{
"Source": "CVE FEED",
"Title": "CVE-2025-54426 - Polkadot Frontier Curve25519 Precompute Invalid Input Handling",
"Content": "CVE ID : CVE-2025-54426
Published : July 28, 2025, 9:15 p.m. | 1 hour, 35 minutes ago
Description : Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invalid input bytes as the Ristretto identity element, leading to potentially incorrect cryptographic results. This is fixed in commit 36f70d1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-54426 - Polkadot Frontier Curve25519 Precompute Invalid Input Handling",
"Content": "CVE ID : CVE-2025-54426
Published : July 28, 2025, 9:15 p.m. | 1 hour, 35 minutes ago
Description : Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. In versions prior to commit 36f70d1, the Curve25519Add and Curve25519ScalarMul precompiles incorrectly handle invalid Ristretto point representations. Instead of returning an error, they silently treat invalid input bytes as the Ristretto identity element, leading to potentially incorrect cryptographic results. This is fixed in commit 36f70d1.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54766 - Apache Appliance Unauthorized Configuration Export Vulnerability",
"Content": "CVE ID : CVE-2025-54766
Published : July 29, 2025, 12:15 a.m. | 44 minutes ago
Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-54766 - Apache Appliance Unauthorized Configuration Export Vulnerability",
"Content": "CVE ID : CVE-2025-54766
Published : July 29, 2025, 12:15 a.m. | 44 minutes ago
Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to export the appliance configuration, exposing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54767 - Xormon Original Process Kill Vulnerability",
"Content": "CVE ID : CVE-2025-54767
Published : July 29, 2025, 12:15 a.m. | 44 minutes ago
Description : An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-54767 - Xormon Original Process Kill Vulnerability",
"Content": "CVE ID : CVE-2025-54767
Published : July 29, 2025, 12:15 a.m. | 44 minutes ago
Description : An authenticated, read-only user can kill any processes running on the Xormon Original virtual appliance as the lpar2rrd user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54768 - Fortinet Web Application Configuration Log Download Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-54768
Published : July 29, 2025, 12:15 a.m. | 44 minutes ago
Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-54768 - Fortinet Web Application Configuration Log Download Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-54768
Published : July 29, 2025, 12:15 a.m. | 44 minutes ago
Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to download logs from the appliance configuration, exposing sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54769 - Apache PERL Directory Traversal RCE",
"Content": "CVE ID : CVE-2025-54769
Published : July 29, 2025, 12:15 a.m. | 44 minutes ago
Description : An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-54769 - Apache PERL Directory Traversal RCE",
"Content": "CVE ID : CVE-2025-54769
Published : July 29, 2025, 12:15 a.m. | 44 minutes ago
Description : An authenticated, read-only user can upload a file and perform a directory traversal to have the uploaded file placed in a location of their choosing. This can be used to overwrite existing PERL modules within the application to achieve remote code execution (RCE) by an attacker.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54765 - Fortinet Web Application Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-54765
Published : July 29, 2025, 12:15 a.m. | 44 minutes ago
Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-54765 - Fortinet Web Application Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-54765
Published : July 29, 2025, 12:15 a.m. | 44 minutes ago
Description : An API endpoint that should be limited to web application administrators is hidden from, but accessible by, lower-level read only web application users. The endpoint can be used to import the appliance configuration, allowing an attacker to control the configuration of the appliance, to include granting themselves administrative level permissions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7811 - StreamWeasels YouTube Integration WordPress Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-7811
Published : July 29, 2025, 4:15 a.m. | 1 hour, 2 minutes ago
Description : The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-7811 - StreamWeasels YouTube Integration WordPress Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-7811
Published : July 29, 2025, 4:15 a.m. | 1 hour, 2 minutes ago
Description : The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7810 - StreamWeasels Kick Integration Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-7810
Published : July 29, 2025, 4:15 a.m. | 1 hour, 2 minutes ago
Description : The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-7810 - StreamWeasels Kick Integration Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-7810
Published : July 29, 2025, 4:15 a.m. | 1 hour, 2 minutes ago
Description : The StreamWeasels Kick Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-7809 - StreamWeasels Twitch Integration Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-7809
Published : July 29, 2025, 4:15 a.m. | 1 hour, 2 minutes ago
Description : The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-7809 - StreamWeasels Twitch Integration Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-7809
Published : July 29, 2025, 4:15 a.m. | 1 hour, 2 minutes ago
Description : The StreamWeasels Twitch Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'data-uuid' attribute in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54661 - Citrix NetScaler Denial of Service",
"Content": "CVE ID : CVE-2025-54661
Published : July 29, 2025, 3:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-54661 - Citrix NetScaler Denial of Service",
"Content": "CVE ID : CVE-2025-54661
Published : July 29, 2025, 3:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54662 - VMware Server Remote Code Execution",
"Content": "CVE ID : CVE-2025-54662
Published : July 29, 2025, 3:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-54662 - VMware Server Remote Code Execution",
"Content": "CVE ID : CVE-2025-54662
Published : July 29, 2025, 3:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54663 - Google Maps Unvalidated Redirect",
"Content": "CVE ID : CVE-2025-54663
Published : July 29, 2025, 3:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-54663 - Google Maps Unvalidated Redirect",
"Content": "CVE ID : CVE-2025-54663
Published : July 29, 2025, 3:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54664 - Apache HTTP Server Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-54664
Published : July 29, 2025, 3:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-54664 - Apache HTTP Server Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-54664
Published : July 29, 2025, 3:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54665 - Apache HTTP Server Command Injection",
"Content": "CVE ID : CVE-2025-54665
Published : July 29, 2025, 3:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-54665 - Apache HTTP Server Command Injection",
"Content": "CVE ID : CVE-2025-54665
Published : July 29, 2025, 3:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-54666 - Apache HTTP Server Unvalidated User Input",
"Content": "CVE ID : CVE-2025-54666
Published : July 29, 2025, 3:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-54666 - Apache HTTP Server Unvalidated User Input",
"Content": "CVE ID : CVE-2025-54666
Published : July 29, 2025, 3:15 a.m. | 2 hours, 2 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-53082 - Samsung DMS Arbitrary File Deletion Vulnerability",
"Content": "CVE ID : CVE-2025-53082
Published : July 29, 2025, 6:15 a.m. | 1 hour, 11 minutes ago
Description : An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-53082 - Samsung DMS Arbitrary File Deletion Vulnerability",
"Content": "CVE ID : CVE-2025-53082
Published : July 29, 2025, 6:15 a.m. | 1 hour, 11 minutes ago
Description : An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-53081 - Samsung DMS Arbitrary File Creation Vulnerability",
"Content": "CVE ID : CVE-2025-53081
Published : July 29, 2025, 6:15 a.m. | 1 hour, 11 minutes ago
Description : An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-53081 - Samsung DMS Arbitrary File Creation Vulnerability",
"Content": "CVE ID : CVE-2025-53081
Published : July 29, 2025, 6:15 a.m. | 1 hour, 11 minutes ago
Description : An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-53080 - Samsung DMS Data Management Server Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-53080
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-53080 - Samsung DMS Data Management Server Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-53080
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-53649 - "SwitchBot Sensitive Information Exposure"",
"Content": "CVE ID : CVE-2025-53649
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : "SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-53649 - "SwitchBot Sensitive Information Exposure"",
"Content": "CVE ID : CVE-2025-53649
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : "SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-6495 - Bricks WordPress Blind SQL Injection",
"Content": "CVE ID : CVE-2025-6495
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : The Bricks theme for WordPress is vulnerable to blind SQL Injection via the āpā parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-6495 - Bricks WordPress Blind SQL Injection",
"Content": "CVE ID : CVE-2025-6495
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : The Bricks theme for WordPress is vulnerable to blind SQL Injection via the āpā parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
{
"Source": "CVE FEED",
"Title": "CVE-2025-8264 - "Z-Push SQL Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-8264
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modify or delete sensitive data from a linked third-party database.
**Note:** This vulnerability affects Z-Push installations that utilize the IMAP backend and have the IMAP_FROM_SQL_QUERY option configured.
Mitigation
Change configuration to use the default or LDAP in backend/imap/config.php
php
define('IMAP_DEFAULTFROM', '');
or
php
define('IMAP_DEFAULTFROM', 'ldap');
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹
"Source": "CVE FEED",
"Title": "CVE-2025-8264 - "Z-Push SQL Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-8264
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modify or delete sensitive data from a linked third-party database.
**Note:** This vulnerability affects Z-Push installations that utilize the IMAP backend and have the IMAP_FROM_SQL_QUERY option configured.
Mitigation
Change configuration to use the default or LDAP in backend/imap/config.php
php
define('IMAP_DEFAULTFROM', '');
or
php
define('IMAP_DEFAULTFROM', 'ldap');
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
š¹ t.me/cvedetector š¹