In JetBrains Junie before 252.284.66,
251.284.66,
243.284.66,
252.284.61,
251.284.61,
243.284.61,
252.284.50,
252.284.54,
251.284.54,
251.284.50,
243.284.54,
243.284.50 information disclosure was possible via search_project function

CVE Database V5

Detailed information about CVE-2025-58335: CWE-356 in JetBrains Junie affecting JetBrains Junie. Get real-time updates, technical details, and mitigation strate

CVE-2025-58335: CWE-356 in JetBrains Junie - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-58335: CWE-356 in JetBrains Junie

In JetBrains IDE Services before 2025.5.0.1086, 
2025.4.2.2164 users without appropriate permissions could assign high-privileged role for themselves

Detailed information about CVE-2025-58334: CWE-862 in JetBrains IDE Services affecting JetBrains IDE Services. Get real-time updates, technical details, and mit

CVE-2025-58334: CWE-862 in JetBrains IDE Services - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-58334: CWE-862 in JetBrains IDE Services

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior.

CVE-2025-2950 is a medium-severity vulnerability affecting IBM i operating system versions 7.3, 7.4, 7.5, and 7.6, specifically within the IBM Navigator for i web interface. The vulnerability is classified under CWE-644, which involves improper neutralization of HTTP headers for scripting syntax. In this case, the IBM Navigator for i does not adequately sanitize or neutralize the Host header in incoming HTTP requests. An authenticated user with legitimate access can manipulate the Host header to inject arbitrary values, such as changing the domain or IP address referenced by the application. This manipulation can lead to unexpected behavior within the web interface, potentially enabling attacks such as web cache poisoning, redirecting users to malicious sites, or bypassing security controls that rely on the Host header for validation. Although exploitation requires authentication, the attack vector is network-based and does not require user interaction beyond sending crafted HTTP requests. The vulnerability does not directly impact availability but can affect confidentiality and integrity by enabling attackers to influence application logic or redirect traffic. No known exploits are currently reported in the wild, and no official patches have been linked yet. The CVSS v3.1 base score is 5.4, reflecting a medium severity level due to the combination of network attack vector, low attack complexity, and the requirement for privileges (authenticated user).

Detailed information about CVE-2025-2950: CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax. Get real-time updates, technical details, and mi

CVE-2025-2950: CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-2950: CWE-644 Improper Neutralization of HTTP Headers for Scripting Syntax

FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data allowing unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. This issue has been patched in endpoint versions 15.0.66, 16.0.89, and 17.0.3.

CVE-2025-57819 is a critical SQL Injection vulnerability affecting FreePBX versions prior to 15.0.66, 16.0.89, and 17.0.3 in the security-reporting module. FreePBX is an open-source web-based graphical user interface widely used for managing Asterisk-based telephony systems. The vulnerability arises from improper neutralization of special elements in SQL commands (CWE-89), allowing unauthenticated attackers to inject malicious SQL queries. This flaw enables attackers to bypass authentication controls (CWE-288), gain unauthorized access to the FreePBX Administrator interface, and perform arbitrary database manipulation. The impact extends to potential remote code execution on the underlying system, as attackers can leverage database control to execute commands or escalate privileges. The vulnerability is exploitable remotely without any user interaction or authentication, making it highly dangerous. The CVSS 4.0 base score is 10.0 (critical), reflecting network attack vector, low complexity, no privileges or user interaction required, and high impact on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the severity and ease of exploitation make this a significant threat to any organization running vulnerable FreePBX versions. The issue has been addressed in the specified patched versions, and upgrading is strongly recommended to mitigate the risk.

Detailed information about CVE-2025-57819: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in FreePBX security-repo

CVE-2025-57819: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in FreePBX security-reporting - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-57819: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in FreePBX security-reporting

HCL BigFix SM is affected by a Sensitive Information Exposure vulnerability where internal connections do not use TLS encryption which could allow an attacker unauthorized access to sensitive data transmitted between internal components.

Detailed information about CVE-2025-31972: CWE-319 Cleartext Transmission of Sensitive Information in HCL Software BigFix Service Management (SM) affecting HCL 