{
"Source": "CVE FEED",
"Title": "CVE-2025-59525 - Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover",
"Content": "CVE ID : CVE-2025-59525
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed ), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcements). This can result in admin account takeover. This issue has been patched in version 1.4.0.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59525 - Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover",
"Content": "CVE ID : CVE-2025-59525
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed ), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcements). This can result in admin account takeover. This issue has been patched in version 1.4.0.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59251 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-59251
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59251 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-59251
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Severity: 7.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-57348 - Node-Cube Prototype Pollution Vulnerability",
"Content": "CVE ID : CVE-2025-57348
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : The node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of user-supplied input in the package's resource initialization process. Successful exploitation may lead to denial of service or arbitrary code execution in affected environments. The vulnerability affects versions up to and including 5.0.0-beta.19, and no official fix has been released to date.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-57348 - Node-Cube Prototype Pollution Vulnerability",
"Content": "CVE ID : CVE-2025-57348
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : The node-cube package (prior to version 5.0.0) contains a vulnerability in its handling of prototype chain initialization, which could allow an attacker to inject properties into the prototype of built-in objects. This issue, categorized under CWE-1321, arises from improper validation of user-supplied input in the package's resource initialization process. Successful exploitation may lead to denial of service or arbitrary code execution in affected environments. The vulnerability affects versions up to and including 5.0.0-beta.19, and no official fix has been released to date.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-57349 - MessageFormat Prototype Pollution Vulnerability in JavaScript",
"Content": "CVE ID : CVE-2025-57349
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special characters (e.g., __proto__ ), which can lead to unintended modification of the JavaScript Object prototype. This vulnerability may allow a remote attacker to inject properties into the global object prototype via specially crafted message input, potentially causing denial of service or other undefined behaviors in applications using the affected component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-57349 - MessageFormat Prototype Pollution Vulnerability in JavaScript",
"Content": "CVE ID : CVE-2025-57349
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : The messageformat package, an implementation of the Unicode MessageFormat 2 specification for JavaScript, is vulnerable to prototype pollution due to improper handling of message key paths in versions prior to 2.3.0. The flaw arises when processing nested message keys containing special characters (e.g., __proto__ ), which can lead to unintended modification of the JavaScript Object prototype. This vulnerability may allow a remote attacker to inject properties into the global object prototype via specially crafted message input, potentially causing denial of service or other undefined behaviors in applications using the affected component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-57351 - "ts-fns Prototype Pollution Vulnerability"",
"Content": "CVE ID : CVE-2025-57351
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties into the global object's prototype, potentially leading to application crashes, unexpected code execution behaviors, or bypasses of security-critical validation logic dependent on prototype integrity. The vulnerability stems from improper handling of deep property assignment operations within the library's public API functions. This issue remains unaddressed in the latest available version.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-57351 - "ts-fns Prototype Pollution Vulnerability"",
"Content": "CVE ID : CVE-2025-57351
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : A prototype pollution vulnerability exists in the ts-fns package versions prior to 13.0.7, where insufficient validation of user-provided keys in the assign function allows attackers to manipulate the Object.prototype chain. By leveraging this flaw, adversaries may inject arbitrary properties into the global object's prototype, potentially leading to application crashes, unexpected code execution behaviors, or bypasses of security-critical validation logic dependent on prototype integrity. The vulnerability stems from improper handling of deep property assignment operations within the library's public API functions. This issue remains unaddressed in the latest available version.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-57330 - Web3-Core-Subscriptions Prototype Pollution Vulnerability",
"Content": "CVE ID : CVE-2025-57330
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-57330 - Web3-Core-Subscriptions Prototype Pollution Vulnerability",
"Content": "CVE ID : CVE-2025-57330
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : The web3-core-subscriptions is a package designed to manages web3 subscriptions. A Prototype Pollution vulnerability in the attachToObject function of web3-core-subscriptions version 1.10.4 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-57347 - Node.js dagre-d3-es Prototype Pollution Vulnerability",
"Content": "CVE ID : CVE-2025-57347
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution vulnerabilities by injecting malicious input values (e.g., "__proto__"), enabling unauthorized modification of the JavaScript Object prototype chain. Successful exploitation could lead to denial of service conditions, unexpected application behavior, or potential execution of arbitrary code in contexts where polluted properties are later accessed or executed. The issue affects versions prior to 7.0.11 and remains unpatched at the time of disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-57347 - Node.js dagre-d3-es Prototype Pollution Vulnerability",
"Content": "CVE ID : CVE-2025-57347
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : A vulnerability exists in the 'dagre-d3-es' Node.js package version 7.0.9, specifically within the 'bk' module's addConflict function, which fails to properly sanitize user-supplied input during property assignment operations. This flaw allows attackers to exploit prototype pollution vulnerabilities by injecting malicious input values (e.g., "__proto__"), enabling unauthorized modification of the JavaScript Object prototype chain. Successful exploitation could lead to denial of service conditions, unexpected application behavior, or potential execution of arbitrary code in contexts where polluted properties are later accessed or executed. The issue affects versions prior to 7.0.11 and remains unpatched at the time of disclosure.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-55322 - OmniParser Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-55322
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-55322 - OmniParser Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-55322
Published : Sept. 24, 2025, 7:15 p.m. | 1 hour, 50 minutes ago
Description : Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "24 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54520 - Xilinx FPGA Power Glitch Attack Vulnerability",
"Content": "CVE ID : CVE-2025-54520
Published : Sept. 24, 2025, 10:15 p.m. | 52 minutes ago
Description : Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54520 - Xilinx FPGA Power Glitch Attack Vulnerability",
"Content": "CVE ID : CVE-2025-54520
Published : Sept. 24, 2025, 10:15 p.m. | 52 minutes ago
Description : Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10894 - Nx: nx/devkit: malicious versions of nx and plugins published to npm",
"Content": "CVE ID : CVE-2025-10894
Published : Sept. 24, 2025, 10:15 p.m. | 52 minutes ago
Description : Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10894 - Nx: nx/devkit: malicious versions of nx and plugins published to npm",
"Content": "CVE ID : CVE-2025-10894
Published : Sept. 24, 2025, 10:15 p.m. | 52 minutes ago
Description : Malicious code was inserted into the Nx (build system) package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts.
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-57319 - Fast-Redact Prototype Pollution",
"Content": "CVE ID : CVE-2025-57319
Published : Sept. 24, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-57319 - Fast-Redact Prototype Pollution",
"Content": "CVE ID : CVE-2025-57319
Published : Sept. 24, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : fast-redact is a package that provides do very fast object redaction. A Prototype Pollution vulnerability in the nestedRestore function of fast-redact version 3.5.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-57320 - Json-Schema-Editor-Visual Prototype Pollution",
"Content": "CVE ID : CVE-2025-57320
Published : Sept. 24, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-57320 - Json-Schema-Editor-Visual Prototype Pollution",
"Content": "CVE ID : CVE-2025-57320
Published : Sept. 24, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : json-schema-editor-visual is a package that provides jsonschema editor. A Prototype Pollution vulnerability in the setData and deleteData function of json-schema-editor-visual versions thru 1.1.1 allows attackers to inject or delete properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-57324 - Parse Prototype Pollution Vulnerability",
"Content": "CVE ID : CVE-2025-57324
Published : Sept. 24, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-57324 - Parse Prototype Pollution Vulnerability",
"Content": "CVE ID : CVE-2025-57324
Published : Sept. 24, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : parse is a package designed to parse JavaScript SDK. A Prototype Pollution vulnerability in the SingleInstanceStateController.initializeState function of parse version 5.3.0 and before allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-57318 - Apache csvjson Prototype Pollution Vulnerability",
"Content": "CVE ID : CVE-2025-57318
Published : Sept. 24, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-57318 - Apache csvjson Prototype Pollution Vulnerability",
"Content": "CVE ID : CVE-2025-57318
Published : Sept. 24, 2025, 9:15 p.m. | 1 hour, 52 minutes ago
Description : A Prototype Pollution vulnerability in the toCsv function of csvjson versions thru 5.1.0 allows attackers to inject properties on Object.prototype via supplying a crafted payload, causing denial of service (DoS) as the minimum consequence.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21056 - HP Retail Mode Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-21056
Published : Sept. 25, 2025, 6:15 a.m. | 46 minutes ago
Description : Improper input validation in Retail Mode prior to version 5.59.4 allows self attackers to execute privileged commands on their own devices.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21056 - HP Retail Mode Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-21056
Published : Sept. 25, 2025, 6:15 a.m. | 46 minutes ago
Description : Improper input validation in Retail Mode prior to version 5.59.4 allows self attackers to execute privileged commands on their own devices.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10438 - Path Traversal in Yordam BT's Yordam Katalog",
"Content": "CVE ID : CVE-2025-10438
Published : Sept. 25, 2025, 10:15 a.m. | 35 minutes ago
Description : Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal.This issue affects Yordam Katalog: before 21.7.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10438 - Path Traversal in Yordam BT's Yordam Katalog",
"Content": "CVE ID : CVE-2025-10438
Published : Sept. 25, 2025, 10:15 a.m. | 35 minutes ago
Description : Path Traversal: 'dir/../../filename' vulnerability in Yordam Information Technology Consulting Education and Electrical Systems Industry Trade Inc. Yordam Katalog allows Path Traversal.This issue affects Yordam Katalog: before 21.7.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10940 - Total.js CMS Layout admin layouts_save cross site scripting",
"Content": "CVE ID : CVE-2025-10940
Published : Sept. 25, 2025, 10:32 a.m. | 18 minutes ago
Description : A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layouts_save of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10940 - Total.js CMS Layout admin layouts_save cross site scripting",
"Content": "CVE ID : CVE-2025-10940
Published : Sept. 25, 2025, 10:32 a.m. | 18 minutes ago
Description : A vulnerability was found in Total.js CMS 1.0.0. Affected by this vulnerability is the function layouts_save of the file /admin/ of the component Layout Page. Performing manipulation of the argument HTML results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10942 - H3C Magic B3 aspForm AddMacList buffer overflow",
"Content": "CVE ID : CVE-2025-10942
Published : 25 Sep 2025, 11:02 a.m. | 23 minutes ago
Description : A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10942 - H3C Magic B3 aspForm AddMacList buffer overflow",
"Content": "CVE ID : CVE-2025-10942
Published : 25 Sep 2025, 11:02 a.m. | 23 minutes ago
Description : A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10941 - Topaz SERVCore Teller Installer SERVCoreTeller_2.0.40D.msi permission",
"Content": "CVE ID : CVE-2025-10941
Published : 25 Sep 2025, 11:02 a.m. | 23 minutes ago
Description : A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be launched locally. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10941 - Topaz SERVCore Teller Installer SERVCoreTeller_2.0.40D.msi permission",
"Content": "CVE ID : CVE-2025-10941
Published : 25 Sep 2025, 11:02 a.m. | 23 minutes ago
Description : A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be launched locally. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10947 - Sistemas Pleno Gestรฃo de Locaรงรฃo CPF validarCpf authorization",
"Content": "CVE ID : CVE-2025-10947
Published : Sept. 25, 2025, 1:02 p.m. | 26 minutes ago
Description : A flaw has been found in Sistemas Pleno Gestรฃo de Locaรงรฃo up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing manipulation of the argument pes_cpf can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. Upgrading to version 2025.8.0 is sufficient to resolve this issue. It is advisable to upgrade the affected component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10947 - Sistemas Pleno Gestรฃo de Locaรงรฃo CPF validarCpf authorization",
"Content": "CVE ID : CVE-2025-10947
Published : Sept. 25, 2025, 1:02 p.m. | 26 minutes ago
Description : A flaw has been found in Sistemas Pleno Gestรฃo de Locaรงรฃo up to 2025.7.x. The impacted element is an unknown function of the file /api/areacliente/pessoa/validarCpf of the component CPF Handler. Executing manipulation of the argument pes_cpf can lead to authorization bypass. The attack can be executed remotely. The exploit has been published and may be used. Upgrading to version 2025.8.0 is sufficient to resolve this issue. It is advisable to upgrade the affected component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10946 - nuz007 smsboom dy.php cross site scripting",
"Content": "CVE ID : CVE-2025-10946
Published : Sept. 25, 2025, 1:02 p.m. | 26 minutes ago
Description : A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results in cross site scripting. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10946 - nuz007 smsboom dy.php cross site scripting",
"Content": "CVE ID : CVE-2025-10946
Published : Sept. 25, 2025, 1:02 p.m. | 26 minutes ago
Description : A vulnerability was detected in nuz007 smsboom up to 01b2f35bbbc23f3e0f60f38ca0e3d1b286f8d674. The affected element is an unknown function of the file dy.php. Performing manipulation of the argument hm results in cross site scripting. Remote exploitation of the attack is possible. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "25 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น