CVE CyberSecurity Database News (Page 101)

Apr 7, 2025 RCE Exploit Java

CVE-2025-2251 - How a Severe EJB Deserialization Flaw in WildFly & JBoss EAP Lets Attackers Execute Arbitrary Code (2025)

On June 17, 2025, a critical vulnerability was publicly disclosed in WildFly and JBoss Enterprise Application Platform (EAP), tracked as CVE-2025-2251. This vulnerability lies in

Apr 7, 2025 API Exploit SQL Apache

CVE-2025-30473 - SQL Injection Flaw in Apache Airflow Common SQL Provider Can Lead to Privilege Escalation

A new security vulnerability, CVE-2025-30473, was discovered in the Apache Airflow Common SQL Provider (versions before 1.24.1). This flaw allows authenticated users to

Apr 7, 2025 Windows Microsoft API Exploit

CVE-2024-11859 - DLL Search Order Hijacking Can Lead to Malicious Code Execution by Administrators

In early 2024, security researchers discovered CVE-2024-11859, a vulnerability tied to how certain applications in Windows search and load dynamic-link libraries (DLLs). This issue—commonly

Apr 7, 2025

CVE-2025-20654 - Out-of-Bounds Write in WLAN Service May Lead to Remote Code Execution

In early 2025, a critical vulnerability was uncovered in the WLAN service, officially identified as CVE-2025-20654. The flaw allows for a possible out-of-bounds write due

Apr 6, 2025 Exploit Apache

CVE-2025-31492 - How mod_auth_openidc Leaked Protected Content to Unauthenticated Users

mod_auth_openidc is a popular OpenID Connect (OIDC) module for Apache 2.x servers, providing enterprise-ready authentication and single sign-on. In April 2025, a