, 2025 |
| N/A | CVE-2025-50434 A security issue has been identified in Appian Enterprise Business Process Management version 25.3. The vulnerability is related to incorrect access control, which under certain conditions could allow unauthorized access to information. Published Tuesday, August 19, 2025 |
| N/A | CVE-2025-31988 HCL Digital Experience is susceptible to cross site scripting (XSS) in an administrative UI with restricted access. Published Tuesday, August 19, 2025 |
| N/A | CVE-2025-43743 Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.5, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15 and 7.4 GA through update 92 allows any authenticated remote user to view other calendars by allowing them to enumerate the names of other users, given an attacker the possibility to send phishing to these users. Published Tuesday, August 19, 2025 |
| N/A | CVE-2025-43744 A stored DOM-based Cross-Site Scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.5, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 exists in the Asset Publisher configuration UI within the Source.js module. This vulnerability allows attackers to inject arbitrary JavaScript via DDM structure field labels which are then inserted into the DOM using innerHTML without proper encoding. Published Tuesday, August 19, 2025 |
| 3.5 | CVE-2025-9193 A flaw has been found in TOTVS Portal Meu RH up to 12.1.17. Impacted is an unknown function of the component Password Reset Handler. Executing manipulation of the argument redirectUrl can lead to open redirect. The attack may be performed from a remote location. The exploit has been published and may be used. Upgrading to version 12.1.2410.274, 12.1.2502.178 and 12.1.2506.121 is recommended to address this issue. It is recommended to upgrade the affected component. The vendor explains, that "[o]ur internal validation (...) confirms that the reported behavior does not exist in currently supported releases. In these tests, the redirectUrl parameter is ignored, and no malicious redirection occurs." This vulnerability only affects products that are no longer supported by the maintainer. Published Wednesday, August 20, 2025 |
| N/A | CVE-2025-57731 In JetBrains YouTrack before 2025.2.92387 stored XSS was possible via Mermaid diagram content Published Wednesday, August 20, 2025 |
| N/A | CVE-2025-57732 In JetBrains TeamCity before 2025.07.1 privilege escalation was possible due to incorrect directory ownership Published Wednesday, August 20, 2025 |
| N/A | CVE-2025-43741 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote authenticated attacker to inject JavaScrip in the _com_liferay_users_admin_web_portlet_UsersAdminPortlet_assetTagNames parameter Published Wednesday, August 20, 2025 |
| N/A | CVE-2025-43742 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.3, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows an remote non-authenticated attacker to inject JavaScript in web content for friendly urls. Published Wednesday, August 20, 2025 |
| N/A | CVE-2025-43749 Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.14 and 7.4 GA through update 92 allows unauthenticated users (guests) to access via URL files uploaded in the form and stored in document_library Published Wednesday, August 20, 2025 |
| N/A | CVE-2025-3639 Liferay Portal 7.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1 through 2025.Q1.6, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.15, 7.4 GA through update 92 and 7.3 GA through update 36 allows unauthenticated users with valid credentials to bypass the login process by changing the POST method to GET, once the site has MFA enabled. Published Monday, August 18, 2025 |
| N/A | CVE-2025-43738 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.19 allows a remote authenticated user to inject JavaScript code via _com_liferay_expando_web_portlet_ExpandoPortlet_displayType parameter. Published Tuesday, August 19, 2025 |
| N/A | CVE-2025-54392 Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189. Published Thursday, August 7, 2025 |
| N/A | CVE-2025-50467 OpenMetadata <=1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the TestDefinitionDAO interface. The supportedDataTypeParam parameter can be used to build a SQL query. Published Friday, August 8, 2025 |
| 5.4 | CVE-2025-8753 A vulnerability, which was classified as critical, has been found in linlinjava litemall up to 1.8.0. Affected by this issue is the function delete of the file /admin/storage/delete of the component File Handler. The manipulation of the argument key leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Published Saturday, August 9, 2025 |
| 3.5 | CVE-2025-8847 A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is the function Edit of the file /system/notice/edit. The manipulation of the argument noticeTitle/noticeContent leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Published Monday, August 11, 2025 |
| 7.1 | CVE-2024-41979 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application does not enforce mandatory authorization on some functionality level at server side. This could allow an authenticated attacker to gain complete access of the application. Published Tuesday, August 12, 2025 |
| 2.6 | CVE-2024-41984 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application improperly handles error while accessing an inaccessible resource leading to exposing the system applications. Published Tuesday, August 12, 2025 |
| N/A | CVE-2025-49869 Deserialization of Untrusted Data vulnerability in Arraytics Eventin allows Object Injection. This issue affects Eventin: from n/a through 4.0.31. Published Thursday, August 14, 2025 |
| 6.3 | CVE-2025-8965 A vulnerability has been found in linlinjava litemall up to 1.8.0. This vulnerability affects the function create of the file litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java of the component Endpoint. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Published Thursday, August 14, 2025 |
| 5.4 | CVE-2025-27909 IBM Concert Software 1.0.0 through 1.1.0 uses cross-origin resource sharing (CORS) which could allow an attacker to carry out privileged actions as the domain name is not being limited to only trusted domains. Published Monday, August 18, 2025 |
| 2.2 | CVE-2025-54234 ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to limited file system read. A high-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction. Published Monday, August 18, 2025 |
| N/A | CVE-2025-53948 The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required. Published Monday, August 18, 2025 |
| N/A | CVE-2025-43737 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via _com_liferay_journal_web_portlet_JournalPortlet_backURL parameter. Published Tuesday, August 19, 2025 |
| N/A | CVE-2025-52337 An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted file. Published Tuesday, August 19, 2025 |
| N/A | CVE-2024-12223 Prism Central versions prior to 2024.3.1 are vulnerable to a stored cross-site scripting attack via the Events component, allowing an attacker to hijack a victim users session and perform actions in their security context. Published Wednesday, August 20, 2025 |
| N/A | CVE-2025-43736 A Denial Of Service via File Upload (DOS) vulnerability in the Liferay Portal 7.4.3.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.8, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows a user to upload more than 300kb profile picture into the user profile. This size more than the noted max 300kb size. This extra amount of data can make Liferay slower. Published Tuesday, August 12, 2025 |
| 3.7 | CVE-2025-8974 A vulnerability was determined in linlinjava litemall up to 1.8.0. Affected by this issue is some unknown functionality of the file litemall-wx-api/src/main/java/org/linlinjava/litemall/wx/util/JwtHelper.java of the component JSON Web Token Handler. The manipulation of the argument SECRET with the input X-Litemall-Token leads to hard-coded credentials. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Published Thursday, August 14, 2025 |
| N/A | CVE-2025-53192 ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue?, the OGNL engine parses and evaluates the provided expression with powerful capabilities, including accessing and invoking related methods, etc. Although OgnlRuntime attempts to restrict certain dangerous classes and methods (such as java.lang.Runtime) through a blocklist, these restrictions are not comprehensive. Attackers may be able to bypass the restrictions by leveraging class objects that are not covered by the blocklist and potentially achieve arbitrary code execution. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Published Monday, August 18, 2025 |
| 5.3 | CVE-2025-8755 A vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function detail of the file UmsMemberController.java of the component com.macro.mall.portal.controller. The manipulation of the argument orderId leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Saturday, August 9, 2025 |
| 4.3 | CVE-2025-8814 A vulnerability was found in atjiu pybbs up to 6.0.0 and classified as problematic. This issue affects the function setCookie of the file src/main/java/co/yiiu/pybbs/util/CookieUtil.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named 8aa2bb1aef3346e49aec6358edf5e47ce905ae7b. It is recommended to apply a patch to fix this issue. Published Sunday, August 10, 2025 |
| 3.1 | CVE-2024-41980 A vulnerability has been identified in SmartClient modules Opcenter QL Home (SC) (All versions >= V13.2 < V2506), SOA Audit (All versions >= V13.2 < V2506), SOA Cockpit (All versions >= V13.2 < V2506). The affected application do not encrypt the communication in LDAP interface by default. This could allow an authenticated attacker to gain unauthorized access to sensitive information. Published Tuesday, August 12, 2025 |
| N/A | CVE-2025-52338 An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack. Published Tuesday, August 19, 2025 |
| N/A | CVE-2024-39954 CWE-918 Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch , which fixes this issue. Published Wednesday, August 20, 2025 |
| 6.3 | CVE-2025-8764 A vulnerability classified as critical has been found in linlinjava litemall up to 1.8.0. Affected is the function Upload of the file /wx/storage/upload. The manipulation of the argument File leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Published Saturday, August 9, 2025 |
| N/A | CVE-2025-54992 OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0. Published Monday, August 11, 2025 |
| 8.8 | CVE-2025-8930 A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update Company Page. The manipulation of the argument companyNameTxt leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Published Thursday, August 14, 2025 |
| 6.3 | CVE-2025-8963 A vulnerability was determined in jeecgboot JimuReport up to 2.1.1. Affected by this issue is some unknown functionality of the file /drag/onlDragDataSource/testConnection of the component Data Large Screen Template. The manipulation leads to deserialization. The attack may be launched remotely. The vendor response to the GitHub issue report is: "Modified, next version updated". Published Thursday, August 14, 2025 |
| N/A | CVE-2025-54478 Mattermost Confluence Plugin version <1.5.0 fails to enforce authentication of the user to the Mattermost instance which allows unauthenticated attackers to edit channel subscriptions via API call to the edit channel subscription endpoint. Published Monday, August 11, 2025 |
| N/A | CVE-2025-52386 CycloneDX Sunshine v0.9 is vulnerable to CSV Formula Injection via a crafted JSON file Published Wednesday, August 13, 2025 |
| 6.3 | CVE-2025-9148 A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Tuesday, August 19, 2025 |
| 7.3 | CVE-2025-8773 A vulnerability, which was classified as critical, was found in Dinstar Monitoring Platform ??????????? 1.0. Affected is an unknown function of the file /itc/$%7BappPath%7D/login_getPasswordErrorNum.action. The manipulation of the argument userBean.loginName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Saturday, August 9, 2025 |
| 4.3 | CVE-2025-8991 A vulnerability was identified in linlinjava litemall up to 1.8.0. Affected by this vulnerability is an unknown functionality of the file /admin/config/express of the component Business Logic Handler. The manipulation of the argument litemall_express_freight_min leads to business logic errors. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Published Friday, August 15, 2025 |
| N/A | CVE-2025-43750 Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.1, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote unauthenticated users (guests) to upload files via the form attachment field without proper validation, enabling extension obfuscation and bypassing MIME type checks. Published Wednesday, August 20, 2025 |
| 7.3 | CVE-2025-8752 A vulnerability was found in wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562. It has been declared as critical. This vulnerability affects unknown code of the file /role/add. The manipulation leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. Published Saturday, August 9, 2025 |
| 6.3 | CVE-2025-8756 A vulnerability has been found in TDuckCloud tduck-platform up to 5.1 and classified as critical. Affected by this vulnerability is the function preHandle of the file /manage/ of the component com.tduck.cloud.api.web.interceptor.AuthorizationInterceptor. The manipulation leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Published Saturday, August 9, 2025 |
| 4.3 | CVE-2025-8808 A vulnerability was found in xujeff tianti ?? up to 2.3. It has been rated as problematic. This issue affects the function exportOrder of the file /tianti-module-admin/user/ajax/save of the component com.jeff.tianti.controller. The manipulation leads to csv injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published Sunday, August 10, 2025 |
| 3.5 | CVE-2025-8813 A vulnerability has been found in atjiu pybbs up to 6.0.0 and classified as problematic. This vulnerability affects the function changeLanguage of the file src/main/java/co/yiiu/pybbs/controller/front/IndexController.java. The manipulation of the argument referer leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as edb14ff13e9e05394960ba46c3d31d844ff2deac. It is recommended to apply a patch to fix this issue. Published Sunday, August 10, 2025 |
| 7.3 | CVE-2025-8815 A vulnerability was found in ??i Morning up to bc782730c74ff080494f145cc363a0b4f43f7d3e. It has been classified as critical. Affected is an unknown function of the file /index of the component Shiro Configuration. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Published Sunday, August 10, 2025 |
| 6.3 | CVE-2025-8839 A vulnerability was found in jshERP up to 3.5. This issue affects some unknown processing of the file /jshERP-boot/user/addUser of the component Endpoint. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Published Monday, August 11, 2025 |
| 6.3 | CVE-2025-8841 A vulnerability was identified in zlt2000 microservices-platform up to 6.0.0. Affected by this vulnerability is the function Upload of the file zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Published Monday, August 11, 2025 |
| N/A | CVE-2025-54791 OMERO.web provides a web based client and plugin infrastructure. Prior to version 5.29.2, if an error occurred when resetting a user's password using the Forgot Password option in OMERO.web, the error message displayed on the Web page can disclose information about the user. This issue has been patched in version 5.29.2. A workaround involves disabling the Forgot password option in OMERO.web using the omero.web.show_forgot_password configuration property. Published Wednesday, August 13, 2025 |
| 3.7 | CVE-2025-8927 A vulnerability was determined in mtons mblog up to 3.5.0. Affected by this issue is some unknown functionality of the file /email/send_code of the component Verification Code Handler. The manipulation of the argument email leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Published Wednesday, August 13, 2025 |
| 8.8 | CVE-2025-8928 A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Published Wednesday, August 13, 2025 |
| 8.8 | CVE-2025-8929 A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Published Wednesday, August 13, 2025 |
| 8.8 | CVE-2025-8931 A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Published Thursday, August 14, 2025 |
| N/A | CVE-2025-43745 A CSRF vulnerability in Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.7, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19 and 7.4 GA through update 92 allows remote attackers to performs cross-origin request on behalf of the authenticated user via the endpoint parameter. Published Tuesday, August 19, 2025 |
| N/A | CVE-2025-52797 Cross-Site Request Forgery (CSRF) vulnerability in josepsitjar StoryMap allows SQL Injection. This issue affects StoryMap: from n/a through 2.1. Published Thursday, August 14, 2025 |
| 6.1 | CVE-2025-49590 CryptPad is a collaboration suite. Prior to version 2025.3.0, the "Link Bouncer" functionality attempts to filter javascript URIs to prevent Cross-Site Scripting (XSS), however this can be bypassed. There is an "early allow" code path that happens before the URI's protocol/scheme is checked, which a maliciously crafted URI can follow. This issue has been patched in version 2025.3.0. Published Wednesday, June 18, 2025 |
| 9.1 | CVE-2025-49591 CryptPad is a collaboration suite. Prior to version 2025.3.0, enforcement of Two-Factor Authentication (2FA) in CryptPad can be trivially bypassed, due to weak implementation of access controls. An attacker that compromises a user's credentials can gain access to the victim's account, even if the victim has 2FA set up. This is due to 2FA not being enforced if the path parameter is not 44 characters long, which can be bypassed by simply URL encoding a single character in the path. This issue has been patched in version 2025.3.0. Published Wednesday, June 18, 2025 |