{
"Source": "CVE FEED",
"Title": "CVE-2025-53080 - Samsung DMS Data Management Server Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-53080
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-53080 - Samsung DMS Data Management Server Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-53080
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-53649 - "SwitchBot Sensitive Information Exposure"",
"Content": "CVE ID : CVE-2025-53649
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : "SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-53649 - "SwitchBot Sensitive Information Exposure"",
"Content": "CVE ID : CVE-2025-53649
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : "SwitchBot" App for iOS/Android contains an insertion of sensitive information into log file vulnerability in versions V6.24 through V9.12. If this vulnerability is exploited, sensitive user information may be exposed to an attacker who has access to the application logs.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6495 - Bricks WordPress Blind SQL Injection",
"Content": "CVE ID : CVE-2025-6495
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : The Bricks theme for WordPress is vulnerable to blind SQL Injection via the โpโ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6495 - Bricks WordPress Blind SQL Injection",
"Content": "CVE ID : CVE-2025-6495
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : The Bricks theme for WordPress is vulnerable to blind SQL Injection via the โpโ parameter in all versions up to, and including, 1.12.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8264 - "Z-Push SQL Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-8264
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modify or delete sensitive data from a linked third-party database.
**Note:** This vulnerability affects Z-Push installations that utilize the IMAP backend and have the IMAP_FROM_SQL_QUERY option configured.
Mitigation
Change configuration to use the default or LDAP in backend/imap/config.php
php
define('IMAP_DEFAULTFROM', '');
or
php
define('IMAP_DEFAULTFROM', 'ldap');
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8264 - "Z-Push SQL Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-8264
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Versions of the package z-push/z-push-dev before 2.7.6 are vulnerable to SQL Injection due to unparameterized queries in the IMAP backend. An attacker can inject malicious commands by manipulating the username field in basic authentication. This allows the attacker to access and potentially modify or delete sensitive data from a linked third-party database.
**Note:** This vulnerability affects Z-Push installations that utilize the IMAP backend and have the IMAP_FROM_SQL_QUERY option configured.
Mitigation
Change configuration to use the default or LDAP in backend/imap/config.php
php
define('IMAP_DEFAULTFROM', '');
or
php
define('IMAP_DEFAULTFROM', 'ldap');
Severity: 9.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4370 - Brizy โ Page Builder Unauthenticated File Upload Vulnerability",
"Content": "CVE ID : CVE-2025-4370
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : The Brizy โ Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4370 - Brizy โ Page Builder Unauthenticated File Upload Vulnerability",
"Content": "CVE ID : CVE-2025-4370
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : The Brizy โ Page Builder plugin for WordPress is vulnerable to limited file uploads due to missing authorization on process_external_asset_urls function as well as missing path validation in store_file function in all versions up to, and including, 2.6.20. This makes it possible for unauthenticated attackers to upload .TXT files on the affected site's server.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4566 - Elementor Website Builder Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-4566
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : The Elementor Website Builder โ More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM element attribute in Text Path widget in all versions up to, and including, 3.30.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This attack affects only Chrome/Edge browsers
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4566 - Elementor Website Builder Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-4566
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : The Elementor Website Builder โ More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-text DOM element attribute in Text Path widget in all versions up to, and including, 3.30.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This attack affects only Chrome/Edge browsers
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-53077 - Samsung DMS Execution After Redirect Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-53077
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-53077 - Samsung DMS Execution After Redirect Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-53077
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-53078 - Samsung DMS Deserialization Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-53078
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-53078 - Samsung DMS Deserialization Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-53078
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-53079 - Samsung DMS Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-53079
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-53079 - Samsung DMS Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-53079
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-3075 - Elementor Website Builder Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-3075
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : The Elementor Website Builder โ More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elementor-element' shortcode in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts sites with 'Element Caching' enabled.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-3075 - Elementor Website Builder Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-3075
Published : July 29, 2025, 5:15 a.m. | 2 hours, 10 minutes ago
Description : The Elementor Website Builder โ More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elementor-element' shortcode in all versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts sites with 'Element Caching' enabled.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-26400 - SolarWinds Web Help Desk XXE Information Disclosure",
"Content": "CVE ID : CVE-2025-26400
Published : July 29, 2025, 8:15 a.m. | 1 hour, 12 minutes ago
Description : SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-26400 - SolarWinds Web Help Desk XXE Information Disclosure",
"Content": "CVE ID : CVE-2025-26400
Published : July 29, 2025, 8:15 a.m. | 1 hour, 12 minutes ago
Description : SolarWinds Web Help Desk was reported to be affected by an XML External Entity Injection (XXE) vulnerability that could lead to information disclosure. A valid, low-privilege access is required unless the attacker had access to the local server to modify configuration files.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8196 - Elementor Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8196
Published : July 29, 2025, 10:15 a.m. | 1 hour, 22 minutes ago
Description : The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8196 - Elementor Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8196
Published : July 29, 2025, 10:15 a.m. | 1 hour, 22 minutes ago
Description : The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8216 - Sky Addons for Elementor Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8216
Published : July 29, 2025, 10:15 a.m. | 1 hour, 22 minutes ago
Description : The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8216 - Sky Addons for Elementor Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8216
Published : July 29, 2025, 10:15 a.m. | 1 hour, 22 minutes ago
Description : The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6681 - WordPress Fan Page Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-6681
Published : July 29, 2025, 10:15 a.m. | 1 hour, 22 minutes ago
Description : The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โwidthโ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6681 - WordPress Fan Page Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-6681
Published : July 29, 2025, 10:15 a.m. | 1 hour, 22 minutes ago
Description : The Fan Page plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โwidthโ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6692 - YouTube Embed for WordPress Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-6692
Published : July 29, 2025, 10:15 a.m. | 1 hour, 22 minutes ago
Description : The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โinstanceโ parameter in all versions up to, and including, 10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6692 - YouTube Embed for WordPress Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-6692
Published : July 29, 2025, 10:15 a.m. | 1 hour, 22 minutes ago
Description : The YouTube Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โinstanceโ parameter in all versions up to, and including, 10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6730 - WooCommerce Free Gifts Lite - Unauthenticated Data Modification Vulnerability",
"Content": "CVE ID : CVE-2025-6730
Published : July 29, 2025, 10:15 a.m. | 1 hour, 22 minutes ago
Description : The Bonanza โ WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the xlo_optin_call() function in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to set the opt in status to success.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6730 - WooCommerce Free Gifts Lite - Unauthenticated Data Modification Vulnerability",
"Content": "CVE ID : CVE-2025-6730
Published : July 29, 2025, 10:15 a.m. | 1 hour, 22 minutes ago
Description : The Bonanza โ WooCommerce Free Gifts Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the xlo_optin_call() function in all versions up to, and including, 1.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to set the opt in status to success.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-7689 - Hydra Booking WordPress Privilege Escalation",
"Content": "CVE ID : CVE-2025-7689
Published : July 29, 2025, 10:15 a.m. | 1 hour, 22 minutes ago
Description : The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback() function in versions 1.1.0 to 1.1.18. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the password of an Administrator user, achieving full privilege escalation.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-7689 - Hydra Booking WordPress Privilege Escalation",
"Content": "CVE ID : CVE-2025-7689
Published : July 29, 2025, 10:15 a.m. | 1 hour, 22 minutes ago
Description : The Hydra Booking plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the tfhb_reset_password_callback() function in versions 1.1.0 to 1.1.18. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset the password of an Administrator user, achieving full privilege escalation.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6060 - DECE Software Geodi Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-6060
Published : July 29, 2025, 1:15 p.m. | 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DECE Software Geodi allows Cross-Site Scripting (XSS).This issue affects Geodi: before GEODI Setup 9.0.146.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6060 - DECE Software Geodi Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-6060
Published : July 29, 2025, 1:15 p.m. | 33 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DECE Software Geodi allows Cross-Site Scripting (XSS).This issue affects Geodi: before GEODI Setup 9.0.146.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6175 - DECE Software Geodi CRLF Injection Vulnerability",
"Content": "CVE ID : CVE-2025-6175
Published : July 29, 2025, 1:15 p.m. | 33 minutes ago
Description : Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geodi: before GEODI Setup 9.0.146.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6175 - DECE Software Geodi CRLF Injection Vulnerability",
"Content": "CVE ID : CVE-2025-6175
Published : July 29, 2025, 1:15 p.m. | 33 minutes ago
Description : Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in DECE Software Geodi allows HTTP Request Splitting.This issue affects Geodi: before GEODI Setup 9.0.146.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6504 - HDP Server IP Spoofing Via X-Forwarded-For Header",
"Content": "CVE ID : CVE-2025-6504
Published : July 29, 2025, 1:15 p.m. | 33 minutes ago
Description : In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.
Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range.
This vulnerability could be exploited to bypass IP restrictions, though valid user credentials would still be required for resource access.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6504 - HDP Server IP Spoofing Via X-Forwarded-For Header",
"Content": "CVE ID : CVE-2025-6504
Published : July 29, 2025, 1:15 p.m. | 33 minutes ago
Description : In HDP Server versions below 4.6.2.2978 on Linux, unauthorized access could occur via IP spoofing using the X-Forwarded-For header.
Since XFF is a client-controlled header, it could be spoofed, allowing unauthorized access if the spoofed IP matched a whitelisted range.
This vulnerability could be exploited to bypass IP restrictions, though valid user credentials would still be required for resource access.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6505 - Progress Software's Hybrid Data Pipeline Server OAuth Client Impersonation and Unauthorized Access Vulnerability",
"Content": "CVE ID : CVE-2025-6505
Published : July 29, 2025, 1:15 p.m. | 33 minutes ago
Description : Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and unauthorized access.
When OAuth Clients perform an OAuth handshake with the Hybrid Data Pipeline Server, the server accepts client credentials from both HTTP headers and request parameters.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6505 - Progress Software's Hybrid Data Pipeline Server OAuth Client Impersonation and Unauthorized Access Vulnerability",
"Content": "CVE ID : CVE-2025-6505
Published : July 29, 2025, 1:15 p.m. | 33 minutes ago
Description : Unauthorized access and impersonation can occur in versions 4.6.2.3226 and below of Progress Software's Hybrid Data Pipeline Server on Linux. This vulnerability allows attackers to combine credentials from different sources, potentially leading to client impersonation and unauthorized access.
When OAuth Clients perform an OAuth handshake with the Hybrid Data Pipeline Server, the server accepts client credentials from both HTTP headers and request parameters.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Jul 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น