{
"Source": "CVE FEED",
"Title": "CVE-2025-59286 - Copilot Spoofing Vulnerability",
"Content": "CVE ID : CVE-2025-59286
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Copilot Spoofing Vulnerability
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59286 - Copilot Spoofing Vulnerability",
"Content": "CVE ID : CVE-2025-59286
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Copilot Spoofing Vulnerability
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-60375 - Perfex CRM Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-60375
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including administrative accounts, without providing valid credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-60375 - Perfex CRM Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-60375
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : The authentication mechanism in Perfex CRM before 3.3.1 allows attackers to bypass login credentials due to insufficient server-side validation. By sending empty username and password parameters in the login request, an attacker can gain unauthorized access to user accounts, including administrative accounts, without providing valid credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-61601 - BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation",
"Content": "CVE ID : CVE-2025-61601
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's `Choices` response type. By submitting a malicious payload with a massive array in the `answerIds` field, the attacker can cause the current meeting — and potentially all meetings on the server — to become unresponsive. Version 3.0.13 contains a patch. No known workarounds are available.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-61601 - BigBlueButton vulnerable to DoS via PollSubmitVote GraphQL mutation",
"Content": "CVE ID : CVE-2025-61601
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : BigBlueButton is an open-source virtual classroom. A Denial of Service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to freeze or crash the entire server by abusing the polling feature's `Choices` response type. By submitting a malicious payload with a massive array in the `answerIds` field, the attacker can cause the current meeting — and potentially all meetings on the server — to become unresponsive. Version 3.0.13 contains a patch. No known workarounds are available.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-61602 - BigBlueButton vulnerable to Chat DoS via invalid reactionEmojiId",
"Content": "CVE ID : CVE-2025-61602
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaction`. Version 3.0.13 contains a patch. No known workarounds are available.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-61602 - BigBlueButton vulnerable to Chat DoS via invalid reactionEmojiId",
"Content": "CVE ID : CVE-2025-61602
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaction`. Version 3.0.13 contains a patch. No known workarounds are available.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-61773 - pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters",
"Content": "CVE ID : CVE-2025-61773
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or manipulate request handling. The vulnerability could lead to client-side code execution (XSS) or other unintended behaviors when a malicious payload is submitted. user-supplied parameters from HTTP requests were not adequately validated or sanitized before being passed into the application logic and response generation. This allowed crafted input to alter the expected execution flow. CNL (Click'N'Load) blueprint exposed unsafe handling of untrusted parameters in HTTP requests. The application did not consistently enforce input validation or encoding, making it possible for an attacker to craft malicious requests. Version 0.5.0b3.dev91 contains a patch for the issue.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-61773 - pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters",
"Content": "CVE ID : CVE-2025-61773
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or manipulate request handling. The vulnerability could lead to client-side code execution (XSS) or other unintended behaviors when a malicious payload is submitted. user-supplied parameters from HTTP requests were not adequately validated or sanitized before being passed into the application logic and response generation. This allowed crafted input to alter the expected execution flow. CNL (Click'N'Load) blueprint exposed unsafe handling of untrusted parameters in HTTP requests. The application did not consistently enforce input validation or encoding, making it possible for an attacker to craft malicious requests. Version 0.5.0b3.dev91 contains a patch for the issue.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-61779 - Trustee's attestation-policy endpoint is not protected by admin autentication",
"Content": "CVE ID : CVE-2025-61779
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-61779 - Trustee's attestation-policy endpoint is not protected by admin autentication",
"Content": "CVE ID : CVE-2025-61779
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59246 - Azure Entra ID Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59246
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Azure Entra ID Elevation of Privilege Vulnerability
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59246 - Azure Entra ID Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59246
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Azure Entra ID Elevation of Privilege Vulnerability
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59247 - Azure PlayFab Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59247
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Azure PlayFab Elevation of Privilege Vulnerability
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59247 - Azure PlayFab Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59247
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Azure PlayFab Elevation of Privilege Vulnerability
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59271 - Redis Enterprise Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59271
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Redis Enterprise Elevation of Privilege Vulnerability
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59271 - Redis Enterprise Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59271
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Redis Enterprise Elevation of Privilege Vulnerability
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59272 - Copilot Spoofing Vulnerability",
"Content": "CVE ID : CVE-2025-59272
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Copilot Spoofing Vulnerability
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59272 - Copilot Spoofing Vulnerability",
"Content": "CVE ID : CVE-2025-59272
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Copilot Spoofing Vulnerability
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59218 - Azure Entra ID Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59218
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Azure Entra ID Elevation of Privilege Vulnerability
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59218 - Azure Entra ID Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59218
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Azure Entra ID Elevation of Privilege Vulnerability
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59252 - M365 Copilot Spoofing Vulnerability",
"Content": "CVE ID : CVE-2025-59252
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : M365 Copilot Spoofing Vulnerability
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59252 - M365 Copilot Spoofing Vulnerability",
"Content": "CVE ID : CVE-2025-59252
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : M365 Copilot Spoofing Vulnerability
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-35059 - Newforma Info Exchange (NIX) open URL redirect via /DownloadWeb/hyperlinkredirect.aspx",
"Content": "CVE ID : CVE-2025-35059
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL redirect via the 'nhl' parameter.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-35059 - Newforma Info Exchange (NIX) open URL redirect via /DownloadWeb/hyperlinkredirect.aspx",
"Content": "CVE ID : CVE-2025-35059
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL redirect via the 'nhl' parameter.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-35060 - Newforma Info Exchange (NIX) stored XSS via SVG file upload",
"Content": "CVE ID : CVE-2025-35060
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-35060 - Newforma Info Exchange (NIX) stored XSS via SVG file upload",
"Content": "CVE ID : CVE-2025-35060
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-35061 - Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx",
"Content": "CVE ID : CVE-2025-35061
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-35061 - Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx",
"Content": "CVE ID : CVE-2025-35061
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-35062 - Newforma Info Exchange (NIX) default anonymous access",
"Content": "CVE ID : CVE-2025-35062
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-35062 - Newforma Info Exchange (NIX) default anonymous access",
"Content": "CVE ID : CVE-2025-35062
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-11450 - Reflected Cross Site Scripting in ServiceNow AI Platform",
"Content": "CVE ID : CVE-2025-11450
Published : Oct. 10, 2025, 2:15 a.m. | 23 minutes ago
Description : ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-11450 - Reflected Cross Site Scripting in ServiceNow AI Platform",
"Content": "CVE ID : CVE-2025-11450
Published : Oct. 10, 2025, 2:15 a.m. | 23 minutes ago
Description : ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-11449 - Reflected Cross Site Scripting in ServiceNow AI Platform",
"Content": "CVE ID : CVE-2025-11449
Published : Oct. 10, 2025, 2:15 a.m. | 23 minutes ago
Description : ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configuration. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-11449 - Reflected Cross Site Scripting in ServiceNow AI Platform",
"Content": "CVE ID : CVE-2025-11449
Published : Oct. 10, 2025, 2:15 a.m. | 23 minutes ago
Description : ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configuration. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10124 - Booking Manager < 2.1.15 - Contributor+ Booking Deletion",
"Content": "CVE ID : CVE-2025-10124
Published : Oct. 10, 2025, 6:15 a.m. | 25 minutes ago
Description : The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10124 - Booking Manager < 2.1.15 - Contributor+ Booking Deletion",
"Content": "CVE ID : CVE-2025-10124
Published : Oct. 10, 2025, 6:15 a.m. | 25 minutes ago
Description : The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-61871 - Buffalo INC. NAS Navigator2 Unquoted Service Path Privilege Escalation",
"Content": "CVE ID : CVE-2025-61871
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-61871 - Buffalo INC. NAS Navigator2 Unquoted Service Path Privilege Escalation",
"Content": "CVE ID : CVE-2025-61871
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-11570 - Drupal Pattern Lab Unified Twig Extensions Cross-site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-11570
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting (XSS) due to insufficient filtering of data.
**Note:**
This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Pattern Lab.
The package drupal-pattern-lab/unified-twig-extensions is unmaintained, the fix for this issue exists in version 1.1.1 of [drupal/unified_twig_ext]()
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-11570 - Drupal Pattern Lab Unified Twig Extensions Cross-site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-11570
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting (XSS) due to insufficient filtering of data.
**Note:**
This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Pattern Lab.
The package drupal-pattern-lab/unified-twig-extensions is unmaintained, the fix for this issue exists in version 1.1.1 of [drupal/unified_twig_ext]()
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹