Open OnDemand is an open-source HPC portal. Users can flood logs by interacting with the shell app and generating many errors. Users who flood logs can create very large log files causing a Denial of Service (DoS) to the ondemand system. This vulnerability is fixed in 3.1.14 and 4.0.6.

CVE-2025-53636 is a medium severity vulnerability affecting Open OnDemand, an open-source High Performance Computing (HPC) portal developed by the Ohio Supercomputer Center (OSC). The vulnerability is categorized under CWE-400 (Uncontrolled Resource Consumption) and CWE-779 (Log Injection). It arises when users interact with the shell application component of Open OnDemand in a way that generates numerous errors, thereby flooding the system logs. This excessive logging leads to the creation of very large log files, which can exhaust system resources such as disk space and I/O capacity. The consequence is a Denial of Service (DoS) condition where the ondemand system becomes unresponsive or unavailable due to resource exhaustion. The vulnerability affects versions from 1.6 up to but not including 3.1.14, and from 4.0.0-0.rc1 up to but not including 4.0.6. The CVSS v3.1 base score is 5.4, indicating a medium severity level. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), and privileges at the user level (PR:L), but no user interaction (UI:N). The impact affects integrity and availability but not confidentiality. No known exploits are currently reported in the wild. The vulnerability was published on July 11, 2025, and patches are available in versions 3.1.14 and 4.0.6. The root cause is insufficient controls on resource consumption triggered by user-generated errors in the shell app, leading to log flooding and resource exhaustion. This can disrupt HPC portal availability, impacting users relying on Open OnDemand for computational workloads and data access.

CVE Database V5

Detailed information about CVE-2025-53636: CWE-400: Uncontrolled Resource Consumption in OSC ondemand affecting OSC ondemand. Get real-time updates, technical d

CVE-2025-53636: CWE-400: Uncontrolled Resource Consumption in OSC ondemand - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-53636: CWE-400: Uncontrolled Resource Consumption in OSC ondemand

A vulnerability classified as critical was found in code-projects Mobile Shop 1.0. This vulnerability affects unknown code of the file /EditMobile.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7459 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Mobile Shop application. The vulnerability exists in the /EditMobile.php file, where the 'ID' parameter is improperly sanitized, allowing an attacker to manipulate the SQL query executed by the backend database. This flaw enables remote attackers to inject arbitrary SQL commands without any authentication or user interaction, potentially leading to unauthorized data access, data modification, or even complete compromise of the underlying database. The vulnerability is exploitable over the network, increasing its risk profile. Although the exact database type and query structure are unspecified, the injection vector through the 'ID' parameter suggests that the application fails to use parameterized queries or adequate input validation. The CVSS 4.0 base score is 6.9 (medium severity), reflecting the absence of authentication and user interaction requirements but limited impact on confidentiality, integrity, and availability (all rated low). No known exploits are currently reported in the wild, and no patches have been published yet. However, public disclosure of the exploit details increases the likelihood of exploitation attempts.

Detailed information about CVE-2025-7459: SQL Injection in code-projects Mobile Shop affecting code-projects Mobile Shop. Get real-time updates, technical detai

CVE-2025-7459: SQL Injection in code-projects Mobile Shop - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7459: SQL Injection in code-projects Mobile Shop

A vulnerability, which was classified as critical, was found in Campcodes Online Movie Theater Seat Reservation System 1.0. This affects an unknown part of the file /admin/manage_movie.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7457 is a SQL Injection vulnerability identified in version 1.0 of the Campcodes Online Movie Theater Seat Reservation System. The vulnerability exists in the /admin/manage_movie.php file, specifically through the manipulation of the 'ID' parameter. This parameter is not properly sanitized or validated, allowing an attacker to inject malicious SQL code. The vulnerability can be exploited remotely without any authentication or user interaction, which significantly increases the risk of exploitation. The SQL Injection flaw could allow an attacker to execute arbitrary SQL commands on the backend database, potentially leading to unauthorized data access, data modification, or even deletion. Given that the vulnerability affects an administrative interface, successful exploitation could compromise sensitive operational data related to movie scheduling, seat reservations, and possibly user information. The CVSS 4.0 base score is 6.9, indicating a medium severity level, with the vector highlighting that the attack requires no privileges, no user interaction, and has low complexity. The impact on confidentiality, integrity, and availability is limited but present, as the vulnerability allows partial compromise of data. Although no public exploits are currently known in the wild, the vulnerability has been publicly disclosed, increasing the likelihood of exploitation attempts. No official patches or mitigation links have been provided by the vendor as of the publication date.

Detailed information about CVE-2025-7457: SQL Injection in Campcodes Online Movie Theater Seat Reservation System affecting Campcodes Online Movie Theater Seat 

CVE-2025-7457: SQL Injection in Campcodes Online Movie Theater Seat Reservation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7457: SQL Injection in Campcodes Online Movie Theater Seat Reservation System

The article examines a malware variant associated with the SLOW#TEMPEST campaign, focusing on advanced obfuscation techniques used by the threat actors. The malware is distributed as an ISO file containing multiple files, including two malicious ones. The loader DLL, zlibwapi.dll, decrypts and executes the embedded payload, which is appended to another DLL. The analysis reveals sophisticated anti-analysis techniques, including Control Flow Graph (CFG) obfuscation using dynamic jumps and obfuscated function calls. The researchers demonstrate methods to counter these techniques using emulation and code patching. The loader DLL also employs an anti-sandbox check, only executing its payload if the target machine has at least 6 GB of RAM. The study highlights the importance of combining advanced dynamic analysis with static analysis to effectively understand and mitigate modern malware threats.

The SLOW#TEMPEST campaign involves a sophisticated malware variant distributed as an ISO file containing multiple files, including two malicious components. Central to the infection chain is a loader DLL named zlibwapi.dll, which performs decryption and execution of an embedded payload appended to another DLL. This malware employs advanced obfuscation and anti-analysis techniques to evade detection and hinder reverse engineering efforts. Notably, it uses Control Flow Graph (CFG) obfuscation through dynamic jumps and obfuscated function calls, complicating static analysis. Additionally, the loader implements anti-sandbox measures by verifying that the target system has at least 6 GB of RAM before executing the payload, thereby avoiding execution in many virtualized or sandboxed environments. Researchers have demonstrated that overcoming these obfuscation tactics requires a combination of dynamic analysis methods such as emulation and code patching alongside traditional static analysis. The malware also leverages DLL sideloading techniques (T1553.002) to execute malicious code under the guise of legitimate DLLs, and employs process injection (T1055) and code obfuscation (T1027) to maintain stealth. While no known exploits are reported in the wild, the campaign's complexity and use of multiple evasion strategies indicate a highly targeted and persistent threat actor. The analysis underscores the importance of advanced detection capabilities and layered analysis approaches to effectively identify and mitigate such threats.

AlienVault OTX General

Detailed information about Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques. Get real-time updates, technical details, and mitigat

Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques - Live Threat Intelligence - Threat Radar | OffSeq.com

Evolving Tactics of SLOW#TEMPEST: A Deep Dive Into Advanced Malware Techniques

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument mac leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7460: Buffer Overflow in TOTOLINK T6 affecting TOTOLINK T6. Get real-time updates, technical details, and mitigation strateg

CVE-2025-7460: Buffer Overflow in TOTOLINK T6

CVE-2025-7460: Buffer Overflow in TOTOLINK T6

Description

Technical Details

Related Threats

CVE-2025-53636: CWE-400: Uncontrolled Resource Consumption in OSC ondemand

CVE-2025-7459: SQL Injection in code-projects Mobile Shop

CVE-2025-7457: SQL Injection in Campcodes Online Movie Theater Seat Reservation System

CVE-2025-52955: CWE-131 Incorrect Calculation of Buffer Size in Juniper Networks Junos OS

CVE-2025-52089: n/a

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility