CVE | THREATINT

Welcome

This is a free service provided by THREATINT. It is hosted in Europe

It contains information on publicly disclosed cyber security vulnerabilities based on data from the CVE® Program, please see the official CVE website and CVE List V5 on GitHub. Whenever applicable we also show information from the Known Exploited Vulnerabilities Catalog provided by US CISA as the authoritative source of vulnerabilities that have been exploited in the wild.

New

CVE-2025-66388: Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI: A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this issue.

CVE-2025-11670: NTLM Hash Exposure Vulnerability: Zohocorp ManageEngine ADManager Plus versions before 8025 are vulnerable to NTLM Hash Exposure. This vulnerability is exploitable only by technicians who have the “Impersonate as Admin” option enabled.

CVE-2025-37731: Elasticsearch Improper Authentication: Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.

CVE-2025-14714: TCC Bypass via Inherited Permissions in Bundled Interpreter: An Authentication Bypass vulnerability existed where the application bundled an interpreter (Python) that inherits the Transparency, Consent, and Control (TCC) permissions granted by the user to the main application bundle By executing the bundled interpreter directly the attacker's scripts run with the application's TCC privileges In...

CVE-2025-37732: Kibana Cross-site Scripting via the Integration Package Upload Functionality: Improper neutralization of input during web page generation ('Cross-site Scripting') (CWE-79) allows an authenticated user to render HTML tags within a user’s browser via the integration package upload functionality. This issue is related to ESA-2025-17 (CVE-2025-25018) bypassing that fix to achieve HTML injection.

Updated

CVE-2025-7195: Operator-sdk: privilege escalation due to incorrect permissions of /etc/passwd: Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/passwd file to 664 during build time. Developers who used Operator-SDK before 0.1...

CVE-2025-66388: Apache Airflow: Secrets in rendered templates not redacted properly and exposed in the UI: A vulnerability in Apache Airflow allowed authenticated UI users to view secret values in rendered templates due to secrets not being properly redacted, potentially exposing secrets to users without the appropriate authorization. Users are recommended to upgrade to version 3.1.4, which fixes this issue.

CVE-2025-5987: Libssh: invalid return code for chacha20 poly1305 with openssl backend: A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the heap space, this error is not detected and may lead to libssh using a partially initialized cipher context. This occurs because the OpenSSL error code returned aliases with the SSH_OK code, resulting in ...

CVE-2024-12087: Rsync: path traversal vulnerability in rsync: A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication check...

CVE-2025-14021: The in-app browser in LINE client for iOS versions prior to 14.14 is vulnerable to address bar spoofing, which could allow attackers to execute malicious JavaScript within iframes while displaying trusted URLs, enabling phishing attacks through overlaid malicious content.

CISA Known Exploited Vulnerabilities

CVE-2025-58360 OSGeo GeoServer: OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request.

CVE-2025-62221 Microsoft Windows: Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.

CVE-2025-6218 RARLAB WinRAR: RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user.

CVE-2022-37055 D-Link Routers: D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

CVE-2025-66644 Array Networks ArrayOS AG: Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands.

Additional information

EUVD (European Union Vulnerability Database) is maintained by ENISA (European Union Agency for Cybersecurity), under the European Union’s regulatory umbrella, serving as a centralized platform for vulnerability reporting specifically aligned with the EU’s legal frameworks such as NIS2 and the Cyber Resilience Act (CRA)

EUVD complements the CVE system by aggregating CVE data, but also assigns its own EUVD IDs to vulnerabilities, offers enriched metadata tailored for EU policies and compliance, and may highlight vulnerabilities particularly relevant to the European market.

Most vulnerabilities catalogued in EUVD will have both a CVE-ID and an EUVD-ID, acting as cross-references.

euvd.enisa.europa.eu

Source: media.ccc.de/v/eh22-138-panic-at-the-cve-o-theque.

A big "thank you" goes to @pennylane.

help @ threatint.eu