{
"Source": "CVE FEED",
"Title": "CVE-2025-22412 - Apache SDP Server Use-After-Free Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-22412
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-22412 - Apache SDP Server Use-After-Free Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-22412
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In multiple functions of sdp_server.cc, there is a possible use after free due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-22413 - Apache HTTP Server Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-22413
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-22413 - Apache HTTP Server Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-22413
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In multiple functions of hyp-main.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-26417 - Google Android Confused Deputy Local Information Disclosure",
"Content": "CVE ID : CVE-2025-26417
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-26417 - Google Android Confused Deputy Local Information Disclosure",
"Content": "CVE ID : CVE-2025-26417
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In checkWhetherCallingAppHasAccess of DownloadProvider.java, there is a possible bypass of user consent when opening files in shared storage due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-22407 - BlueZ Use After Free Remote Information Disclosure",
"Content": "CVE ID : CVE-2025-22407
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-22407 - BlueZ Use After Free Remote Information Disclosure",
"Content": "CVE ID : CVE-2025-22407
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In hidd_check_config_done of hidd_conn.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-22408 - Citrix NetScaler Use-After-Free Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-22408
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-22408 - Citrix NetScaler Use-After-Free Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-22408
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In rfc_check_send_cmd of rfc_utils.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-0084 - Qualcomm Bluetooth HFP Use After Free Remote Code Execution",
"Content": "CVE ID : CVE-2025-0084
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-0084 - Qualcomm Bluetooth HFP Use After Free Remote Code Execution",
"Content": "CVE ID : CVE-2025-0084
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In multiple locations, there is a possible out of bounds write due to a use after free. This could lead to remote code execution over Bluetooth, if HFP support is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-0092 - Google Android Bond Permission Bypass",
"Content": "CVE ID : CVE-2025-0092
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-0092 - Google Android Bond Permission Bypass",
"Content": "CVE ID : CVE-2025-0092
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In handleBondStateChanged of AdapterService.java, there is a possible permission bypass due to misleading or insufficient UI. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-0086 - Android AccountManager Service Token Overwrite Vulnerability",
"Content": "CVE ID : CVE-2025-0086
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-0086 - Android AccountManager Service Token Overwrite Vulnerability",
"Content": "CVE ID : CVE-2025-0086
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In onResult of AccountManagerService.java, there is a possible way to overwrite auth token due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-0093 - Android Device AdapterService Remote Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-0093
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-0093 - Android Device AdapterService Remote Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-0093
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In handleBondStateChanged of AdapterService.java, there is a possible unapproved data access due to a missing permission check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-22403 - "Vulnerability in Google SDP's SDP Disovery Service: Arbitrary Code Execution"",
"Content": "CVE ID : CVE-2025-22403
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-22403 - "Vulnerability in Google SDP's SDP Disovery Service: Arbitrary Code Execution"",
"Content": "CVE ID : CVE-2025-22403
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In sdp_snd_service_search_req of sdp_discovery.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-22404 - Qualcomm AvCT LCB Act Use After Free Privilege Escalation",
"Content": "CVE ID : CVE-2025-22404
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-22404 - Qualcomm AvCT LCB Act Use After Free Privilege Escalation",
"Content": "CVE ID : CVE-2025-22404
Published : Aug. 26, 2025, 11:15 p.m. | 1 hour, 11 minutes ago
Description : In avct_lcb_msg_ind of avct_lcb_act.cc, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8490 - All-in-One WP Migration and Backup Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8490
Published : Aug. 27, 2025, 12:15 a.m. | 2 hours, 12 minutes ago
Description : The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8490 - All-in-One WP Migration and Backup Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8490
Published : Aug. 27, 2025, 12:15 a.m. | 2 hours, 12 minutes ago
Description : The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Severity: 4.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9507 - iSourcecode Apartment Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9507
Published : Aug. 27, 2025, 4:16 a.m. | 16 minutes ago
Description : A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitor_info.php. Executing manipulation of the argument vid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9507 - iSourcecode Apartment Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9507
Published : Aug. 27, 2025, 4:16 a.m. | 16 minutes ago
Description : A weakness has been identified in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/visitor_info.php. Executing manipulation of the argument vid can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9506 - Campcodes Online Loan Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9506
Published : Aug. 27, 2025, 4:16 a.m. | 16 minutes ago
Description : A vulnerability has been found in Campcodes Online Loan Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_plan. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9506 - Campcodes Online Loan Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9506
Published : Aug. 27, 2025, 4:16 a.m. | 16 minutes ago
Description : A vulnerability has been found in Campcodes Online Loan Management System 1.0. This affects an unknown part of the file /ajax.php?action=delete_plan. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9505 - Campcodes Online Loan Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9505
Published : Aug. 27, 2025, 4:16 a.m. | 16 minutes ago
Description : A flaw has been found in Campcodes Online Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_loan_type. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9505 - Campcodes Online Loan Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9505
Published : Aug. 27, 2025, 4:16 a.m. | 16 minutes ago
Description : A flaw has been found in Campcodes Online Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_loan_type. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9504 - Campcodes Online Loan Management System SQL Injection",
"Content": "CVE ID : CVE-2025-9504
Published : Aug. 27, 2025, 4:16 a.m. | 16 minutes ago
Description : A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9504 - Campcodes Online Loan Management System SQL Injection",
"Content": "CVE ID : CVE-2025-9504
Published : Aug. 27, 2025, 4:16 a.m. | 16 minutes ago
Description : A vulnerability was detected in Campcodes Online Loan Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-49040 - Backup Bolt CSRF Vulnerability",
"Content": "CVE ID : CVE-2025-49040
Published : Aug. 27, 2025, 4:16 a.m. | 16 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through 1.4.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-49040 - Backup Bolt CSRF Vulnerability",
"Content": "CVE ID : CVE-2025-49040
Published : Aug. 27, 2025, 4:16 a.m. | 16 minutes ago
Description : Cross-Site Request Forgery (CSRF) vulnerability in Backup Bolt allows Cross Site Request Forgery.This issue affects Backup Bolt: from n/a through 1.4.1.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-49039 - Mibuthu Link View Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-49039
Published : Aug. 27, 2025, 4:16 a.m. | 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mibuthu Link View allows Stored XSS.This issue affects Link View: from n/a through 0.8.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-49039 - Mibuthu Link View Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-49039
Published : Aug. 27, 2025, 4:16 a.m. | 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mibuthu Link View allows Stored XSS.This issue affects Link View: from n/a through 0.8.0.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-49035 - "Chaimchaikin Admin Menu Groups Cross-site Scripting"",
"Content": "CVE ID : CVE-2025-49035
Published : Aug. 27, 2025, 4:15 a.m. | 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chaimchaikin Admin Menu Groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through 0.1.2.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-49035 - "Chaimchaikin Admin Menu Groups Cross-site Scripting"",
"Content": "CVE ID : CVE-2025-49035
Published : Aug. 27, 2025, 4:15 a.m. | 16 minutes ago
Description : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in chaimchaikin Admin Menu Groups allows Stored XSS.This issue affects Admin Menu Groups: from n/a through 0.1.2.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9503 - Campcodes Online Loan Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9503
Published : Aug. 27, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_borrower. The manipulation of the argument lastname leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9503 - Campcodes Online Loan Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9503
Published : Aug. 27, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : A security vulnerability has been detected in Campcodes Online Loan Management System 1.0. Affected is an unknown function of the file /ajax.php?action=save_borrower. The manipulation of the argument lastname leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-7732 - WordPress Lazy Load for Videos Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-7732
Published : Aug. 27, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazyโloading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The pluginโs JavaScript registration handlers read the clientโsupplied 'data-video-title' and 'href' attributes, decode HTML entities by default, and pass them directly into DOM sinks without any escaping or validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-7732 - WordPress Lazy Load for Videos Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-7732
Published : Aug. 27, 2025, 3:15 a.m. | 1 hour, 17 minutes ago
Description : The Lazy Load for Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its lazyโloading handlers in all versions up to, and including, 2.18.7 due to insufficient input sanitization and output escaping. The pluginโs JavaScript registration handlers read the clientโsupplied 'data-video-title' and 'href' attributes, decode HTML entities by default, and pass them directly into DOM sinks without any escaping or validation. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "27 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น