An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition.




This issue affects Xperience: through 13.0.180.

CVE Database V5

Detailed information about CVE-2025-2794: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in Kentico Xperience affect

CVE-2025-2794: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in Kentico Xperience - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-2794: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in Kentico Xperience

In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS attack if a hostile user sends data to an application that uses this function.

Detailed information about CVE-2024-2757: Vulnerability in PHP Group PHP affecting PHP Group PHP. Get real-time updates, technical details, and mitigation strat

CVE-2024-2757: Vulnerability in PHP Group PHP - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-2757: Vulnerability in PHP Group PHP

Due to an incomplete fix to  CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.

Detailed information about CVE-2024-2756: CWE-20 Improper Input Validation in PHP Group PHP affecting PHP Group PHP. Get real-time updates, technical details, a

CVE-2024-2756: CWE-20 Improper Input Validation in PHP Group PHP - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-2756: CWE-20 Improper Input Validation in PHP Group PHP

tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by `tpm2 checkquote`. This issue was patched in version 5.7.

Detailed information about CVE-2024-29038: CWE-1283: Mutable Attestation or Measurement Reporting Data in tpm2-software tpm2-tools affecting tpm2-software tpm2-

CVE-2024-29038: CWE-1283: Mutable Attestation or Measurement Reporting Data in tpm2-software tpm2-tools - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-29038: CWE-1283: Mutable Attestation or Measurement Reporting Data in tpm2-software tpm2-tools

An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.

Detailed information about CVE-2024-28960: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-28960: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-28960: n/a

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

Detailed information about CVE-2024-34403: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-34403: n/a

CVE-2024-34403: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2025-2794: CWE-470 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') in Kentico Xperience

CVE-2024-2757: Vulnerability in PHP Group PHP

CVE-2024-2756: CWE-20 Improper Input Validation in PHP Group PHP

CVE-2024-29038: CWE-1283: Mutable Attestation or Measurement Reporting Data in tpm2-software tpm2-tools

CVE-2024-28960: n/a

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility