?day POC 漏洞数据库

F5 Networks: CVE-2025-24497: K000140920: BIG-IP PEM vulnerability CVE-2025-24497 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2025-24497 CVE - 2025-24497 https://my.f5.com/manage/s/article/K000140920

F5 Networks: CVE-2025-23412: K000141003: BIG-IP APM access profile vulnerability CVE-2025-23412 Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/06/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/10/2025 Description When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Solution(s) f5-big-ip-upgrade-latest References https://attackerkb.com/topics/cve-2025-23412 CVE - 2025-23412 https://my.f5.com/manage/s/article/K000141003

Cisco XE: CVE-2025-20171: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/07/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to caus…

Cisco XE: CVE-2025-20173: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/07/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to caus…

Cisco IOS: CVE-2025-20169: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/14/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cau…

Ubuntu: (CVE-2023-52924): linux-bluefield vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/05/2025 Created 02/12/2025 Added 02/11/2025 Modified 02/11/2025 Description In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map ("1.2.3.4 : jump foo") 2. timeouts are enabled In this case, following sequence is problematic: 1. element E in set S refers to chain C 2. userspace requests removal of set S 3. kernel does a set walk to …

Cisco XE: CVE-2025-20176: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/07/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to caus…

Cisco IOS: CVE-2025-20176: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/14/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cau…

Cisco XE: CVE-2025-20174: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/07/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to caus…

D-Tale RCE Disclosed 02/05/2025 Created 03/03/2025 Description This exploit effectively serves as a bypass for CVE-2024-3408. An attacker can override global state to enable custom filters, which then facilitates remote code execution. Specifically, this vulnerability leverages the ability to manipulate global application settings to activate the enable_custom_filters feature, typically restricted to trusted environments. Once enabled, the /test-filter endpoint of the Custom Filters functionality can be exploited to execute arbitrary system commands. Author(s) taiphung217 Takahiro Yokoyama Platform Linux Development Source Code History

Google Chrome Vulnerability: CVE-2025-0444 Use after free in Skia Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/05/2025 Created 02/05/2025 Added 02/05/2025 Modified 02/06/2025 Description Use after free in Skia in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0444 CVE - 2025-0444

FreeBSD: VID-9761AF78-E3E4-11EF-9F4A-589CFC10A551 (CVE-2025-23419): nginx-devel -- SSL session reuse vulnerability Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/05/2025 Created 02/11/2025 Added 02/06/2025 Modified 02/06/2025 Description When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate authentication requirements on these servers. This vulnerability arises whenTLS Session Tickets https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_ticket_keyare used and/or theSSL session cache https://nginx.org/en/docs/http/ngx_http_ssl_m…

Cisco IOS: CVE-2025-20175: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/14/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cau…

Cisco XE: CVE-2025-20170: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/07/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to caus…

Cisco IOS: CVE-2025-20172: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/14/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Sof…

Cisco TelePresence Video Communication Server (VCS) Expressway: CVE-2025-20179: Cisco Expressway Series Cross-Site Scripting Vulnerability Severity 6 CVSS (AV:N/AC:L/Au:N/C:P/I:P/A:N) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/14/2025 Description A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuad…

Cisco IOS: CVE-2025-20171: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/14/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cau…

Cisco IOS: CVE-2025-20173: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/14/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. A successful exploit could allow the attacker to cau…

Cisco XE: CVE-2025-20172: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/07/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE Soft…

Cisco IOS-XR: CVE-2025-20172: Cisco IOS, IOS XE, and IOS XR Software SNMP Denial of Service Vulnerabilities Severity 7 CVSS (AV:N/AC:L/Au:S/C:N/I:N/A:C) Published 02/05/2025 Created 02/07/2025 Added 02/06/2025 Modified 02/12/2025 Description A vulnerability in the SNMP subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this vulnerability by sending a crafted SNMP request to an affected device. For Cisco IOS and IOS XE …

MFSA2025-11 Thunderbird: Security Vulnerabilities fixed in Thunderbird 135 (CVE-2025-1019) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/05/2025 Added 02/05/2025 Modified 02/10/2025 Description The z-order of the browser windows could be manipulated to hide the fullscreen notification. This could potentially be leveraged to perform a spoofing attack. This vulnerability affects Firefox < 135 and Thunderbird < 135. Solution(s) mozilla-thunderbird-upgrade-135_0 References https://attackerkb.com/topics/cve-2025-1019 CVE - 2025-1019 http://www.mozilla.org/security/announce/2025/mfsa2025-1…

Google Chrome Vulnerability: CVE-2025-0451 Inappropriate implementation in Extensions API Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/05/2025 Created 02/05/2025 Added 02/05/2025 Modified 02/06/2025 Description Inappropriate implementation in Extensions API in Google Chrome prior to 133.0.6943.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Medium) Solution(s) google-chrome-upgrade-latest References https://attackerkb.com/topics/cve-2025-0451 CVE - 2025-0451

MFSA2025-11 Thunderbird: Security Vulnerabilities fixed in Thunderbird 135 (CVE-2025-1010) Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/05/2025 Added 02/05/2025 Modified 02/14/2025 Description An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability affects Firefox < 135, Firefox ESR < 115.20, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Solution(s) mozilla-thunderbird-upgrade-135_0 References https://attackerkb.com/topics/cve-2025-1010 CVE - 2025-1010 http://www.mozilla.o…

SUSE: CVE-2025-1011: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/11/2025 Added 02/10/2025 Modified 02/12/2025 Description A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability affects Firefox < 135, Firefox ESR < 128.7, Thunderbird < 128.7, and Thunderbird < 135. Solution(s) suse-upgrade-mozillafirefox suse-upgrade-mozillafirefox-branding-upstream suse-upgrade-mozillafirefox-devel suse-upgrade-mozillafirefox-translations-common suse-upgrade-mozil…

SUSE: CVE-2025-0445: SUSE Linux Security Advisory Severity 4 CVSS (AV:L/AC:M/Au:N/C:P/I:P/A:P) Published 02/04/2025 Created 02/15/2025 Added 02/14/2025 Modified 02/14/2025 Description Use after free in V8 in Google Chrome prior to 133.0.6943.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Solution(s) suse-upgrade-chromedriver suse-upgrade-chromium References https://attackerkb.com/topics/cve-2025-0445 CVE - 2025-0445