CVE-2025-22209

CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
5 days ago Cybersecuritynews.com

Palo Alto Networks tags new firewall bug as exploited in attacks - Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks. "Palo Alto Networks has observed exploit ...
5 hours ago Bleepingcomputer.com

CVE-2025-22209 - A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4.3 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands via the 'searchpaymentstatus' parameter in the Employer Payment History search ...
4 days ago Tenable.com

Palo Alto Networks Warns Hackers Combining Vulnerabilities to Compromise Firewalls - Palo Alto Networks has issued urgent warnings as cybersecurity researchers observe threat actors exploiting a combination of vulnerabilities in PAN-OS, the operating system powering its next-generation firewalls. By combining these vulnerabilities, ...
6 hours ago Cybersecuritynews.com

Microsoft fixes bug causing Windows Server 2025 boot errors - In November, Redmond addressed another series of bugs that were triggering install, upgrade, and Blue Screen of Death (BSOD) issues on Windows Server 2025 devices with a high core count, and one month later, a known issue causing boot failures on ...
5 days ago Bleepingcomputer.com

CVE-2022-22209 - A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) ...
2 years ago

CVE-2024-22209 - Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f. ...
1 year ago Tenable.com

CVE-2021-22209 - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which resulted in GraphQL mutation being executed. ...
3 years ago

CVE-2020-22209 - SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_common.php. ...
3 years ago

PostgreSQL flaw exploited as zero-day in BeyondTrust breach - Rapid7 security researchers have also identified a method to exploit CVE-2025-1094 for remote code execution in vulnerable BeyondTrust Remote Support (RS) systems independently of the CVE-2024-12356 argument injection vulnerability. Rapid7's tests ...
5 days ago Bleepingcomputer.com

CISA Warns of Palo Alto PAN-OS Vulnerability Actively Exploited in the Wild - The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding actively exploiting a high-severity authentication bypass vulnerability (CVE-2025-0108) in Palo Alto Networks PAN-OS, the operating system powering the ...
17 hours ago Cybersecuritynews.com

CVE-2025-0925 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-0818. Reason: This candidate is a reservation duplicate of CVE-2025-0818. Notes: All CVE users should reference CVE-2025-0818 instead of this candidate. All ...
1 week ago Tenable.com

CVE-2025-0919 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-0818. Reason: This candidate is a reservation duplicate of CVE-2025-0818. Notes: All CVE users should reference CVE-2025-0818 instead of this candidate. All ...
1 week ago Tenable.com

Patch Now: Palo Alto Flaw Exploited in the Wild - Indeed, researchers observed attackers making exploit attempts by chaining CVE-2025-0108 with two other PAN-OS Web management interface flaws — CVE-2024-9474, a privilege escalation flaw, and CVE-2025-0111, an authenticated file read vulnerability ...
4 hours ago Darkreading.com

CVE-2025-0977 - Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. ...
1 week ago Tenable.com

Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
1 year ago Bleepingcomputer.com

PostgreSQL Terminal Tool Injection Vulnerability Allows Remote Code Execution - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Attackers can exploit this vulnerability to execute arbitrary SQL statements and achieve arbitrary code execution (ACE) by ...
5 days ago Cybersecuritynews.com

Chrome Buffer Overflow Vulnerabilities Allow Arbitrary Code Execution - Google has urgently patched two high-severity heap buffer overflow vulnerabilities in its Chrome browser, CVE-2025-0999, and CVE-2025-1426, that could allow attackers to execute arbitrary code and seize control of affected systems. Heap buffer ...
17 hours ago Cybersecuritynews.com

CVE-2025-1091 - Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components (node.js, Envoy, libcurl) were found to contain vulnerabilities, and updated versions have been made available by ...
1 week ago Tenable.com

CVE-2025-0760 - Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components (node.js, Envoy, libcurl) were found to contain vulnerabilities, and updated versions have been made available by ...
1 week ago Tenable.com

Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - Google has rolled out an urgent security update for Chrome, addressing four high-severity vulnerabilities that could allow attackers to execute malicious code or compromise user data. The update, Chrome version 133.0.6943.98/.99 for Windows/Mac and ...
6 days ago Cybersecuritynews.com

WinZip Vulnerability Let Remote Attackers Execute Arbitrary Code - A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute arbitrary code on affected systems by exploiting malformed 7Z archive files. Security firm Zero Day Initiative (ZDI) detailed the ...
5 days ago Cybersecuritynews.com

OpenSSH Vulnerabilities Expose Clients and Servers to MitM & DoS Attacks - Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. With OpenSSH integral to enterprise infrastructure, these vulnerabilities pose significant risks to data integrity, system ...
1 day ago Cybersecuritynews.com

New OpenSSH flaws expose SSH servers to MiTM and DoS attacks - "The attack against the OpenSSH client (CVE-2025-26465) succeeds regardless of whether the VerifyHostKeyDNS option is set to "yes" or "ask" (its default is "no"), requires no user interaction, and does not depend on the existence of an SSHFP resource ...
1 day ago Bleepingcomputer.com

CVE-2025-0332 - In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory. ...
1 week ago Tenable.com