{
"Source": "CVE FEED",
"Title": "CVE-2025-9601 - iSourcecode Apartment Management System SQL Injection",
"Content": "CVE ID : CVE-2025-9601
Published : Aug. 29, 2025, 2:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employee_salary_setup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9601 - iSourcecode Apartment Management System SQL Injection",
"Content": "CVE ID : CVE-2025-9601
Published : Aug. 29, 2025, 2:15 a.m. | 2 hours, 3 minutes ago
Description : A vulnerability was detected in itsourcecode Apartment Management System 1.0. This affects an unknown part of the file /setting/employee_salary_setup.php. The manipulation of the argument ddlEmpName results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9374 - "Ultimate Tag Warrior Importer CSRF"",
"Content": "CVE ID : CVE-2025-9374
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9374 - "Ultimate Tag Warrior Importer CSRF"",
"Content": "CVE ID : CVE-2025-9374
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9441 - WordPress iATS Online Forms SQL Injection",
"Content": "CVE ID : CVE-2025-9441
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the โorder' parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9441 - WordPress iATS Online Forms SQL Injection",
"Content": "CVE ID : CVE-2025-9441
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The iATS Online Forms plugin for WordPress is vulnerable to time-based SQL Injection via the โorder' parameter in all versions up to, and including, 1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-53507 - iND Co.,Ltd iND Product Sensitive Information Disclosure",
"Content": "CVE ID : CVE-2025-53507
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-53507 - iND Co.,Ltd iND Product Sensitive Information Disclosure",
"Content": "CVE ID : CVE-2025-53507
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-53508 - iND Co.,Ltd iND Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-53508
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-53508 - iND Co.,Ltd iND Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-53508
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : Multiple products provided by iND Co.,Ltd contain an OS command injection vulnerability. If exploited, an arbitrary OS command may be executed and sensitive information may be obtained. As for the details of affected product names and versions, refer to the information under [Product Status].
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8147 - WordPress LWSCache Plugin Authorization Bypass",
"Content": "CVE ID : CVE-2025-8147
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscache_activatePlugin() function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate arbitrary whitelisted LWS plugins.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8147 - WordPress LWSCache Plugin Authorization Bypass",
"Content": "CVE ID : CVE-2025-8147
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscache_activatePlugin() function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate arbitrary whitelisted LWS plugins.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8290 - WordPress List Subpages Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8290
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โtitleโ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8290 - WordPress List Subpages Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8290
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โtitleโ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8619 - Elementor OSM Map Widget Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8619
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map Block URL in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8619 - Elementor OSM Map Widget Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8619
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map Block URL in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9639 - Ai3 QbiCRMGateway Arbitrary File Reading Vulnerability",
"Content": "CVE ID : CVE-2025-9639
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9639 - Ai3 QbiCRMGateway Arbitrary File Reading Vulnerability",
"Content": "CVE ID : CVE-2025-9639
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9619 - Mercatus ERP Remote Resource ID Manipulation Vulnerability",
"Content": "CVE ID : CVE-2025-9619
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9619 - Mercatus ERP Remote Resource ID Manipulation Vulnerability",
"Content": "CVE ID : CVE-2025-9619
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9610 - Code-projects Online Event Judging System SQL Injection",
"Content": "CVE ID : CVE-2025-9610
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Other parameters might be affected as well.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9610 - Code-projects Online Event Judging System SQL Injection",
"Content": "CVE ID : CVE-2025-9610
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Other parameters might be affected as well.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9609 - Portabilis i-Educar Improper Authorization Remote Code Execution",
"Content": "CVE ID : CVE-2025-9609
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9609 - Portabilis i-Educar Improper Authorization Remote Code Execution",
"Content": "CVE ID : CVE-2025-9609
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8861 - "Changing TSA Missing Authentication Vulnerability"",
"Content": "CVE ID : CVE-2025-8861
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8861 - "Changing TSA Missing Authentication Vulnerability"",
"Content": "CVE ID : CVE-2025-8861
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8858 - Changing Clinic Image System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-8858
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8858 - Changing Clinic Image System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-8858
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8857 - Changing Clinic Image System Hard-Coded Credentials Vulnerability",
"Content": "CVE ID : CVE-2025-8857
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8857 - Changing Clinic Image System Hard-Coded Credentials Vulnerability",
"Content": "CVE ID : CVE-2025-8857
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54777 - Fuji Xerox bizhub S/MIME Email Certificate Denial-of-Service Vulnerability",
"Content": "CVE ID : CVE-2025-54777
Published : Aug. 29, 2025, 7:15 a.m. | 1 hour, 12 minutes ago
Description : Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54777 - Fuji Xerox bizhub S/MIME Email Certificate Denial-of-Service Vulnerability",
"Content": "CVE ID : CVE-2025-54777
Published : Aug. 29, 2025, 7:15 a.m. | 1 hour, 12 minutes ago
Description : Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9071 - Erroneously using an all-zero seed for RSA-OEAP pa",
"Content": "CVE ID : CVE-2025-9071
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AGโs Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated messages, and loss of security proofs.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9071 - Erroneously using an all-zero seed for RSA-OEAP pa",
"Content": "CVE ID : CVE-2025-9071
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AGโs Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated messages, and loss of security proofs.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-7383 - Padding oracle attack vulnerability in Oberon micr",
"Content": "CVE ID : CVE-2025-7383
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Padding oracle attack vulnerability in Oberon microsystem AGโs Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-7383 - Padding oracle attack vulnerability in Oberon micr",
"Content": "CVE ID : CVE-2025-7383
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Padding oracle attack vulnerability in Oberon microsystem AGโs Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4644 - Payload SQLite Adapter Session Fixation",
"Content": "CVE ID : CVE-2025-4644
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user.
This issue has been fixed in version 3.44.0 of Payload.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4644 - Payload SQLite Adapter Session Fixation",
"Content": "CVE ID : CVE-2025-4644
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user.
This issue has been fixed in version 3.44.0 of Payload.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-7071 - Padding oracle attack vulnerability in Oberon micr",
"Content": "CVE ID : CVE-2025-7071
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Padding oracle attack vulnerability in Oberon microsystem AGโs ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-7071 - Padding oracle attack vulnerability in Oberon micr",
"Content": "CVE ID : CVE-2025-7071
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Padding oracle attack vulnerability in Oberon microsystem AGโs ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4643 - Payload JWT Authentication Token Reuse Vulnerability",
"Content": "CVE ID : CVE-2025-4643
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed).
This issue has been fixed in version 3.44.0 of Payload.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4643 - Payload JWT Authentication Token Reuse Vulnerability",
"Content": "CVE ID : CVE-2025-4643
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed).
This issue has been fixed in version 3.44.0 of Payload.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น