{
"Source": "CVE FEED",
"Title": "CVE-2025-44115 - Cotonti Siena Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-44115
Published : June 2, 2025, 4:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-44115 - Cotonti Siena Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-44115
Published : June 2, 2025, 4:15 p.m. | 1 hour, 44 minutes ago
Description : A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-40113 - Sitecom WLX-2006 Default Credentials Vulnerability",
"Content": "CVE ID : CVE-2024-40113
Published : June 2, 2025, 4:15 p.m. | 1 hour, 44 minutes ago
Description : Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-40113 - Sitecom WLX-2006 Default Credentials Vulnerability",
"Content": "CVE ID : CVE-2024-40113
Published : June 2, 2025, 4:15 p.m. | 1 hour, 44 minutes ago
Description : Sitecom WLX-2006 Wall Mount Range Extender N300 v.1.5 and before is vulnerable to Use of Default Credentials.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-40114 - Sitecom WLX-2006 Wall Mount Range Extender XSS Language Cookie Manipulation",
"Content": "CVE ID : CVE-2024-40114
Published : June 2, 2025, 4:15 p.m. | 1 hour, 44 minutes ago
Description : A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-40114 - Sitecom WLX-2006 Wall Mount Range Extender XSS Language Cookie Manipulation",
"Content": "CVE ID : CVE-2024-40114
Published : June 2, 2025, 4:15 p.m. | 1 hour, 44 minutes ago
Description : A Cross Site Scripting (XSS) vulnerability in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before allows an attacker to manipulate the language cookie to inject malicious JavaScript code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-57459 - CloudClassroom PHP Project SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2024-57459
Published : June 2, 2025, 4:15 p.m. | 1 hour, 44 minutes ago
Description : A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-57459 - CloudClassroom PHP Project SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2024-57459
Published : June 2, 2025, 4:15 p.m. | 1 hour, 44 minutes ago
Description : A time-based SQL injection vulnerability exists in mydetailsstudent.php in the CloudClassroom PHP Project 1.0. The myds parameter does not properly validate user input, allowing an attacker to inject arbitrary SQL commands.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2024-40112 - Sitecom WLX-2006 Wall Mount Range Extender N300 LFI Vulnerability",
"Content": "CVE ID : CVE-2024-40112
Published : June 2, 2025, 4:15 p.m. | 1 hour, 44 minutes ago
Description : A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2024-40112 - Sitecom WLX-2006 Wall Mount Range Extender N300 LFI Vulnerability",
"Content": "CVE ID : CVE-2024-40112
Published : June 2, 2025, 4:15 p.m. | 1 hour, 44 minutes ago
Description : A Local File Inclusion (LFI) vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-49069 - Cimatti Consulting Contact Forms CSRF",
"Content": "CVE ID : CVE-2025-49069
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-49069 - Cimatti Consulting Contact Forms CSRF",
"Content": "CVE ID : CVE-2025-49069
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Cross Site Request Forgery.This issue affects Contact Forms by Cimatti: from n/a through 1.9.8.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-23099 - Samsung Exynos OOB Write Vulnerability",
"Content": "CVE ID : CVE-2025-23099
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-23099 - Samsung Exynos OOB Write Vulnerability",
"Content": "CVE ID : CVE-2025-23099
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The lack of a length check leads to out-of-bounds writes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-23105 - Samsung Mobile Processor Exynos Use-After-Free Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-23105
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-23105 - Samsung Mobile Processor Exynos Use-After-Free Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-23105
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-1051 - Sonos Era 300 ALAC Data Heap Buffer Overflow Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-1051
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-1051 - Sonos Era 300 ALAC Data Heap Buffer Overflow Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-1051
Published : June 2, 2025, 7:15 p.m. | 54 minutes ago
Description : Sonos Era 300 Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the processing of ALAC data. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the anacapa user. Was ZDI-CAN-25865.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5086 - DELmia Apriso Deserialization Remote Code Execution",
"Content": "CVE ID : CVE-2025-5086
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025Â could lead to a remote code execution.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5086 - DELmia Apriso Deserialization Remote Code Execution",
"Content": "CVE ID : CVE-2025-5086
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025Â could lead to a remote code execution.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-27954 - Apache Clinical Collaboration Platform Cross-Site Scripting (XSS) and Remote Code Execution",
"Content": "CVE ID : CVE-2025-27954
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-27954 - Apache Clinical Collaboration Platform Cross-Site Scripting (XSS) and Remote Code Execution",
"Content": "CVE ID : CVE-2025-27954
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the usertoken function of default.aspx.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-27955 - Clinical Collaboration Platform Session Token Weakness (Authentication Bypass)",
"Content": "CVE ID : CVE-2025-27955
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-27955 - Clinical Collaboration Platform Session Token Weakness (Authentication Bypass)",
"Content": "CVE ID : CVE-2025-27955
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : Clinical Collaboration Platform 12.2.1.5 has a weak logout system where the session token remains valid after logout and allows a remote attacker to obtain sensitive information and execute arbitrary code.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-27956 - WebLaudos Directory Traversal Information Disclosure",
"Content": "CVE ID : CVE-2025-27956
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-27956 - WebLaudos Directory Traversal Information Disclosure",
"Content": "CVE ID : CVE-2025-27956
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : Directory Traversal vulnerability in WebLaudos 24.2 (04) allows a remote attacker to obtain sensitive information via the id parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-45387 - osTicket Broken Access Control Vulnerability",
"Content": "CVE ID : CVE-2025-45387
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-45387 - osTicket Broken Access Control Vulnerability",
"Content": "CVE ID : CVE-2025-45387
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : osTicket prior to v1.17.6 and v1.18.2 are vulnerable to Broken Access Control Vulnerability in /scp/ajax.php.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-20298 - Splunk Universal Forwarder Windows Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-20298
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-20298 - Splunk Universal Forwarder Windows Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-20298
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : In Universal Forwarder for Windows versions below 9.4.2, 9.3.4, 9.2.6, and 9.1.9, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Universal Forwarder for Windows Installation directory (by default, C:\Program Files\SplunkUniversalForwarder). This lets non-administrator users on the machine access the directory and all its contents.
Severity: 8.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-23104 - Samsung Mobile Processor Exynos Use-After-Free Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-23104
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-23104 - Samsung Mobile Processor Exynos Use-After-Free Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-23104
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. A Use-After-Free in the mobile processor leads to privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-27953 - Citrix Clinical Collaboration Platform Remote Code Execution and Information Disclosure",
"Content": "CVE ID : CVE-2025-27953
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-27953 - Citrix Clinical Collaboration Platform Remote Code Execution and Information Disclosure",
"Content": "CVE ID : CVE-2025-27953
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : An issue in Clinical Collaboration Platform 12.2.1.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the session management component.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-20297 - Splunk Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-20297
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-20297 - Splunk Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-20297
Published : June 2, 2025, 6:15 p.m. | 1 hour, 54 minutes ago
Description : In Splunk Enterprise versions below 9.4.2, 9.3.4 and 9.2.6, and Splunk Cloud Platform versions below 9.3.2411.102, 9.3.2408.111 and 9.2.2406.118, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a malicious payload through the pdfgen/render REST endpoint that could result in execution of unauthorized JavaScript code in the browser of a user.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "02 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48996 - HAX Penn State University Open-Apis Information Disclosure",
"Content": "CVE ID : CVE-2025-48996
Published : June 2, 2025, 8:15 p.m. | 2 hours, 2 minutes ago
Description : HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API endpoint, related to a flat present in open-apis versions up to and including 10.0.2. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion. Commit 06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 patches the vulnerability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48996 - HAX Penn State University Open-Apis Information Disclosure",
"Content": "CVE ID : CVE-2025-48996
Published : June 2, 2025, 8:15 p.m. | 2 hours, 2 minutes ago
Description : HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the `haxPsuUsage` API endpoint, related to a flat present in open-apis versions up to and including 10.0.2. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues (e.g., HAX-3), this could assist in targeted attacks such as unauthorized content modification or deletion. Commit 06c2e1fbb7131a8fe66aa0600f38dcacae6b7ac7 patches the vulnerability.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48387 - Tar-fs Directory Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-48387
Published : June 2, 2025, 8:15 p.m. | 2 hours, 2 minutes ago
Description : tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48387 - Tar-fs Directory Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-48387
Published : June 2, 2025, 8:15 p.m. | 2 hours, 2 minutes ago
Description : tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.0.9, 2.1.3, and 1.16.5 have an issue where an extract can write outside the specified dir with a specific tarball. This has been patched in versions 3.0.9, 2.1.3, and 1.16.5. As a workaround, use the ignore option to ignore non files/directories.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-47585 - Mage People Team Booking and Rental Manager Missing Authorization Vulnerability",
"Content": "CVE ID : CVE-2025-47585
Published : June 2, 2025, 8:15 p.m. | 2 hours, 2 minutes ago
Description : Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-47585 - Mage People Team Booking and Rental Manager Missing Authorization Vulnerability",
"Content": "CVE ID : CVE-2025-47585
Published : June 2, 2025, 8:15 p.m. | 2 hours, 2 minutes ago
Description : Missing Authorization vulnerability in Mage people team Booking and Rental Manager allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking and Rental Manager: from n/a through 2.3.8.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹