cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score CVE-2025-0108,https://securityvulnerability.io/vulnerability/CVE-2025-0108,Authentication Bypass in Palo Alto Networks PAN-OS Software,"An authentication bypass vulnerability in Palo Alto Networks PAN-OS allows unauthenticated attackers with network access to the management web interface to bypass necessary authentication. This issue enables potential manipulation of certain PHP scripts by attackers, which could compromise the integrity and confidentiality of PAN-OS operations. To mitigate risks associated with this vulnerability, it is crucial to restrict access to the management web interface to trusted internal IP addresses, following recommended best practices.",Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",5.9,MEDIUM,0.032280001789331436,true,true,true,true,true,true,true,2025-02-12T20:55:34.610Z,16287 CVE-2025-26465,https://securityvulnerability.io/vulnerability/CVE-2025-26465,OpenSSH Vulnerability Allows Man-in-the-Middle Attack via Host Key Verification Flaw,"A significant vulnerability has been identified in OpenSSH when the VerifyHostKeyDNS option is activated. This flaw allows a malicious actor to conduct a man-in-the-middle attack by impersonating a legitimate server. The crux of the issue lies in the mishandling of error codes by OpenSSH during the host key verification process under certain conditions. For the attack to be successful, the attacker must first exhaust the client’s memory resources, which adds considerable complexity to the execution of the attack. It is crucial for users and administrators to be aware of this flaw and apply necessary mitigations to safeguard their systems.",Red Hat,"Red Hat Enterprise Linux 6,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Openshift Container Platform 4",6.8,MEDIUM,0.0004299999854993075,false,true,false,true,true,true,false,2025-02-18T18:27:16.843Z,5283 CVE-2025-27090,https://securityvulnerability.io/vulnerability/CVE-2025-27090,Reverse Port Forwarding Flaw in Sliver Adversary Emulation Framework,"The Sliver adversary emulation framework has a significant vulnerability that allows an implant to establish a reverse tunnel on the Sliver teamserver without proper authorization. This mechanism does not require the operator's explicit instruction, potentially exposing the server's IP address to unauthorized third parties. Users are strongly advised to upgrade to version 1.5.43 or later, as there are no workarounds to mitigate this issue.",Bishopfox,Sliver,6.9,MEDIUM,0.0006200000061653554,false,false,false,false,false,true,false,2025-02-19T21:11:06.671Z,4856 CVE-2025-24200,https://securityvulnerability.io/vulnerability/CVE-2025-24200,Authorization Issue in iPadOS and iOS by Apple,An authorization vulnerability was identified in Apple’s iPadOS and iOS that allows a potential bypass of USB Restricted Mode on a locked device through physical attacks. This could lead to unauthorized access to sensitive data for targeted individuals. Updates have been implemented in the latest versions of iPadOS and iOS to enhance state management and address this issue.,Apple,"iPad OS,iOS And iPad OS",6.1,MEDIUM,0.010400000028312206,true,true,true,true,true,true,true,2025-02-10T19:04:45.242Z,18711 CVE-2024-12510,https://securityvulnerability.io/vulnerability/CVE-2024-12510,LDAP Authentication Bypass in Xerox Products,"An LDAP configuration issue in certain Xerox printers may allow an attacker with admin access to redirect authentication requests to a malicious server, thereby risking exposure of sensitive credentials. This vulnerability necessitates an active LDAP setup and access to the admin interface, emphasizing the importance of proper configuration and access control.",Xerox,"Versalink B400,Versalink B405,Versalink C400,Versalink C405,Versalink B600/b610,Versalink B605/b615,Versalink C500/c600,Versalink C505/c605,Versalink C7000,Versalink C7020/c7025/c7030,Versalink B7025/b7030/b7035,Versalink B7125/b7130/b7135,Versalink C7120/c7125/c7130,Versalink C8000/c9000,Versalink C8000w,Phaser 6510,Workcentre 6515",6.7,MEDIUM,0.0004299999854993075,false,false,false,false,false,true,false,2025-02-03T18:52:16.942Z,4130 CVE-2024-12284,https://securityvulnerability.io/vulnerability/CVE-2024-12284,Privilege Escalation Vulnerability in NetScaler Console and Agent by Citrix,"An authenticated privilege escalation vulnerability exists within the NetScaler Console and NetScaler Agent. This flaw could allow an attacker with valid credentials to gain elevated privileges, potentially leading to unauthorized access and modifications of sensitive configurations within the affected systems. Remediation efforts are essential to mitigate the risk presented by this vulnerability and ensure the integrity of affected Citrix products.",Netscaler,"Console,Agent",8.8,HIGH,0.0004299999854993075,false,true,false,true,false,true,false,2025-02-20T00:15:00.000Z,2642 CVE-2024-12754,https://securityvulnerability.io/vulnerability/CVE-2024-12754,Information Disclosure Vulnerability in AnyDesk,"This vulnerability in AnyDesk permits local attackers to expose sensitive information from affected installations. The flaw arises in the mishandling of background images, enabling an attacker who executes low-privileged code on the system to create a junction. By exploiting this vulnerability, attackers gain the ability to read arbitrary files, potentially revealing stored credentials and facilitating further system compromise.",Anydesk,Anydesk,5.5,MEDIUM,0.0004299999854993075,false,true,false,true,true,true,true,2024-12-30T17:15:00.000Z,8357 CVE-2025-0282,https://securityvulnerability.io/vulnerability/CVE-2025-0282,Stack-Based Buffer Overflow in Ivanti Connect Secure and Policy Secure,"A stack-based buffer overflow vulnerability exists in Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for ZTA gateways, prior to designated versions. This flaw allows a remote unauthenticated attacker to execute arbitrary code on the affected systems, posing significant risks to security and data integrity. Users are advised to upgrade to the latest versions of these products to mitigate potential exploitation.",Ivanti,"Connect Secure,Policy Secure,Neurons For Zta Gateways",9,CRITICAL,0.15324999392032623,true,true,true,true,true,true,true,2025-01-08T22:15:09.386Z,31760 CVE-2025-1094,https://securityvulnerability.io/vulnerability/CVE-2025-1094,SQL Injection Vulnerability in PostgreSQL libpq Functions and Command Line Utilities,"This vulnerability arises from improper handling of quoting syntax in PostgreSQL libpq functions, which can allow SQL injection through specific usage patterns. Attackers can leverage this flaw when application input from these functions is used improperly, especially in the construction of commands for psql, the PostgreSQL interactive terminal. Additionally, the improper neutralization of quoting can also impact command line utility operations when certain encoding configurations are specified, making it a relevant threat for versions prior to PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19.",PostgreSQL,Postgresql,8.1,HIGH,0.0004299999854993075,false,true,false,true,true,true,false,2025-02-13T13:00:02.061Z,7485