{
"Source": "CVE FEED",
"Title": "CVE-2025-61602 - BigBlueButton vulnerable to Chat DoS via invalid reactionEmojiId",
"Content": "CVE ID : CVE-2025-61602
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaction`. Version 3.0.13 contains a patch. No known workarounds are available.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-61602 - BigBlueButton vulnerable to Chat DoS via invalid reactionEmojiId",
"Content": "CVE ID : CVE-2025-61602
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : BigBlueButton is an open-source virtual classroom. A denial-of-service (DoS) vulnerability in versions prior to 3.0.13 allows any authenticated user to crash the chat functionality for all participants in a meeting by sending a malformed `reactionEmojiId` in the GraphQL mutation `chatSendMessageReaction`. Version 3.0.13 contains a patch. No known workarounds are available.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-61773 - pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters",
"Content": "CVE ID : CVE-2025-61773
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or manipulate request handling. The vulnerability could lead to client-side code execution (XSS) or other unintended behaviors when a malicious payload is submitted. user-supplied parameters from HTTP requests were not adequately validated or sanitized before being passed into the application logic and response generation. This allowed crafted input to alter the expected execution flow. CNL (Click'N'Load) blueprint exposed unsafe handling of untrusted parameters in HTTP requests. The application did not consistently enforce input validation or encoding, making it possible for an attacker to craft malicious requests. Version 0.5.0b3.dev91 contains a patch for the issue.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-61773 - pyLoad CNL and captcha handlers allow code Injection via unsanitized parameters",
"Content": "CVE ID : CVE-2025-61773
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : pyLoad is a free and open-source download manager written in Python. In versions prior to 0.5.0b3.dev91, pyLoad web interface contained insufficient input validation in both the Captcha script endpoint and the Click'N'Load (CNL) Blueprint. This flaw allowed untrusted user input to be processed unsafely, which could be exploited by an attacker to inject arbitrary content into the web UI or manipulate request handling. The vulnerability could lead to client-side code execution (XSS) or other unintended behaviors when a malicious payload is submitted. user-supplied parameters from HTTP requests were not adequately validated or sanitized before being passed into the application logic and response generation. This allowed crafted input to alter the expected execution flow. CNL (Click'N'Load) blueprint exposed unsafe handling of untrusted parameters in HTTP requests. The application did not consistently enforce input validation or encoding, making it possible for an attacker to craft malicious requests. Version 0.5.0b3.dev91 contains a patch for the issue.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-61779 - Trustee's attestation-policy endpoint is not protected by admin autentication",
"Content": "CVE ID : CVE-2025-61779
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-61779 - Trustee's attestation-policy endpoint is not protected by admin autentication",
"Content": "CVE ID : CVE-2025-61779
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated (had the right key). This allowed any kbs-client to actually change the attestation policy. Version 0.15.0 fixes the issue.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59246 - Azure Entra ID Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59246
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Azure Entra ID Elevation of Privilege Vulnerability
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59246 - Azure Entra ID Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59246
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Azure Entra ID Elevation of Privilege Vulnerability
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59247 - Azure PlayFab Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59247
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Azure PlayFab Elevation of Privilege Vulnerability
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59247 - Azure PlayFab Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59247
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Azure PlayFab Elevation of Privilege Vulnerability
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59271 - Redis Enterprise Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59271
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Redis Enterprise Elevation of Privilege Vulnerability
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59271 - Redis Enterprise Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59271
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Redis Enterprise Elevation of Privilege Vulnerability
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59272 - Copilot Spoofing Vulnerability",
"Content": "CVE ID : CVE-2025-59272
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Copilot Spoofing Vulnerability
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59272 - Copilot Spoofing Vulnerability",
"Content": "CVE ID : CVE-2025-59272
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Copilot Spoofing Vulnerability
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59218 - Azure Entra ID Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59218
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Azure Entra ID Elevation of Privilege Vulnerability
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59218 - Azure Entra ID Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-59218
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Azure Entra ID Elevation of Privilege Vulnerability
Severity: 9.6 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59252 - M365 Copilot Spoofing Vulnerability",
"Content": "CVE ID : CVE-2025-59252
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : M365 Copilot Spoofing Vulnerability
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59252 - M365 Copilot Spoofing Vulnerability",
"Content": "CVE ID : CVE-2025-59252
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : M365 Copilot Spoofing Vulnerability
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-35059 - Newforma Info Exchange (NIX) open URL redirect via /DownloadWeb/hyperlinkredirect.aspx",
"Content": "CVE ID : CVE-2025-35059
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL redirect via the 'nhl' parameter.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-35059 - Newforma Info Exchange (NIX) open URL redirect via /DownloadWeb/hyperlinkredirect.aspx",
"Content": "CVE ID : CVE-2025-35059
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated URL redirect via the 'nhl' parameter.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-35060 - Newforma Info Exchange (NIX) stored XSS via SVG file upload",
"Content": "CVE ID : CVE-2025-35060
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-35060 - Newforma Info Exchange (NIX) stored XSS via SVG file upload",
"Content": "CVE ID : CVE-2025-35060
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-35061 - Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx",
"Content": "CVE ID : CVE-2025-35061
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-35061 - Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx",
"Content": "CVE ID : CVE-2025-35061
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-35062 - Newforma Info Exchange (NIX) default anonymous access",
"Content": "CVE ID : CVE-2025-35062
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-35062 - Newforma Info Exchange (NIX) default anonymous access",
"Content": "CVE ID : CVE-2025-35062
Published : Oct. 9, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Newforma Info Exchange (NIX) before version 2023.1 by default allows anonymous authentication which allows an unauthenticated attacker to exploit additional vulnerabilities that require authentication.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-11450 - Reflected Cross Site Scripting in ServiceNow AI Platform",
"Content": "CVE ID : CVE-2025-11450
Published : Oct. 10, 2025, 2:15 a.m. | 23 minutes ago
Description : ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-11450 - Reflected Cross Site Scripting in ServiceNow AI Platform",
"Content": "CVE ID : CVE-2025-11450
Published : Oct. 10, 2025, 2:15 a.m. | 23 minutes ago
Description : ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configurations. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-11449 - Reflected Cross Site Scripting in ServiceNow AI Platform",
"Content": "CVE ID : CVE-2025-11449
Published : Oct. 10, 2025, 2:15 a.m. | 23 minutes ago
Description : ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configuration. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-11449 - Reflected Cross Site Scripting in ServiceNow AI Platform",
"Content": "CVE ID : CVE-2025-11449
Published : Oct. 10, 2025, 2:15 a.m. | 23 minutes ago
Description : ServiceNow has addressed a reflected cross-site scripting vulnerability that was identified in the ServiceNow AI Platform. This vulnerability could result in arbitrary code being executed within the browsers of ServiceNow users who click on a specially crafted link.
ServiceNow has addressed this vulnerability by deploying a relevant security update to the majority of hosted instances. Relevant security updates also have been provided to ServiceNow self-hosted customers, partners, and hosted customers with unique configuration. Further, the vulnerability is addressed in the listed patches and hot fixes. We recommend customers promptly apply appropriate updates or upgrade if they have not already done so.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10124 - Booking Manager < 2.1.15 - Contributor+ Booking Deletion",
"Content": "CVE ID : CVE-2025-10124
Published : Oct. 10, 2025, 6:15 a.m. | 25 minutes ago
Description : The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10124 - Booking Manager < 2.1.15 - Contributor+ Booking Deletion",
"Content": "CVE ID : CVE-2025-10124
Published : Oct. 10, 2025, 6:15 a.m. | 25 minutes ago
Description : The Booking Manager WordPress plugin before 2.1.15 registers a shortcode that deletes bookings and makes that shortcode available to anyone with contributor and above privileges. When a page containing the shortcode is visited, the bookings are deleted.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-61871 - Buffalo INC. NAS Navigator2 Unquoted Service Path Privilege Escalation",
"Content": "CVE ID : CVE-2025-61871
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-61871 - Buffalo INC. NAS Navigator2 Unquoted Service Path Privilege Escalation",
"Content": "CVE ID : CVE-2025-61871
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : NAS Navigator2 Windows version by BUFFALO INC. registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-11570 - Drupal Pattern Lab Unified Twig Extensions Cross-site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-11570
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting (XSS) due to insufficient filtering of data.
**Note:**
This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Pattern Lab.
The package drupal-pattern-lab/unified-twig-extensions is unmaintained, the fix for this issue exists in version 1.1.1 of [drupal/unified_twig_ext]()
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-11570 - Drupal Pattern Lab Unified Twig Extensions Cross-site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-11570
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : Versions of the package drupal-pattern-lab/unified-twig-extensions from 0.0.0 are vulnerable to Cross-site Scripting (XSS) due to insufficient filtering of data.
**Note:**
This is exploitable only if the code is executed outside of Drupal; the function is intended to be shared between Drupal and Pattern Lab.
The package drupal-pattern-lab/unified-twig-extensions is unmaintained, the fix for this issue exists in version 1.1.1 of [drupal/unified_twig_ext]()
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-11569 - Apache Cross-Zip Directory Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-11569
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-11569 - Apache Cross-Zip Directory Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-11569
Published : Oct. 10, 2025, 5:15 a.m. | 1 hour, 25 minutes ago
Description : All versions of the package cross-zip are vulnerable to Directory Traversal via consecutive usage of zipSync() and unzipSync () functions that allow arguments such as __dirname. An attacker can access system files by selectively doing zip/unzip operations.
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-62292 - SonarQube Information Disclosure",
"Content": "CVE ID : CVE-2025-62292
Published : Oct. 10, 2025, midnight | 6 hours, 40 minutes ago
Description : In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-62292 - SonarQube Information Disclosure",
"Content": "CVE ID : CVE-2025-62292
Published : Oct. 10, 2025, midnight | 6 hours, 40 minutes ago
Description : In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-40640 - Multiple vulnerabilities in Energy CRM by Status Tracker",
"Content": "CVE ID : CVE-2025-40640
Published : Oct. 10, 2025, 8:19 a.m. | 21 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to โ/crm/create_invoice_submit.phpโ, using the โcustomerName_0โ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-40640 - Multiple vulnerabilities in Energy CRM by Status Tracker",
"Content": "CVE ID : CVE-2025-40640
Published : Oct. 10, 2025, 8:19 a.m. | 21 minutes ago
Description : Stored Cross-Site Scripting (XSS) vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to โ/crm/create_invoice_submit.phpโ, using the โcustomerName_0โ parameter. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "10 Oct 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น