CVE-2025-10452
published 2025-09-15CVE-2025-10452: Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and…
PriorityP269critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.60%
44.4th percentile
Statistical Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents with high-level privileges.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gotac | statistical_database_system | < 1.0.1 | 1.0.1 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-27611 base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.
bugzilla·2025-04-30·CVSS 8.7
CVE-2025-27611 [HIGH] CVE-2025-27611 base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.
CVE-2025-27611 base-x: base-x homograph attack allows Unicode lookalike characters to bypass validation.
base-x is a base encoder and decoder of any given alphabet using bitcoin style leading zero compression. Versions 4.0.0, 5.0.0, and all prior to 3.0.11, are vulnerable to attackers potentially deceiving users into sending funds to an unintended address. This issue has been patched in versions 3.0.11, 4.0.1, and 5.0.1.
Discussion:
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
Via RHSA-2025:10453 https://access.redhat.com/errata/RHSA-2025:10453
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Via RHSA-2025:10452 https://access.redhat.com
Bugzilla
CVE-2025-2901 org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console
bugzilla·2025-03-28·CVSS 7.3
CVE-2025-2901 [HIGH] CVE-2025-2901 org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console
CVE-2025-2901 org.jboss.hal-hal-parent: Stored Cross-Site Scripting (XSS) in JBoss EAP Management Console
The identified Stored XSS vulnerabilities in the JBoss EAP Management Console allow authenticated users with appropriate permissions to inject malicious scripts. These scripts can be stored and executed within the context of the application, potentially compromising other users who access the affected components.
Discussion:
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
Via RHSA-2025:10453 https://access.redhat.com/errata/RHSA-2025:10453
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Via RHSA-2025:10452 https://access.redhat.com/err
Bugzilla
CVE-2025-2251 org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution
bugzilla·2025-03-12·CVSS 6.2
CVE-2025-2251 [MEDIUM] CVE-2025-2251 org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution
CVE-2025-2251 org.jboss.eap:wildfly-ejb3: Improper Deserialization in JBoss Marshalling Allows Remote Code Execution
HASH(0x55eb49c1a420)
Discussion:
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
Via RHSA-2025:10453 https://access.redhat.com/errata/RHSA-2025:10453
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Via RHSA-2025:10452 https://access.redhat.com/errata/RHSA-2025:10452
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 8.0.8
Via RHSA-2025:10459 https://access.redhat.com/errata/RHSA-2025:10459
---
This issue has been addressed in the following products:
Red Hat JBoss
Bugzilla
CVE-2025-23184 org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files
bugzilla·2025-01-21·CVSS 7.5
CVE-2025-23184 [HIGH] CVE-2025-23184 org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files
CVE-2025-23184 org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files
A potential denial of service vulnerability is present in versions of Apache CXF before 3.5.10, 3.6.5 and 4.0.6. In some edge cases, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system (it applies to servers and clients).
Discussion:
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 9
Via RHSA-2025:10453 https://access.redhat.com/errata/RHSA-2025:10453
---
This issue has been addressed in the following products:
Red Hat JBoss Enterprise Application Platform 8.0 for RHEL 8
Via RHSA-2025:10452 https://access.redhat.com/errata/RHSA-2025:10452
---
This issue has
2025-09-15
Published