{
"Source": "CVE FEED",
"Title": "CVE-2025-7110 - Portabilis i-Educar Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-7110
Published : July 7, 2025, 4:15 a.m. | 1 hour, 28 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7110 - Portabilis i-Educar Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-7110
Published : July 7, 2025, 4:15 a.m. | 1 hour, 28 minutes ago
Description : A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-7116 - UTT θΏε Wireless Config Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-7116
Published : July 7, 2025, 7:15 a.m. | 36 minutes ago
Description : A vulnerability classified as critical has been found in UTT θΏε 750W up to 3.2.2-191225. This affects an unknown part of the file /goform/Fast_wireless_conf. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7116 - UTT θΏε Wireless Config Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-7116
Published : July 7, 2025, 7:15 a.m. | 36 minutes ago
Description : A vulnerability classified as critical has been found in UTT θΏε 750W up to 3.2.2-191225. This affects an unknown part of the file /goform/Fast_wireless_conf. The manipulation of the argument ssid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-7117 - UTT HiPER 840G Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-7117
Published : July 7, 2025, 7:15 a.m. | 36 minutes ago
Description : A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328. This vulnerability affects unknown code of the file /goform/websWhiteList. The manipulation of the argument addHostFilter leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7117 - UTT HiPER 840G Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-7117
Published : July 7, 2025, 7:15 a.m. | 36 minutes ago
Description : A vulnerability classified as critical was found in UTT HiPER 840G up to 3.1.1-190328. This vulnerability affects unknown code of the file /goform/websWhiteList. The manipulation of the argument addHostFilter leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-41672 - Citrix NetScaler JWT Token Default Certificate Vulnerability",
"Content": "CVE ID : CVE-2025-41672
Published : July 7, 2025, 7:15 a.m. | 36 minutes ago
Description : A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-41672 - Citrix NetScaler JWT Token Default Certificate Vulnerability",
"Content": "CVE ID : CVE-2025-41672
Published : July 7, 2025, 7:15 a.m. | 36 minutes ago
Description : A remote unauthenticated attacker may use default certificates to generate JWT Tokens and gain full access to the tool and all connected devices.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-7114 - SimStudioAI Session Handler Missing Authentication Vulnerability",
"Content": "CVE ID : CVE-2025-7114
Published : July 7, 2025, 6:15 a.m. | 1 hour, 36 minutes ago
Description : A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7114 - SimStudioAI Session Handler Missing Authentication Vulnerability",
"Content": "CVE ID : CVE-2025-7114
Published : July 7, 2025, 6:15 a.m. | 1 hour, 36 minutes ago
Description : A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-7115 - Rowboatlabs Rowboat Remote Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-7115
Published : July 7, 2025, 6:15 a.m. | 1 hour, 36 minutes ago
Description : A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session Handler. The manipulation of the argument params leads to missing authentication. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. It is expected that this issue will be fixed in the near future.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7115 - Rowboatlabs Rowboat Remote Authentication Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-7115
Published : July 7, 2025, 6:15 a.m. | 1 hour, 36 minutes ago
Description : A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session Handler. The manipulation of the argument params leads to missing authentication. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. It is expected that this issue will be fixed in the near future.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-7121 - Campcodes Complaint Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-7121
Published : July 7, 2025, 9:15 a.m. | 40 minutes ago
Description : A vulnerability was found in Campcodes Complaint Management System 1.0. It has been classified as critical. This affects an unknown part of the file /users/complaint-details.php. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7121 - Campcodes Complaint Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-7121
Published : July 7, 2025, 9:15 a.m. | 40 minutes ago
Description : A vulnerability was found in Campcodes Complaint Management System 1.0. It has been classified as critical. This affects an unknown part of the file /users/complaint-details.php. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-7120 - Campcodes Complaint Management System SQL Injection",
"Content": "CVE ID : CVE-2025-7120
Published : July 7, 2025, 9:15 a.m. | 40 minutes ago
Description : A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /users/check_availability.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7120 - Campcodes Complaint Management System SQL Injection",
"Content": "CVE ID : CVE-2025-7120
Published : July 7, 2025, 9:15 a.m. | 40 minutes ago
Description : A vulnerability was found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /users/check_availability.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-3920 - SUR-FBD CMMS Hard-Coded Credentials Disclosure",
"Content": "CVE ID : CVE-2025-3920
Published : July 7, 2025, 9:15 a.m. | 40 minutes ago
Description : A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extract these credentials, potentially leading to a complete compromise of the application's administrative functions. This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-3920 - SUR-FBD CMMS Hard-Coded Credentials Disclosure",
"Content": "CVE ID : CVE-2025-3920
Published : July 7, 2025, 9:15 a.m. | 40 minutes ago
Description : A vulnerability was identified in SUR-FBD CMMS where hard-coded credentials were found within a compiled DLL file. These credentials correspond to a built-in administrative account of the software. An attacker with local access to the system or the application's installation directory could extract these credentials, potentially leading to a complete compromise of the application's administrative functions. This issue was fixed in version 2025.03.27 of the SUR-FBD CMMS software.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-7118 - UTT HiPER 840G Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-7118
Published : July 7, 2025, 8:15 a.m. | 1 hour, 40 minutes ago
Description : A vulnerability, which was classified as critical, has been found in UTT HiPER 840G up to 3.1.1-190328. This issue affects some unknown processing of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7118 - UTT HiPER 840G Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-7118
Published : July 7, 2025, 8:15 a.m. | 1 hour, 40 minutes ago
Description : A vulnerability, which was classified as critical, has been found in UTT HiPER 840G up to 3.1.1-190328. This issue affects some unknown processing of the file /goform/formPictureUrl. The manipulation of the argument importpictureurl leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-7119 - Campcodes Complaint Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-7119
Published : July 7, 2025, 8:15 a.m. | 1 hour, 40 minutes ago
Description : A vulnerability has been found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /users/index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7119 - Campcodes Complaint Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-7119
Published : July 7, 2025, 8:15 a.m. | 1 hour, 40 minutes ago
Description : A vulnerability has been found in Campcodes Complaint Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /users/index.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-7125 - iSourcecode Employee Management System SQL Injection",
"Content": "CVE ID : CVE-2025-7125
Published : July 7, 2025, 11:15 a.m. | 41 minutes ago
Description : A vulnerability classified as critical was found in itsourcecode Employee Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editempeducation.php. The manipulation of the argument coursepg leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7125 - iSourcecode Employee Management System SQL Injection",
"Content": "CVE ID : CVE-2025-7125
Published : July 7, 2025, 11:15 a.m. | 41 minutes ago
Description : A vulnerability classified as critical was found in itsourcecode Employee Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editempeducation.php. The manipulation of the argument coursepg leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-7124 - "Code-projects Online Note Sharing Unrestricted File Upload Vulnerability"",
"Content": "CVE ID : CVE-2025-7124
Published : July 7, 2025, 11:15 a.m. | 41 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Online Note Sharing 1.0. Affected is an unknown function of the file /dashboard/userprofile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7124 - "Code-projects Online Note Sharing Unrestricted File Upload Vulnerability"",
"Content": "CVE ID : CVE-2025-7124
Published : July 7, 2025, 11:15 a.m. | 41 minutes ago
Description : A vulnerability classified as critical has been found in code-projects Online Note Sharing 1.0. Affected is an unknown function of the file /dashboard/userprofile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-6210 - ObsidianReader Hardlink-Based Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-6210
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hardlinks in the load_data() method, where the security checks fail to differentiate between real files and hardlinks. This issue is resolved in version 0.5.2.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-6210 - ObsidianReader Hardlink-Based Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-6210
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : A vulnerability in the ObsidianReader class of the run-llama/llama_index repository, specifically in version 0.12.27, allows for hardlink-based path traversal. This flaw permits attackers to bypass path restrictions and access sensitive system files, such as /etc/passwd, by exploiting hardlinks. The vulnerability arises from inadequate handling of hardlinks in the load_data() method, where the security checks fail to differentiate between real files and hardlinks. This issue is resolved in version 0.5.2.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-6386 - Apache Parisneo Timing Attack in Lollms Authentication",
"Content": "CVE ID : CVE-2025-6386
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The affected version is the latest, and the issue is resolved in version 20.1. The vulnerability arises from the use of Python's default string equality operator for password comparison, which compares characters sequentially and exits on the first mismatch, leading to variable response times based on the number of matching initial characters.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-6386 - Apache Parisneo Timing Attack in Lollms Authentication",
"Content": "CVE ID : CVE-2025-6386
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The affected version is the latest, and the issue is resolved in version 20.1. The vulnerability arises from the use of Python's default string equality operator for password comparison, which compares characters sequentially and exits on the first mismatch, leading to variable response times based on the number of matching initial characters.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-7122 - Campcodes Complaint Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-7122
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : A vulnerability was found in Campcodes Complaint Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7122 - Campcodes Complaint Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-7122
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : A vulnerability was found in Campcodes Complaint Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-7123 - Campcodes Complaint Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-7123
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : A vulnerability was found in Campcodes Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/complaint-details.php. The manipulation of the argument cid/uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-7123 - Campcodes Complaint Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-7123
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : A vulnerability was found in Campcodes Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/complaint-details.php. The manipulation of the argument cid/uid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 4.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-3705 - FirmwareLoader OS Command Injection",
"Content": "CVE ID : CVE-2025-3705
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') when loading a config file from a USB drive.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-3705 - FirmwareLoader OS Command Injection",
"Content": "CVE ID : CVE-2025-3705
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : A physical attacker with no privileges can gain full control of the affected device due to improper neutralization of special elements used in an OS Command ('OS Command Injection') when loading a config file from a USB drive.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-3777 - YouTube URL Validation Bypass in Hugging Face Transformers",
"Content": "CVE ID : CVE-2025-3777
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-3777 - YouTube URL Validation Bypass in Hugging Face Transformers",
"Content": "CVE ID : CVE-2025-3777
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : Hugging Face Transformers versions up to 4.49.0 are affected by an improper input validation vulnerability in the `image_utils.py` file. The vulnerability arises from insecure URL validation using the `startswith()` method, which can be bypassed through URL username injection. This allows attackers to craft URLs that appear to be from YouTube but resolve to malicious domains, potentially leading to phishing attacks, malware distribution, or data exfiltration. The issue is fixed in version 4.52.1.
Severity: 3.5 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-4779 - Lunary Ai Lunary Stored Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-4779
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting (XSS). An unauthenticated attacker can inject malicious JavaScript into the `v1/runs/ingest` endpoint by adding an empty `citations` field, triggering a code path where `dangerouslySetInnerHTML` is used to render attacker-controlled text. This vulnerability allows the execution of arbitrary JavaScript in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious actions.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-4779 - Lunary Ai Lunary Stored Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-4779
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : lunary-ai/lunary versions prior to 1.9.24 are vulnerable to stored cross-site scripting (XSS). An unauthenticated attacker can inject malicious JavaScript into the `v1/runs/ingest` endpoint by adding an empty `citations` field, triggering a code path where `dangerouslySetInnerHTML` is used to render attacker-controlled text. This vulnerability allows the execution of arbitrary JavaScript in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious actions.
Severity: 9.1 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
{
"Source": "CVE FEED",
"Title": "CVE-2025-5472 - Llama Index JSONReader Stack Overflow Denial of Service Vulnerability",
"Content": "CVE ID : CVE-2025-5472
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service (DoS) by submitting deeply nested JSON structures, leading to a RecursionError and crashing applications. The root cause is the unsafe recursive traversal design and lack of depth validation, which makes the JSONReader susceptible to stack overflow when processing deeply nested JSON. This impacts the availability of services, making them unreliable and disrupting workflows. The issue is resolved in version 0.12.38.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ
"Source": "CVE FEED",
"Title": "CVE-2025-5472 - Llama Index JSONReader Stack Overflow Denial of Service Vulnerability",
"Content": "CVE ID : CVE-2025-5472
Published : July 7, 2025, 10:15 a.m. | 1 hour, 41 minutes ago
Description : The JSONReader in run-llama/llama_index versions 0.12.28 is vulnerable to a stack overflow due to uncontrolled recursive JSON parsing. This vulnerability allows attackers to trigger a Denial of Service (DoS) by submitting deeply nested JSON structures, leading to a RecursionError and crashing applications. The root cause is the unsafe recursive traversal design and lack of depth validation, which makes the JSONReader susceptible to stack overflow when processing deeply nested JSON. This impacts the availability of services, making them unreliable and disrupting workflows. The issue is resolved in version 0.12.38.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Jul 2025",
"Type": "Vulnerability"
}
πΉ t.me/cvedetector πΉ