{
"Source": "CVE FEED",
"Title": "CVE-2025-53481 - WikiMedia Mediawiki IPInfo Extension Uncontrolled Resource Consumption DoS",
"Content": "CVE ID : CVE-2025-53481
Published : July 4, 2025, 4:15 p.m. | 2 hours, 10 minutes ago
Description : Uncontrolled Resource Consumption vulnerability in Wikimedia Foundation Mediawiki - IPInfo Extension allows Excessive Allocation.This issue affects Mediawiki - IPInfo Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-53481 - WikiMedia Mediawiki IPInfo Extension Uncontrolled Resource Consumption DoS",
"Content": "CVE ID : CVE-2025-53481
Published : July 4, 2025, 4:15 p.m. | 2 hours, 10 minutes ago
Description : Uncontrolled Resource Consumption vulnerability in Wikimedia Foundation Mediawiki - IPInfo Extension allows Excessive Allocation.This issue affects Mediawiki - IPInfo Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-53484 - Mediawiki SecurePoll Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-53484
Published : July 4, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : User-controlled inputs are improperly escaped in:
*
VotePage.php (poll option input)
*
ResultPage::getPagesTab() and getErrorsTab() (user-controllable page names)
This allows attackers to inject JavaScript and compromise user sessions under certain conditions.
This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-53484 - Mediawiki SecurePoll Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-53484
Published : July 4, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : User-controlled inputs are improperly escaped in:
*
VotePage.php (poll option input)
*
ResultPage::getPagesTab() and getErrorsTab() (user-controllable page names)
This allows attackers to inject JavaScript and compromise user sessions under certain conditions.
This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-53485 - Mediawiki SecurePoll Election Admin Authentication Bypass",
"Content": "CVE ID : CVE-2025-53485
Published : July 4, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing.
This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-53485 - Mediawiki SecurePoll Election Admin Authentication Bypass",
"Content": "CVE ID : CVE-2025-53485
Published : July 4, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing.
This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7067 - HDF5 Heap-Based Buffer Overflow",
"Content": "CVE ID : CVE-2025-7067
Published : July 4, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-7067 - HDF5 Heap-Based Buffer Overflow",
"Content": "CVE ID : CVE-2025-7067
Published : July 4, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-53483 - Mediawiki SecurePoll CSRF",
"Content": "CVE ID : CVE-2025-53483
Published : July 4, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site.
This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-53483 - Mediawiki SecurePoll CSRF",
"Content": "CVE ID : CVE-2025-53483
Published : July 4, 2025, 6:15 p.m. | 2 hours, 12 minutes ago
Description : ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site.
This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-53602 - Zipkin Spring Boot Actuator Heapdump Information Disclosure",
"Content": "CVE ID : CVE-2025-53602
Published : July 4, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a similar issue to CVE-2025-48927.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-53602 - Zipkin Spring Boot Actuator Heapdump Information Disclosure",
"Content": "CVE ID : CVE-2025-53602
Published : July 4, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : Zipkin through 3.5.1 has a /heapdump endpoint (associated with the use of Spring Boot Actuator), a similar issue to CVE-2025-48927.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7068 - HDF5 Memory Leak Vulnerability",
"Content": "CVE ID : CVE-2025-7068
Published : July 4, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-7068 - HDF5 Memory Leak Vulnerability",
"Content": "CVE ID : CVE-2025-7068
Published : July 4, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7069 - HDF5 Heap-Based Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-7069
Published : July 4, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-7069 - HDF5 Heap-Based Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-7069
Published : July 4, 2025, 9:15 p.m. | 1 hour, 14 minutes ago
Description : A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43711 - Tunnelblick Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-43711
Published : July 5, 2025, 12:15 a.m. | 18 minutes ago
Description : Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43711 - Tunnelblick Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-43711
Published : July 5, 2025, 12:15 a.m. | 18 minutes ago
Description : Tunnelblick 3.5beta06 before 7.0, when incompletely uninstalled, allows attackers to execute arbitrary code as root (upon the next boot) by dragging a crafted Tunnelblick.app file into /Applications.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-26850 - Quest KACE Systems Management Appliance Local Privilege Escalation",
"Content": "CVE ID : CVE-2025-26850
Published : July 5, 2025, 12:15 a.m. | 18 minutes ago
Description : The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-26850 - Quest KACE Systems Management Appliance Local Privilege Escalation",
"Content": "CVE ID : CVE-2025-26850
Published : July 5, 2025, 12:15 a.m. | 18 minutes ago
Description : The agent in Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 potentially allows privilege escalation on managed systems.
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48952 - NetAlertX SHA-256 Magic Hash Login Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-48952
Published : July 4, 2025, 11:15 p.m. | 1 hour, 18 minutes ago
Description : NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in front/index.php. This introduces a security issue where specially crafted "magic hash" values that evaluate to true in a loose comparison can bypass authentication. Because of the use of `==` instead of the strict `===`, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain "weird" passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48952 - NetAlertX SHA-256 Magic Hash Login Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-48952
Published : July 4, 2025, 11:15 p.m. | 1 hour, 18 minutes ago
Description : NetAlertX is a network, presence scanner, and alert framework. Prior to version 25.6.7, a vulnerability in the authentication logic allows users to bypass password verification using SHA-256 magic hashes, due to loose comparison in PHP. In vulnerable versions of the application, a password comparison is performed using the `==` operator at line 40 in front/index.php. This introduces a security issue where specially crafted "magic hash" values that evaluate to true in a loose comparison can bypass authentication. Because of the use of `==` instead of the strict `===`, different strings that begin with 0e and are followed by only digits can be interpreted as scientific notation (i.e., zero) and treated as equal. This issue falls under the Login Bypass vulnerability class. Users with certain "weird" passwords that produce magic hashes are particularly affected. Services relying on this logic are at risk of unauthorized access. Version 25.6.7 fixes the vulnerability.
Severity: 9.4 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-53365 - Apache MCP Python SDK Denial of Service",
"Content": "CVE ID : CVE-2025-53365
Published : July 4, 2025, 10:15 p.m. | 2 hours, 18 minutes ago
Description : The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.10.0 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-53365 - Apache MCP Python SDK Denial of Service",
"Content": "CVE ID : CVE-2025-53365
Published : July 4, 2025, 10:15 p.m. | 2 hours, 18 minutes ago
Description : The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.10.0, if a client deliberately triggers an exception after establishing a streamable HTTP session, this can lead to an uncaught ClosedResourceError on the server side, causing the server to crash and requiring a restart to restore service. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.10.0 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-53366 - Apache MCP Model Context Protocol Denial of Service",
"Content": "CVE ID : CVE-2025-53366
Published : July 4, 2025, 10:15 p.m. | 2 hours, 18 minutes ago
Description : The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.9.4 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-53366 - Apache MCP Model Context Protocol Denial of Service",
"Content": "CVE ID : CVE-2025-53366
Published : July 4, 2025, 10:15 p.m. | 2 hours, 18 minutes ago
Description : The MCP Python SDK, called `mcp` on PyPI, is a Python implementation of the Model Context Protocol (MCP). Prior to version 1.9.4, a validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Version 1.9.4 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7070 - "IROAD Dashcam Q9 Local Network Resource Allocation Vulnerability"",
"Content": "CVE ID : CVE-2025-7070
Published : July 4, 2025, 10:15 p.m. | 2 hours, 18 minutes ago
Description : A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component MFA Pairing Request Handler. The manipulation leads to allocation of resources. The attack needs to be done within the local network. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-7070 - "IROAD Dashcam Q9 Local Network Resource Allocation Vulnerability"",
"Content": "CVE ID : CVE-2025-7070
Published : July 4, 2025, 10:15 p.m. | 2 hours, 18 minutes ago
Description : A vulnerability has been found in IROAD Dashcam Q9 up to 20250624 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component MFA Pairing Request Handler. The manipulation leads to allocation of resources. The attack needs to be done within the local network. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-58254 - Rustls TLS ClientHello Panic",
"Content": "CVE ID : CVE-2024-58254
Published : July 5, 2025, 2:15 a.m. | 20 minutes ago
Description : The rustls crate 0.23.13 before 0.23.18 for Rust, when rustls::server::Acceptor::accept is used, allows a panic via a fragmented TLS ClientHello.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-58254 - Rustls TLS ClientHello Panic",
"Content": "CVE ID : CVE-2024-58254
Published : July 5, 2025, 2:15 a.m. | 20 minutes ago
Description : The rustls crate 0.23.13 before 0.23.18 for Rust, when rustls::server::Acceptor::accept is used, allows a panic via a fragmented TLS ClientHello.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-53604 - Apache Web-Push Denial of Service",
"Content": "CVE ID : CVE-2025-53604
Published : July 5, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-53604 - Apache Web-Push Denial of Service",
"Content": "CVE ID : CVE-2025-53604
Published : July 5, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : The web-push crate before 0.10.3 for Rust allows a denial of service (memory consumption) in the built-in clients via a large integer in a Content-Length header.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
❤1
{
"Source": "CVE FEED",
"Title": "CVE-2025-53605 - Google Protobuf Rust Crate Uncontrolled Recursion Vulnerability",
"Content": "CVE ID : CVE-2025-53605
Published : July 5, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-53605 - Google Protobuf Rust Crate Uncontrolled Recursion Vulnerability",
"Content": "CVE ID : CVE-2025-53605
Published : July 5, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
❤1
{
"Source": "CVE FEED",
"Title": "CVE-2025-53603 - Alinto SOPE SOGo NULL Pointer Dereference",
"Content": "CVE ID : CVE-2025-53603
Published : July 5, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-53603 - Alinto SOPE SOGo NULL Pointer Dereference",
"Content": "CVE ID : CVE-2025-53603
Published : July 5, 2025, 1:15 a.m. | 1 hour, 20 minutes ago
Description : In Alinto SOPE SOGo 2.0.2 through 5.12.2, sope-core/NGExtensions/NGHashMap.m allows a NULL pointer dereference and SOGo crash via a request in which a parameter in the query string is a duplicate of a parameter in the POST body.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2023-50786 - Dradis HTTP Image Reference Vulnerability (Arbitrary Code Execution)",
"Content": "CVE ID : CVE-2023-50786
Published : July 5, 2025, 4:15 a.m. | 22 minutes ago
Description : Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2023-50786 - Dradis HTTP Image Reference Vulnerability (Arbitrary Code Execution)",
"Content": "CVE ID : CVE-2023-50786
Published : July 5, 2025, 4:15 a.m. | 22 minutes ago
Description : Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to steal the Net-NTLM hashes of other authors on a Windows domain network.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-47227 - Netmake ScriptCase Authentication Bypass",
"Content": "CVE ID : CVE-2025-47227
Published : July 5, 2025, 3:15 a.m. | 1 hour, 22 minutes ago
Description : In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-47227 - Netmake ScriptCase Authentication Bypass",
"Content": "CVE ID : CVE-2025-47227
Published : July 5, 2025, 3:15 a.m. | 1 hour, 22 minutes ago
Description : In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-47228 - Shell Injection Vulnerability in Netmake ScriptCase Production Environment Extension",
"Content": "CVE ID : CVE-2025-47228
Published : July 5, 2025, 3:15 a.m. | 1 hour, 22 minutes ago
Description : In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-47228 - Shell Injection Vulnerability in Netmake ScriptCase Production Environment Extension",
"Content": "CVE ID : CVE-2025-47228
Published : July 5, 2025, 3:15 a.m. | 1 hour, 22 minutes ago
Description : In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jul 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹