Overview CVE-2025-46174 details an Incorrect Access Control vulnerability found in Ruoyi version 4.8.0. Specifically, the resetPwd method within the SysUserController.java file lacks a proper permission check for checkUserDataScope. This could allow unauthorized users to potentially reset passwords for other users, leading to a compromise of user accounts and sensitive data. Technical Details The vulnerability resides in the SysUserController.java file. The resetPwd method, responsible for allowing users to reset passwords, fails to adequately verify whether the requesting user has the necessary permissions to perform this action on the targeted user account. The missing checkUserDataScope check means a user could potentially reset…

Overview CVE-2025-45311 identifies a critical vulnerability found in fail2ban-client version 0.11.2. This security flaw stems from insecure permissions handling, which allows attackers with limited sudo privileges to execute arbitrary operations as the root user. This escalation of privilege could lead to complete system compromise. Published on 2025-11-26T16:15:47.663, this vulnerability highlights the importance of proper permission management and regular security audits, even within widely-used security tools. Technical Details The vulnerability resides within how fail2ban-client handles permissions when invoked with sudo. Specifically, the client does not adequately validate the user context under which it’s operating, leading to a scenario where a user…

Overview A high-severity heap-based buffer overflow vulnerability, identified as CVE-2025-13601, has been discovered in the GLib library. This flaw resides within the g_escape_uri_string() function and can lead to arbitrary code execution or denial-of-service attacks. Technical Details The vulnerability stems from an incorrect calculation of the required buffer size within the g_escape_uri_string() function. This function is used to escape characters in a URI string that are not allowed. Specifically, if the input string contains a very large number of characters that require escaping (e.g., characters outside the allowed set), the calculation of the final escaped string’s length can overflow. This overflow…

Overview A security vulnerability, identified as CVE-2025-9191, has been discovered in the Houzez theme for WordPress. This vulnerability affects all versions up to and including 4.1.6. It stems from a PHP Object Injection flaw within the saved-search-item.php file, caused by the deserialization of untrusted input. While the Houzez theme itself doesn’t contain a readily exploitable POP chain, the presence of one in another plugin or theme could significantly amplify the risk. Technical Details The vulnerability resides in the way the Houzez theme handles user-provided data during the processing of saved searches. Specifically, the saved-search-item.php file deserializes potentially malicious data without…

A security flaw has been discovered in the popular Houzez WordPress theme, potentially exposing websites using the theme to Stored Cross-Site Scripting (XSS) attacks. This vulnerability, identified as CVE-2025-9163, allows unauthenticated attackers to inject malicious scripts that execute when a user accesses a crafted SVG file. Overview CVE-2025-9163 affects versions of the Houzez theme up to and including 4.1.6. The vulnerability stems from inadequate input sanitization and output escaping during SVG file uploads via the houzez_property_img_upload() and houzez_property_attachment_upload() functions. This allows attackers to embed malicious JavaScript code within SVG files, which can then be executed in a victim’s browser, potentially…

Overview CVE-2025-13674 is a medium severity vulnerability affecting Wireshark version 4.6.0. This vulnerability resides in the BPv7 (Bundle Protocol version 7) dissector, and a specially crafted packet can cause Wireshark to crash, leading to a denial-of-service (DoS) condition. This means an attacker could potentially disrupt network analysis by repeatedly sending malicious packets to a Wireshark instance, effectively preventing it from functioning correctly. Technical Details The vulnerability exists within the BPv7 dissector’s parsing logic. An improperly formatted or malicious BPv7 packet can trigger an unhandled exception or memory access violation within the dissector, causing Wireshark to terminate unexpectedly. The specific details…

Published: 2025-11-26T09:15:46.293 Overview This article details CVE-2025-62728, a SQL injection vulnerability discovered in Apache Hive Metastore Server (HMS). This vulnerability can be exploited by authorized users who have access to the HMS Thrift APIs. While its exploitability in typical deployments is limited, understanding the vulnerability and applying the recommended mitigations is crucial for maintaining a secure Hive environment. Technical Details CVE-2025-62728 stems from insufficient input sanitization when processing delete column statistics requests via the Thrift APIs in Hive Metastore Server. Specifically, an attacker with access to the Thrift APIs could potentially inject malicious SQL code into the delete column statistics…

Overview This article discusses CVE-2025-59390, a security vulnerability affecting Apache Druid versions up to 34.0.0. This vulnerability exposes Druid clusters utilizing Kerberos authentication to a potential authentication bypass. The issue stems from the use of a weak, predictable fallback secret used to sign authentication cookies when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not explicitly set. Technical Details The core of the vulnerability lies within Druid’s Kerberos authenticator. When the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration parameter isn’t explicitly defined, Druid resorts to a fallback secret. This fallback secret is generated using `ThreadLocalRandom`, a pseudo-random number generator that is not cryptographically secure. The predictable nature of `ThreadLocalRandom`…

Overview CVE-2025-13735 describes a high-severity out-of-bounds read vulnerability discovered in ASR Lapwing_Linux, specifically affecting ASR1903 and ASR3901 devices. This vulnerability resides within the nr_fw modules on Linux and stems from an issue in the Code/nr_fw/DLP/src/NrCgi.C program file. This flaw could potentially allow an attacker to read sensitive information from system memory, leading to further exploitation. The vulnerability affects Lapwing_Linux versions prior to the patch released on 2025/11/26. Technical Details The root cause of CVE-2025-13735 lies in how the NrCgi.C file handles certain input parameters within the DLP (Data Loss Prevention) component of the nr_fw modules. Specifically, the code lacks proper…

Overview CVE-2025-9558 is a high-severity out-of-bounds (OOB) write vulnerability found in the gen_prov_start function within the pb_adv.c file of the Zephyr Real-Time Operating System (RTOS). This flaw can allow an attacker to potentially overwrite arbitrary memory locations, leading to system crashes, denial of service, or potentially even arbitrary code execution on affected devices. Technical Details The vulnerability stems from a lack of input validation within the gen_prov_start function. Specifically, the function copies the full length of received data into the link.rx.buf receiver buffer without checking if the data size exceeds the buffer’s allocated capacity. This unchecked copy operation creates an…