{
"Source": "CVE FEED",
"Title": "CVE-2025-50489 - PHPGurukul Student Result Management System Session Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-50489
Published : July 28, 2025, 6:15 p.m. | 26 minutes ago
Description : Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-50489 - PHPGurukul Student Result Management System Session Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-50489
Published : July 28, 2025, 6:15 p.m. | 26 minutes ago
Description : Improper session invalidation in the component /srms/change-password.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54538 - JetBrains TeamCity Password Exposure Vulnerability",
"Content": "CVE ID : CVE-2025-54538
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54538 - JetBrains TeamCity Password Exposure Vulnerability",
"Content": "CVE ID : CVE-2025-54538
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 password exposure was possible via command line in the "hg pull" command
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-7676 - Microsoft Windows DLL Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-7676
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would ordinarily not be loaded from the application directory. Fixed in release 24H2, but present in all earlier versions of Windows 11 for ARM CPUs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-7676 - Microsoft Windows DLL Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-7676
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : DLL hijacking of all PE32 executables when run on Windows for ARM64 CPU architecture. This allows an attacker to execute code, if the attacker can plant a DLL in the same directory as the executable. Vulnerable versions of Windows 11 for ARM attempt to load Base DLLs that would ordinarily not be loaded from the application directory. Fixed in release 24H2, but present in all earlier versions of Windows 11 for ARM CPUs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54535 - JetBrains TeamCity Weak Password Token Hashing",
"Content": "CVE ID : CVE-2025-54535
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54535 - JetBrains TeamCity Weak Password Token Hashing",
"Content": "CVE ID : CVE-2025-54535
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 password reset and email verification tokens were using weak hashing algorithms
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54536 - JetBrains TeamCity GraphQL CSRF Vulnerability",
"Content": "CVE ID : CVE-2025-54536
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54536 - JetBrains TeamCity GraphQL CSRF Vulnerability",
"Content": "CVE ID : CVE-2025-54536
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible on GraphQL endpoint
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54537 - JetBrains TeamCity Plain Text User Credentials Memory Snapshot Vulnerability",
"Content": "CVE ID : CVE-2025-54537
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54537 - JetBrains TeamCity Plain Text User Credentials Memory Snapshot Vulnerability",
"Content": "CVE ID : CVE-2025-54537
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 user credentials were stored in plain text in memory snapshots
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54533 - JetBrains TeamCity Unrestricted Build Settings Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-54533
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54533 - JetBrains TeamCity Unrestricted Build Settings Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-54533
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configuration
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54534 - JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-54534
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54534 - JetBrains TeamCity Reflected Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-54534
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 reflected XSS was possible on the agentpushPreset page
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54529 - JetBrains TeamCity CSRF Vulnerability",
"Content": "CVE ID : CVE-2025-54529
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54529 - JetBrains TeamCity CSRF Vulnerability",
"Content": "CVE ID : CVE-2025-54529
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 a CSRF was possible in external OAuth login integration
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54530 - JetBrains TeamCity Directory Permission Escalation",
"Content": "CVE ID : CVE-2025-54530
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54530 - JetBrains TeamCity Directory Permission Escalation",
"Content": "CVE ID : CVE-2025-54530
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 privilege escalation was possible due to incorrect directory permissions
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54531 - JetBrains TeamCity Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-54531
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54531 - JetBrains TeamCity Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-54531
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 path traversal was possible via plugin unpacking on Windows
Severity: 7.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54532 - JetBrains TeamCity Unrestricted Build Settings Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-54532
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54532 - JetBrains TeamCity Unrestricted Build Settings Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-54532
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : In JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via snapshot dependencies
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-50490 - PHPGurukul Student Result Management System Session Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-50490
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-50490 - PHPGurukul Student Result Management System Session Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-50490
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : Improper session invalidation in the component /elms/emp-changepassword.php of PHPGurukul Student Result Management System v2.0 allows attackers to execute a session hijacking attack.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-50493 - PHPGurukul Doctor Appointment Management System Session Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-50493
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-50493 - PHPGurukul Doctor Appointment Management System Session Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-50493
Published : July 28, 2025, 5:15 p.m. | 1 hour, 26 minutes ago
Description : Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54419 - Node-SAML SAML Assertion Tampering",
"Content": "CVE ID : CVE-2025-54419
Published : July 28, 2025, 8:17 p.m. | 29 minutes ago
Description : A SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. To conduct the attack an attacker would need a validly signed document from the identity provider (IdP). This is fixed in version 5.1.0.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54419 - Node-SAML SAML Assertion Tampering",
"Content": "CVE ID : CVE-2025-54419
Published : July 28, 2025, 8:17 p.m. | 29 minutes ago
Description : A SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. To conduct the attack an attacker would need a validly signed document from the identity provider (IdP). This is fixed in version 5.1.0.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54423 - Copyparty Cross-Site Scripting (XSS) Vulnerability",
"Content": "CVE ID : CVE-2025-54423
Published : July 28, 2025, 8:17 p.m. | 29 minutes ago
Description : copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54423 - Copyparty Cross-Site Scripting (XSS) Vulnerability",
"Content": "CVE ID : CVE-2025-54423
Published : July 28, 2025, 8:17 p.m. | 29 minutes ago
Description : copyparty is a portable file server. In versions up to and including versions 1.18.4, an unauthenticated attacker is able to execute arbitrary JavaScript code in a victim's browser due to improper sanitization of multimedia tags in music files, including m3u files. This is fixed in version 1.18.5.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-50485 - PHPGurukul Online Course Registration Session Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-50485
Published : July 28, 2025, 8:17 p.m. | 29 minutes ago
Description : Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-50485 - PHPGurukul Online Course Registration Session Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-50485
Published : July 28, 2025, 8:17 p.m. | 29 minutes ago
Description : Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-50486 - PHPGurukul Car Rental Project Session Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-50486
Published : July 28, 2025, 8:17 p.m. | 29 minutes ago
Description : Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-50486 - PHPGurukul Car Rental Project Session Hijacking Vulnerability",
"Content": "CVE ID : CVE-2025-50486
Published : July 28, 2025, 8:17 p.m. | 29 minutes ago
Description : Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-29534 - PowerStick Wave Dual-Band Wifi Extender Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-29534
Published : July 28, 2025, 8:17 p.m. | 29 minutes ago
Description : An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to execute arbitrary commands with root privileges. The issue stems from insufficient sanitization of user-supplied input in the /cgi-bin/cgi_vista.cgi executable, which is passed to a system-level function call.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-29534 - PowerStick Wave Dual-Band Wifi Extender Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-29534
Published : July 28, 2025, 8:17 p.m. | 29 minutes ago
Description : An authenticated remote code execution vulnerability in PowerStick Wave Dual-Band Wifi Extender V1.0 allows an attacker with valid credentials to execute arbitrary commands with root privileges. The issue stems from insufficient sanitization of user-supplied input in the /cgi-bin/cgi_vista.cgi executable, which is passed to a system-level function call.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8194 - Apache CPython TarFile Infinite Loop Deadlock",
"Content": "CVE ID : CVE-2025-8194
Published : July 28, 2025, 7:15 p.m. | 1 hour, 31 minutes ago
Description : There is a defect in the CPython โtarfileโ module affecting the โTarFileโ extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.
This vulnerability can be mitigated by including the following patch after importing the โtarfileโ module:
import tarfile
def _block_patched(self, count):
if count < 0: # pragma: no cover
raise tarfile.InvalidHeaderError("invalid offset")
return _block_patched._orig_block(self, count)
_block_patched._orig_block = tarfile.TarInfo._block
tarfile.TarInfo._block = _block_patched
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8194 - Apache CPython TarFile Infinite Loop Deadlock",
"Content": "CVE ID : CVE-2025-8194
Published : July 28, 2025, 7:15 p.m. | 1 hour, 31 minutes ago
Description : There is a defect in the CPython โtarfileโ module affecting the โTarFileโ extraction and entry enumeration APIs. The tar implementation would process tar archives with negative offsets without error, resulting in an infinite loop and deadlock during the parsing of maliciously crafted tar archives.
This vulnerability can be mitigated by including the following patch after importing the โtarfileโ module:
import tarfile
def _block_patched(self, count):
if count < 0: # pragma: no cover
raise tarfile.InvalidHeaderError("invalid offset")
return _block_patched._orig_block(self, count)
_block_patched._orig_block = tarfile.TarInfo._block
tarfile.TarInfo._block = _block_patched
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8283 - "Podman Netavark DNS Hijacking Vulnerability"",
"Content": "CVE ID : CVE-2025-8283
Published : July 28, 2025, 7:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8283 - "Podman Netavark DNS Hijacking Vulnerability"",
"Content": "CVE ID : CVE-2025-8283
Published : July 28, 2025, 7:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability was found in the netavark package, a network stack for containers used with Podman. Due to dns.podman search domain being removed, netavark may return external servers if a valid A/AAAA record is sent as a response. When creating a container with a given name, this name will be used as the hostname for the container itself, as the podman's search domain is not added anymore the container is using the host's resolv.conf, and the DNS resolver will try to look into the search domains contained on it. If one of the domains contain a name with the same hostname as the running container, the connection will forward to unexpected external servers.
Severity: 3.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "28 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น