An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.

CVE Database V5

Detailed information about CVE-2025-37105: Vulnerability in Hewlett Packard Enterprise HPE AutoPass License Server affecting Hewlett Packard Enterprise HPE Auto

CVE-2025-37105: Vulnerability in Hewlett Packard Enterprise HPE AutoPass License Server - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-37105: Vulnerability in Hewlett Packard Enterprise HPE AutoPass License Server

An authentication bypass vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.

Detailed information about CVE-2025-37107: Vulnerability in Hewlett Packard Enterprise HPE AutoPass License Server affecting Hewlett Packard Enterprise HPE Auto

CVE-2025-37107: Vulnerability in Hewlett Packard Enterprise HPE AutoPass License Server - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-37107: Vulnerability in Hewlett Packard Enterprise HPE AutoPass License Server

An authentication bypass and disclosure of information vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.

Detailed information about CVE-2025-37106: Vulnerability in Hewlett Packard Enterprise HPE AutoPass License Server affecting Hewlett Packard Enterprise HPE Auto

CVE-2025-37106: Vulnerability in Hewlett Packard Enterprise HPE AutoPass License Server - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-37106: Vulnerability in Hewlett Packard Enterprise HPE AutoPass License Server

If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure.
This issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1.

CVE-2025-40777 is a high-severity vulnerability affecting ISC BIND 9, a widely used DNS server software. The issue arises when a caching resolver configured with 'serve-stale-enable' set to 'yes' and 'stale-answer-client-timeout' set to '0' processes DNS queries involving a CNAME chain with a particular combination of cached or authoritative records. Under these conditions, the BIND daemon ('named') encounters an assertion failure and aborts unexpectedly. This vulnerability is classified under CWE-617 (Reachable Assertion), indicating that the software contains an assertion that can be triggered by crafted input, causing a denial of service (DoS) by crashing the resolver. Affected versions include BIND 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and the service pack versions 9.20.9-S1 through 9.20.10-S1. The vulnerability requires no privileges or user interaction and can be triggered remotely by sending specially crafted DNS queries that exploit the CNAME chain handling logic. The CVSS v3.1 base score is 7.5, reflecting a high severity due to the network attack vector, low attack complexity, no privileges required, no user interaction, and impact limited to availability (denial of service). No known exploits are reported in the wild as of the publication date. The root cause is a reachable assertion failure in the code path handling stale DNS answers and CNAME chains, which causes the daemon to abort, disrupting DNS resolution services.

Detailed information about CVE-2025-40777: CWE-617 Reachable Assertion in ISC BIND 9 affecting ISC BIND 9. Get real-time updates, technical details, and mitigat

CVE-2025-40777: CWE-617 Reachable Assertion in ISC BIND 9 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-40777: CWE-617 Reachable Assertion in ISC BIND 9

IBM WebSphere Application Server 9.0 and WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.7 are vulnerable to a denial of service, caused by a stack-based overflow.  An attacker can send a specially crafted request that cause the server to consume excessive memory resources.

Detailed information about CVE-2025-36097: CWE-121 Stack-based Buffer Overflow in IBM WebSphere Application Server affecting IBM WebSphere Application Server. G

CVE-2025-36097: CWE-121 Stack-based Buffer Overflow in IBM WebSphere Application Server

CVE-2025-36097: CWE-121 Stack-based Buffer Overflow in IBM WebSphere Application Server

Description

Technical Details

Related Threats

CVE-2025-37105: Vulnerability in Hewlett Packard Enterprise HPE AutoPass License Server

CVE-2025-37107: Vulnerability in Hewlett Packard Enterprise HPE AutoPass License Server

CVE-2025-37106: Vulnerability in Hewlett Packard Enterprise HPE AutoPass License Server

CVE-2025-40777: CWE-617 Reachable Assertion in ISC BIND 9

New Fortinet FortiWeb hacks likely linked to public RCE exploits

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility