CyberSecurityBoard
Sponsor Register Login

CVE-2025-3026

The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an attacker could insert his own server for the client to send HTTP requests, provided he succeeds in exploiting it.

Publication date: Mon, 31 Mar 2025 10:30:00 +0000


Cyber News related to CVE-2025-3026

CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
3 months ago Cybersecuritynews.com CVE-2024-5594
CVE-2025-3026 - The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the ‘Host’ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different ...
2 months ago
CVE-2012-3026 - rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary ...
12 years ago
CVE-2012-3021 - rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary ...
12 years ago
CVE-2012-3010 - rifsrvd.exe in the Remote Interface Service in GE Intelligent Platforms Proficy Real-Time Information Portal 2.6 through 3.5 SP1 allows remote attackers to cause a denial of service (memory corruption and service crash) or possibly execute arbitrary ...
12 years ago
CVE-2011-3045 - Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly ...
5 years ago
CVE-2005-3026 - Directory traversal vulnerability in index.php in Alstrasoft Epay Pro 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the read parameter. ...
7 years ago
CVE-2017-3026 - Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable use after free vulnerability when manipulating an internal data structure. Successful exploitation could lead to arbitrary code ...
7 years ago
CVE-2006-3026 - Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery 5.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gallery_id parameter in gallery.asp and (2) parentcurrentpage parameter in view_gallery.asp. ...
7 years ago
CVE-2013-3026 - Buffer overflow in the Lotus Quickr for Domino ActiveX control in qp2.cab in IBM Lotus Quickr 8.1 before FP 8.1.0.32-001a, 8.2 before FP 8.2.0.28-001a, and 8.5.1 before FP 8.5.1.39-002a for Domino allows remote attackers to execute arbitrary code via ...
7 years ago
CVE-2014-3026 - CRLF injection vulnerability in IBM Maximo Asset Management 7.5 through 7.5.0.6, and 7.5 through 7.5.0.3 and 7.5.1 through 7.5.1.2 for SmartCloud Control Desk, allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP ...
7 years ago
CVE-2009-3026 - protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to ...
7 years ago
CVE-2008-3026 - SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet CMS) 2008-01-24 allows remote attackers to execute arbitrary SQL commands via the id parameter. ...
7 years ago
CVE-2014-8389 - cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with firmware LM.1.6.18 14.10.2011, and AirLive ...
6 years ago
CVE-2015-2279 - cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with firmware 1.43, and MD-3025 with firmware 1.81 allows remote attackers to execute arbitrary OS commands via shell metacharacters after an "&" (ampersand) in the write_mac ...
6 years ago
CVE-2010-3026 - Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to ...
6 years ago
CVE-2007-3026 - Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow. Vendor has supplied patch: ...
1 year ago
CVE-2015-3026 - Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to ...
6 years ago
CVE-2011-3026 - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. ...
5 years ago
CVE-2021-3026 - Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment. ...
4 years ago
CVE-2022-3026 - The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted ...
2 years ago
CVE-2018-3026 - Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability ...
5 years ago
CVE-2019-3026 - Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.34 and prior to 6.0.14. Easily exploitable vulnerability allows low privileged attacker with logon to ...
4 years ago
CVE-2023-3026 - Cross-site Scripting (XSS) - Stored in GitHub repository jgraph/drawio prior to 21.2.8. ...
2 years ago
CVE-2024-3026 - The WordPress Button Plugin MaxButtons WordPress plugin before 9.7.8 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks ...
10 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)