Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote

The Hacker News
Open in Source
#vulnerability#cisco#java#auth#The Hacker News
GHSA-pq2g-wx69-c263: Netplex Json-smart Uncontrolled Recursion vulnerability

A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370.

GHSA-7qgg-vw88-cc99: utils-extend Prototype Pollution

The latest version of utils-extend (1.0.8) is vulnerable to Prototype Pollution through the entry function(s) lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence.

GHSA-pc47-g7gv-4gpw: @rpldy/uploader prototype pollution

A prototype pollution in the lib.createUploader function of @rpldy/uploader v1.8.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

GHSA-fg4m-w35q-vfg2: @zag-js/core prototype pollution

A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

GHSA-89fp-f5mx-748x: vxe-table prototype pollution

A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

GHSA-r7jx-5m6m-cpg9: eazy-logger prototype pollution

A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

GHSA-q5j8-9m9g-x2jh: module-from-string prototype pollution

A prototype pollution in the lib.requireFromString function of module-from-string v3.3.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

GHSA-79h2-v6hh-wq23: @ndhoule/defaults prototype pollution

A prototype pollution in the lib.deep function of @ndhoule/defaults v2.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.

GHSA-ggv3-vmgw-xv2q: @tanstack/form-core prototype pollution

A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload.