{
"Source": "CVE FEED",
"Title": "CVE-2025-8290 - WordPress List Subpages Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8290
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โtitleโ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8290 - WordPress List Subpages Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8290
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โtitleโ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8619 - Elementor OSM Map Widget Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8619
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map Block URL in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8619 - Elementor OSM Map Widget Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-8619
Published : Aug. 29, 2025, 5:15 a.m. | 1 hour, 12 minutes ago
Description : The OSM Map Widget for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Map Block URL in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9639 - Ai3 QbiCRMGateway Arbitrary File Reading Vulnerability",
"Content": "CVE ID : CVE-2025-9639
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9639 - Ai3 QbiCRMGateway Arbitrary File Reading Vulnerability",
"Content": "CVE ID : CVE-2025-9639
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9619 - Mercatus ERP Remote Resource ID Manipulation Vulnerability",
"Content": "CVE ID : CVE-2025-9619
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9619 - Mercatus ERP Remote Resource ID Manipulation Vulnerability",
"Content": "CVE ID : CVE-2025-9619
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : A security flaw has been discovered in E4 Sistemas Mercatus ERP 2.00.019. The affected element is an unknown function of the file /basico/webservice/imprimir-danfe/id/. Performing manipulation results in improper control of resource identifiers. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9610 - Code-projects Online Event Judging System SQL Injection",
"Content": "CVE ID : CVE-2025-9610
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Other parameters might be affected as well.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9610 - Code-projects Online Event Judging System SQL Injection",
"Content": "CVE ID : CVE-2025-9610
Published : Aug. 29, 2025, 4:16 a.m. | 2 hours, 11 minutes ago
Description : A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /create_account.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. Other parameters might be affected as well.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9609 - Portabilis i-Educar Improper Authorization Remote Code Execution",
"Content": "CVE ID : CVE-2025-9609
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9609 - Portabilis i-Educar Improper Authorization Remote Code Execution",
"Content": "CVE ID : CVE-2025-9609
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : A vulnerability was found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /educacenso/consulta. The manipulation results in improper authorization. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8861 - "Changing TSA Missing Authentication Vulnerability"",
"Content": "CVE ID : CVE-2025-8861
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8861 - "Changing TSA Missing Authentication Vulnerability"",
"Content": "CVE ID : CVE-2025-8861
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : TSA developed by Changing has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8858 - Changing Clinic Image System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-8858
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8858 - Changing Clinic Image System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-8858
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : Clinic Image System developed by Changing has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8857 - Changing Clinic Image System Hard-Coded Credentials Vulnerability",
"Content": "CVE ID : CVE-2025-8857
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8857 - Changing Clinic Image System Hard-Coded Credentials Vulnerability",
"Content": "CVE ID : CVE-2025-8857
Published : Aug. 29, 2025, 4:15 a.m. | 2 hours, 11 minutes ago
Description : Clinic Image System developed by Changing contains hard-coded Credentials, allowing unauthenticated remote attackers to log into the system using administrator credentials embedded in the source code.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54777 - Fuji Xerox bizhub S/MIME Email Certificate Denial-of-Service Vulnerability",
"Content": "CVE ID : CVE-2025-54777
Published : Aug. 29, 2025, 7:15 a.m. | 1 hour, 12 minutes ago
Description : Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54777 - Fuji Xerox bizhub S/MIME Email Certificate Denial-of-Service Vulnerability",
"Content": "CVE ID : CVE-2025-54777
Published : Aug. 29, 2025, 7:15 a.m. | 1 hour, 12 minutes ago
Description : Uncaught exception issue exists in Multiple products in bizhub series. If a malformed file is imported as an S/MIME Email certificate, it may cause a denial-of-service issue that disable the Web Connection feature.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9071 - Erroneously using an all-zero seed for RSA-OEAP pa",
"Content": "CVE ID : CVE-2025-9071
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AGโs Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated messages, and loss of security proofs.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9071 - Erroneously using an all-zero seed for RSA-OEAP pa",
"Content": "CVE ID : CVE-2025-9071
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Erroneously using an all-zero seed for RSA-OEAP padding instead of the generated random bytes, in Oberon microsystems AGโs Oberon PSA Crypto library in all versions up to 1.5.1, results in deterministic RSA and thus in a loss of confidentiality for guessable messages, recognition of repeated messages, and loss of security proofs.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-7383 - Padding oracle attack vulnerability in Oberon micr",
"Content": "CVE ID : CVE-2025-7383
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Padding oracle attack vulnerability in Oberon microsystem AGโs Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-7383 - Padding oracle attack vulnerability in Oberon micr",
"Content": "CVE ID : CVE-2025-7383
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Padding oracle attack vulnerability in Oberon microsystem AGโs Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4644 - Payload SQLite Adapter Session Fixation",
"Content": "CVE ID : CVE-2025-4644
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user.
This issue has been fixed in version 3.44.0 of Payload.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4644 - Payload SQLite Adapter Session Fixation",
"Content": "CVE ID : CVE-2025-4644
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : A Session Fixation vulnerability existed in Payload's SQLite adapter due to identifier reuse during account creation. A malicious attacker could create a new account, save its JSON Web Token (JWT), and then delete the account, which did not invalidate the JWT. As a result, the next newly created user would receive the same identifier, allowing the attacker to reuse the JWT to authenticate and perform actions as that user.
This issue has been fixed in version 3.44.0 of Payload.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-7071 - Padding oracle attack vulnerability in Oberon micr",
"Content": "CVE ID : CVE-2025-7071
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Padding oracle attack vulnerability in Oberon microsystem AGโs ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-7071 - Padding oracle attack vulnerability in Oberon micr",
"Content": "CVE ID : CVE-2025-7071
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Padding oracle attack vulnerability in Oberon microsystem AGโs ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of AES-CBC PKCS#7 decrypt operations.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4643 - Payload JWT Authentication Token Reuse Vulnerability",
"Content": "CVE ID : CVE-2025-4643
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed).
This issue has been fixed in version 3.44.0 of Payload.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4643 - Payload JWT Authentication Token Reuse Vulnerability",
"Content": "CVE ID : CVE-2025-4643
Published : Aug. 29, 2025, 10:15 a.m. | 14 minutes ago
Description : Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed).
This issue has been fixed in version 3.44.0 of Payload.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8150 - "Elementor Events Addon Stored Cross-Site Scripting Vulnerability"",
"Content": "CVE ID : CVE-2025-8150
Published : Aug. 29, 2025, 9:15 a.m. | 1 hour, 14 minutes ago
Description : The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter and Countdown widgets in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8150 - "Elementor Events Addon Stored Cross-Site Scripting Vulnerability"",
"Content": "CVE ID : CVE-2025-8150
Published : Aug. 29, 2025, 9:15 a.m. | 1 hour, 14 minutes ago
Description : The Events Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typewriter and Countdown widgets in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-13987 - Synology RADIUS Server Cross-site Scripting Vulnerability",
"Content": "CVE ID : CVE-2024-13987
Published : Aug. 29, 2025, 8:15 a.m. | 2 hours, 14 minutes ago
Description : Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server before 3.0.27-0139 allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-13987 - Synology RADIUS Server Cross-site Scripting Vulnerability",
"Content": "CVE ID : CVE-2024-13987
Published : Aug. 29, 2025, 8:15 a.m. | 2 hours, 14 minutes ago
Description : Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Synology RADIUS Server before 3.0.27-0139 allows remote authenticated users with administrator privileges to read or write limited files in SRM and conduct limited denial-of-service via unspecified vectors.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9643 - ApacheCampus Apartment Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9643
Published : 29 Aug 2025, 12:15 p.m. | 20 minutes ago
Description : A vulnerability was found in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/utility_bill_setup.php. Performing manipulation of the argument txtGasBill results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9643 - ApacheCampus Apartment Management System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9643
Published : 29 Aug 2025, 12:15 p.m. | 20 minutes ago
Description : A vulnerability was found in itsourcecode Apartment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /setting/utility_bill_setup.php. Performing manipulation of the argument txtGasBill results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-40709 - OpenAtlas ACDH-CH Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-40709
Published : 29 Aug 2025, 12:15 p.m. | 20 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/person/โ petition, "name" and "alias-0โ parameters.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-40709 - OpenAtlas ACDH-CH Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-40709
Published : 29 Aug 2025, 12:15 p.m. | 20 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/person/โ petition, "name" and "alias-0โ parameters.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-40707 - OpenAtlas ACDH-CH Cross-Site Scripting (XSS) Vulnerability",
"Content": "CVE ID : CVE-2025-40707
Published : 29 Aug 2025, 12:15 p.m. | 20 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/place" petition, "name" and "alias-0โ parameters.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-40707 - OpenAtlas ACDH-CH Cross-Site Scripting (XSS) Vulnerability",
"Content": "CVE ID : CVE-2025-40707
Published : 29 Aug 2025, 12:15 p.m. | 20 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/place" petition, "name" and "alias-0โ parameters.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-40708 - OpenAtlas ACDH-CH Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-40708
Published : 29 Aug 2025, 12:15 p.m. | 20 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/event" petition, "name" parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-40708 - OpenAtlas ACDH-CH Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-40708
Published : 29 Aug 2025, 12:15 p.m. | 20 minutes ago
Description : Cross-Site Scripting (XSS) vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH), due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an authenticated user and steal their session cookie details, via the "/insert/event" petition, "name" parameter.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น