CVE CyberSecurity Database News (Page 8)

May 20, 2025 Windows API Exploit

CVE-2025-41225 - Authenticated Command Execution in VMware vCenter Server – Deep Dive, Exploit, and Remediation

On June 5th, 2025, VMware disclosed CVE-2025-41225, a critical vulnerability in vCenter Server. This flaw allows any authenticated user with enough privileges to create or

May 17, 2025 Exploit

CVE-2025-4919 - Out-of-Bounds Read/Write via Array Index Confusion in Firefox and Thunderbird

--- In June 2025, security researchers and Mozilla announced a high-severity vulnerability tracked as CVE-2025-4919. This flaw impacted multiple versions of Firefox and Thunderbird—including

May 17, 2025

CVE-2025-4918 - Exploiting Out-of-Bounds Read/Write on JavaScript Promise in Firefox and Thunderbird

A critical security vulnerability—CVE-2025-4918—was found in Mozilla Firefox and Thunderbird affecting how JavaScript Promise objects are handled. This flaw lets attackers perform out-of-bounds

May 17, 2025 RCE Exploit

CVE-2025-47273 - Critical Path Traversal in setuptools Before 78.1.1 — Exploiting Python Package Management

Published: June 2024 Severity: High Component: setuptools (before 78.1.1) Exploit Type: Path Traversal (Write Arbitrary Files / Possible Remote Code Execution) Introduction Python developers

May 16, 2025 Exploit Java

CVE-2025-22233 - Bypassing disallowedFields Checks in Spring Framework Data Binding

A new vulnerability, CVE-2025-22233, has been discovered in the Spring Framework. This issue is a follow-up to CVE-2024-38820, which tried to make sure both parameter