CVE CyberSecurity Database News (Page 148)

Mar 12, 2025 RCE API GraphQL

CVE-2025-27407 - Remote Code Execution in graphql-ruby via `from_introspection` Schema Loading

A critical vulnerability was discovered in graphql-ruby, the popular Ruby library for implementing GraphQL APIs. If your application uses certain versions of graphql-ruby, attackers could

Mar 12, 2025

CVE-2025-22870 - How IPv6 Zone IDs Can Bypass Proxy Rules in NO_PROXY — Analysis & Exploit Details

Proxy settings are a critical part of modern networking security and configuration — especially when applications should avoid connecting directly to certain hosts. Environment variables like

Mar 12, 2025 API Exploit

CVE-2025-25711 - Privilege Escalation in dtp.ae tNexus Airport View v2.8 via ProfileID Injection

--- Intro A new vulnerability, CVE-2025-25711, has been discovered in the popular airport management software, dtp.ae tNexus Airport View v2.8. The flaw lets

Mar 12, 2025 Exploit Cisco

CVE-2025-20138 - Privilege Escalation in Cisco IOS XR CLI – How Attackers Get Root via Bad Input Validation

A newly discovered security flaw, CVE-2025-20138, has rocked the networking community. This is a privilege escalation vulnerability affecting the Command Line Interface (CLI) of Cisco

Mar 12, 2025 Exploit

CVE-2025-2240: Out-of-Memory Vulnerability in Smallrye Fault Tolerance May Lead to Denial of Service

A critical vulnerability has been identified in Smallrye, a popular open-source implementation of the Eclipse MicroProfile project. The vulnerability, which is tracked as CVE-2025-2240, resides