Zeroday BYTE

7 exploits Active since May 2025
CVE-2025-48050 WRITEUP HIGH WRITEUP
DOMPurify <6bc6d60 - Path Traversal
In DOMPurify through 3.2.5 before 6bc6d60, scripts/server.js does not ensure that a pathname is located under the current working directory. NOTE: the Supplier disputes the significance of this report because the "Uncontrolled data used in path expression" occurs "in a development helper script which starts a local web server if needed and must be manually started."
CVSS 7.5
CVE-2025-53542 WRITEUP HIGH WRITEUP
Kubernetes Headlamp - Command Injection
Headlamp is an extensible Kubernetes web UI. A command injection vulnerability was discovered in the codeSign.js script used in the macOS packaging workflow of the Kubernetes Headlamp project. This issue arises due to the improper use of Node.js's execSync() function with unsanitized input derived from environment variables, which can be influenced by an attacker. The variables ${teamID}, ${entitlementsPath}, and ${config.app} are dynamically derived from the environment or application config and passed directly to the shell command without proper escaping or argument separation. This exposes the system to command injection if any of the values contain malicious input. This vulnerability is fixed in 0.31.1.
CVSS 7.7
CVE-2025-53890 WRITEUP CRITICAL WRITEUP
pyLoad CAPTCHA Processing - Unsafe JavaScript Evaluation Code Execution
pyload is an open-source Download Manager written in pure Python. An unsafe JavaScript evaluation vulnerability in pyLoad’s CAPTCHA processing code allows unauthenticated remote attackers to execute arbitrary code in the client browser and potentially the backend server. Exploitation requires no user interaction or authentication and can result in session hijacking, credential theft, and full system remote code execution. Commit 909e5c97885237530d1264cfceb5555870eb9546, the patch for the issue, is included in version 0.5.0b3.dev89.
CVSS 9.8
CVE-2025-54140 WRITEUP HIGH WRITEUP
pyload-ng 0.5.0b3.dev89 - Authenticated Path Traversal and Arbitrary File Write via /json/upload Endpoint
pyLoad is a free and open-source Download Manager written in pure Python. In version 0.5.0b3.dev89, an authenticated path traversal vulnerability exists in the /json/upload endpoint of pyLoad. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended upload directory, allowing them to write arbitrary files to any location on the system accessible to the pyLoad process. This may lead to: Remote Code Execution (RCE), local privilege escalation, system-wide compromise, persistence, and backdoors. This is fixed in version 0.5.0b3.dev90.
CVSS 7.5
CVE-2025-54314 WRITEUP LOW WRITEUP
Thor < 1.4.0 - OS Command Injection via Unsafe Shell Command Construction
Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments."
CVSS 2.8
CVE-2025-54379 WRITEUP CRITICAL WRITEUP
LF Edge eKuiper < 2.2.1 - Unauthenticated SQL Injection via getLast API Table Name Parameter
LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. In versions before 2.2.1, there is a critical SQL Injection vulnerability in the getLast API functionality of the eKuiper project. This flaw allows unauthenticated remote attackers to execute arbitrary SQL statements on the underlying SQLite database by manipulating the table name input in an API request. Exploitation can lead to data theft, corruption, or deletion, and full database compromise. This is fixed in version 2.2.1.
CVSS 9.8
CVE-2025-54386 WRITEUP CRITICAL WRITEUP
Traefik <2.11.7, 2.11.27, 3.0.0-3.4.4, 3.5.0-rc1 - Path Traversal & RCE via WASM Plugin
Traefik is an HTTP reverse proxy and load balancer. In versions 2.11.27 and below, 3.0.0 through 3.4.4 and 3.5.0-rc1, a path traversal vulnerability was discovered in WASM Traefik’s plugin installation mechanism. By supplying a maliciously crafted ZIP archive containing file paths with ../ sequences, an attacker can overwrite arbitrary files on the system outside of the intended plugin directory. This can lead to remote code execution (RCE), privilege escalation, persistence, or denial of service. This is fixed in versions 2.11.28, 3.4.5 and 3.5.0.
CVSS 9.8