A security vulnerability has been detected in kalcaddle kodbox 1.61. This affects the function fileGet/fileSave of the file app/controller/explorer/editor.class.php. The manipulation of the argument path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10233 is a medium-severity path traversal vulnerability identified in kalcaddle kodbox version 1.61, specifically affecting the fileGet and fileSave functions within the file app/controller/explorer/editor.class.php. The vulnerability arises from improper validation or sanitization of the 'path' argument, which allows an attacker to manipulate the file path parameter to access files and directories outside the intended scope. This can lead to unauthorized reading or writing of arbitrary files on the server hosting kodbox. The attack vector is remote and does not require user interaction, but it does require low privileges (PR:L) on the system, indicating that some level of authentication or access is needed to exploit the vulnerability. The CVSS 4.0 score is 5.3, reflecting a medium impact on confidentiality, integrity, and availability, with low complexity and no user interaction required. The vendor was notified but has not responded or released a patch, and while no known exploits are currently in the wild, the public disclosure of the exploit code increases the risk of exploitation. Kodbox is a web-based file management system used for collaborative file sharing and editing, often deployed in enterprise and organizational environments. The path traversal vulnerability could allow attackers to access sensitive configuration files, source code, or other critical data, potentially leading to further compromise or data leakage.

CVE Database V5

Detailed information about CVE-2025-10233: Path Traversal in kalcaddle kodbox affecting kalcaddle kodbox. Get real-time updates, technical details, and mitigati

CVE-2025-10233: Path Traversal in kalcaddle kodbox - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-10233: Path Traversal in kalcaddle kodbox

A weakness has been identified in 299ko up to 2.0.0. Affected by this issue is the function getSentDir/delete of the file plugin/filemanager/controllers/FileManagerAPIController.php. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10232 is a path traversal vulnerability identified in the 299ko web application up to version 2.0.0. The vulnerability resides in the getSentDir/delete function within the FileManagerAPIController.php file of the filemanager plugin. Path traversal vulnerabilities allow an attacker to manipulate file or directory paths to access files and directories outside the intended scope, potentially exposing sensitive data or enabling unauthorized file operations. In this case, the vulnerability can be exploited remotely without user interaction or authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The attack complexity is low, and the vulnerability impacts confidentiality, integrity, and availability to a limited extent (VC:N/VI:L/VA:L). The vendor was notified but did not respond, and no patch has been released yet. Although no known exploits are currently observed in the wild, the exploit code has been publicly disclosed, increasing the risk of exploitation. The CVSS 4.0 base score is 5.3, categorizing it as a medium severity vulnerability. The vulnerability allows attackers to traverse directories and potentially delete or access files beyond the intended directory, which could lead to data leakage, unauthorized modification, or denial of service if critical files are deleted or altered. Given the nature of the vulnerability, it primarily affects web servers running the vulnerable 299ko version, especially those exposing the filemanager plugin API to the internet or untrusted networks.

Detailed information about CVE-2025-10232: Path Traversal in 299ko affecting null 299ko. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-10232: Path Traversal in 299ko - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-10232: Path Traversal in 299ko

A vulnerability has been found in Freshwork up to 1.2.3. This impacts an unknown function of the file /api/v2/logout. Such manipulation of the argument post_logout_redirect_uri leads to open redirect. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.2.3 will fix this issue. You should upgrade the affected component. The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-10229 is an open redirect vulnerability identified in Freshwork versions up to and including 1.2.3. The vulnerability resides in the /api/v2/logout endpoint, specifically in the handling of the post_logout_redirect_uri parameter. An attacker can manipulate this parameter to redirect users to arbitrary external URLs after logout, effectively enabling an open redirect attack. This vulnerability can be exploited remotely without requiring authentication or privileges, and only requires user interaction in the form of clicking a crafted link or being redirected. The CVSS 4.0 base score is 5.3 (medium severity), reflecting that the attack vector is network-based, with low attack complexity, no privileges required, but requiring user interaction. The impact on confidentiality and availability is minimal, but integrity is slightly impacted due to potential phishing or social engineering attacks leveraging the redirect. The vendor has released version 1.2.3 to address this issue, though the description notes that versions up to 1.2.3 are affected, which may indicate that the fix is in a later patch or that 1.2.3 is the fixed version. The vendor did not respond to early disclosure attempts. No known exploits are currently in the wild, but public disclosure increases the risk of exploitation. Open redirect vulnerabilities can be leveraged in phishing campaigns to bypass URL filters and trick users into visiting malicious sites under the guise of a trusted domain, potentially leading to credential theft or malware delivery. Given the nature of Freshwork as a software product (likely a SaaS or web-based platform), this vulnerability could be used to target users of the platform or customers of organizations using Freshwork services.

Detailed information about CVE-2025-10229: Open Redirect in Freshwork affecting null Freshwork. Get real-time updates, technical details, and mitigation strateg

CVE-2025-10229: Open Redirect in Freshwork - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-10229: Open Redirect in Freshwork

Stealing the keys from the octopus: Exfiltrate Git Credentials in Argocd

Source: https://futuresight.club/posts/0x00_exfiltrate_git_credentials_argocd.html

The security threat titled "Stealing the keys from the octopus: Exfiltrate Git Credentials in ArgoCD" refers to a vulnerability or attack technique that enables an adversary to extract Git credentials from ArgoCD, a popular open-source continuous delivery tool for Kubernetes. ArgoCD automates the deployment of applications by syncing Kubernetes manifests stored in Git repositories. The Git credentials are critical because they provide access to the source code repositories, which may contain sensitive application code, configuration files, and secrets. Exfiltration of these credentials could allow attackers to gain unauthorized access to the source code repositories, enabling further attacks such as code tampering, insertion of malicious code, or exposure of sensitive data. Although the provided information lacks specific technical details such as the exact vulnerability exploited or affected versions, the threat appears to be a post or discussion originating from a Reddit NetSec community with an external link to a detailed write-up on futuresight.club. The threat is categorized as medium severity and does not have known exploits in the wild yet. The minimal discussion level and low Reddit score suggest it is an emerging issue that has not yet gained widespread attention. The absence of patch links or CVEs indicates that this might be a newly discovered or theoretical attack vector rather than a widely recognized vulnerability. Given ArgoCD's role in managing Git credentials and deploying applications, any compromise of these credentials could have significant implications for the integrity and confidentiality of the software supply chain in environments using ArgoCD.

Reddit NetSec

Detailed information about Stealing the keys from the octopus: Exfiltrate Git Credentials in Argocd. Get real-time updates, technical details, and mitigation st

Stealing the keys from the octopus: Exfiltrate Git Credentials in Argocd - Live Threat Intelligence - Threat Radar | OffSeq.com

Stealing the keys from the octopus: Exfiltrate Git Credentials in Argocd

Reddit Discussion: Stealing the keys from the octopus: Exfiltrate Git Credentials in Argocd

A vulnerability was detected in Scada-LTS up to 2.7.8.1. This vulnerability affects unknown code of the file /data_point_edit.shtm of the component Data Point Edit Module. The manipulation of the argument Text Renderer properties results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Detailed information about CVE-2025-10234: Cross Site Scripting in Scada-LTS affecting null Scada-LTS. Get real-time updates, technical details, and mitigation 

CVE-2025-10234: Cross Site Scripting in Scada-LTS

CVE-2025-10234: Cross Site Scripting in Scada-LTS

Description

Technical Details

Related Threats

CVE-2025-10233: Path Traversal in kalcaddle kodbox

CVE-2025-10232: Path Traversal in 299ko

CVE-2025-10229: Open Redirect in Freshwork

CVE-2025-10218: SQL Injection in lostvip-com ruoyi-go

CVE-2025-10216: Race Condition in GrandNode

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility