{
"Source": "CVE FEED",
"Title": "CVE-2025-55177 - WhatsApp iOS/WhatsApp Business for iOS/WhatsApp for Mac URL Processing Authorization Bypass",
"Content": "CVE ID : CVE-2025-55177
Published : Aug. 29, 2025, 4:15 p.m. | 21 minutes ago
Description : Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a targetโs device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-55177 - WhatsApp iOS/WhatsApp Business for iOS/WhatsApp for Mac URL Processing Authorization Bypass",
"Content": "CVE ID : CVE-2025-55177
Published : Aug. 29, 2025, 4:15 p.m. | 21 minutes ago
Description : Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a targetโs device. We assess that this vulnerability, in combination with an OS-level vulnerability on Apple platforms (CVE-2025-43300), may have been exploited in a sophisticated attack against specific targeted users.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-55202 - Opencast Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-55202
Published : Aug. 29, 2025, 4:15 p.m. | 21 minutes ago
Description : Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. This issue has been fixed in versions 17.7 and 18.1. To mitigate this issue, check for folders that start with the same path as the ui-config folder.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-55202 - Opencast Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-55202
Published : Aug. 29, 2025, 4:15 p.m. | 21 minutes ago
Description : Opencast is a free, open-source platform to support the management of educational audio and video content. In version 18.0 and versions before 17.7, the protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. This issue has been fixed in versions 17.7 and 18.1. To mitigate this issue, check for folders that start with the same path as the ui-config folder.
Severity: 2.7 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-46917 - Diebold Nixdorf Vynamic Security Suite Arbitrary File Execution Vulnerability",
"Content": "CVE ID : CVE-2024-46917
Published : Aug. 29, 2025, 4:15 p.m. | 21 minutes ago
Description : Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-46917 - Diebold Nixdorf Vynamic Security Suite Arbitrary File Execution Vulnerability",
"Content": "CVE ID : CVE-2024-46917
Published : Aug. 29, 2025, 4:15 p.m. | 21 minutes ago
Description : Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity validation. This allows code execution, recovery of TPM Disk Encryption keys, decryption of the Windows system partition, and full control of the Windows OS, e.g., through ~/.profile changes.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-47909 - Apache CSRF Vulnerability",
"Content": "CVE ID : CVE-2025-47909
Published : Aug. 29, 2025, 4:15 p.m. | 21 minutes ago
Description : Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at can't get it to submit to because the Origin header is checked with sameOrigin against a synthetic URL. However, if a host is added to TrustedOrigins, both its HTTP and HTTPS origins will be allowed, because the schema of the synthetic URL is ignored and only the host is checked. For example, if an application is hosted on and adds example.net to TrustedOrigins, a network attacker can serve a form at to perform the attack. Applications should migrate to net/http.CrossOriginProtection, introduced in Go 1.25. If that is not an option, a backport is available as a module at filippo.io/csrf, and a drop-in replacement for the github.com/gorilla/csrf API is available at filippo.io/csrf/gorilla.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-47909 - Apache CSRF Vulnerability",
"Content": "CVE ID : CVE-2025-47909
Published : Aug. 29, 2025, 4:15 p.m. | 21 minutes ago
Description : Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at can't get it to submit to because the Origin header is checked with sameOrigin against a synthetic URL. However, if a host is added to TrustedOrigins, both its HTTP and HTTPS origins will be allowed, because the schema of the synthetic URL is ignored and only the host is checked. For example, if an application is hosted on and adds example.net to TrustedOrigins, a network attacker can serve a form at to perform the attack. Applications should migrate to net/http.CrossOriginProtection, introduced in Go 1.25. If that is not an option, a backport is available as a module at filippo.io/csrf, and a drop-in replacement for the github.com/gorilla/csrf API is available at filippo.io/csrf/gorilla.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-46916 - Diebold Nixdorf Vynamic Security Suite File Deletion Code Execution Vulnerability",
"Content": "CVE ID : CVE-2024-46916
Published : Aug. 29, 2025, 4:15 p.m. | 21 minutes ago
Description : Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-46916 - Diebold Nixdorf Vynamic Security Suite File Deletion Code Execution Vulnerability",
"Content": "CVE ID : CVE-2024-46916
Published : Aug. 29, 2025, 4:15 p.m. | 21 minutes ago
Description : Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR06 contains functionality that allows the removal of critical system files before the filesystem is properly mounted (e.g., leveraging a delete call in /etc/rc.d/init.d/mountfs to remove the /etc/fstab file). This can allow code execution and, in some versions, enable recovery of TPM Disk Encryption keys and decryption of the Windows system partition.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9655 - O2OA Cross Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-9655
Published : Aug. 29, 2025, 3:15 p.m. | 1 hour, 21 minutes ago
Description : A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched remotely. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9655 - O2OA Cross Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-9655
Published : Aug. 29, 2025, 3:15 p.m. | 1 hour, 21 minutes ago
Description : A weakness has been identified in O2OA up to 10.0-410. This affects an unknown part of the file /x_organization_assemble_control/jaxrs/person/ of the component Personal Profile Page. Executing manipulation of the argument Description can lead to cross site scripting. The attack can be launched remotely. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9653 - Portabilis i-Educar Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-9653
Published : Aug. 29, 2025, 3:15 p.m. | 1 hour, 21 minutes ago
Description : A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9653 - Portabilis i-Educar Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-9653
Published : Aug. 29, 2025, 3:15 p.m. | 1 hour, 21 minutes ago
Description : A vulnerability was identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_projeto_cad.php of the component Cadastrar projeto Page. Such manipulation of the argument nome/observacao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9654 - AiondaDotCom mcp-ssh Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9654
Published : Aug. 29, 2025, 3:15 p.m. | 1 hour, 21 minutes ago
Description : A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve this issue. The patch is named cd2566a948b696501abfa6c6b03462cac5fb43d8. It is advisable to upgrade the affected component.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9654 - AiondaDotCom mcp-ssh Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9654
Published : Aug. 29, 2025, 3:15 p.m. | 1 hour, 21 minutes ago
Description : A security flaw has been discovered in AiondaDotCom mcp-ssh up to 1.0.3. Affected by this issue is some unknown functionality of the file server-simple.mjs. Performing manipulation results in command injection. The attack can be initiated remotely. Upgrading to version 1.0.4 and 1.1.0 can resolve this issue. The patch is named cd2566a948b696501abfa6c6b03462cac5fb43d8. It is advisable to upgrade the affected component.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9652 - Portabilis i-Educar Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-9652
Published : Aug. 29, 2025, 3:15 p.m. | 1 hour, 21 minutes ago
Description : A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferรชncia Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9652 - Portabilis i-Educar Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-9652
Published : Aug. 29, 2025, 3:15 p.m. | 1 hour, 21 minutes ago
Description : A vulnerability was determined in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /intranet/educar_transferencia_tipo_cad.php of the component Cadastrar tipo de transferรชncia Page. This manipulation of the argument nm_tipo/desc_tipo causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-54080 - Exiv2 Out-of-Bounds Read Denial of Service",
"Content": "CVE ID : CVE-2025-54080
Published : Aug. 29, 2025, 3:15 p.m. | 1 hour, 21 minutes ago
Description : Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6.
Severity: 1.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-54080 - Exiv2 Out-of-Bounds Read Denial of Service",
"Content": "CVE ID : CVE-2025-54080
Published : Aug. 29, 2025, 3:15 p.m. | 1 hour, 21 minutes ago
Description : Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. An out-of-bounds read was found in Exiv2 versions 0.28.5 and earlier. The out-of-bounds read is triggered when Exiv2 is used to write metadata into a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service by crashing Exiv2, if they can trick the victim into running Exiv2 on a crafted image file. Note that this bug is only triggered when writing the metadata, which is a less frequently used Exiv2 operation than reading the metadata. The bug is fixed in version 0.28.6.
Severity: 1.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-55304 - Exiv2 ICC Profile Parsing Denial-of-Service Vulnerability",
"Content": "CVE ID : CVE-2025-55304
Published : Aug. 29, 2025, 3:15 p.m. | 1 hour, 21 minutes ago
Description : Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.
Severity: 1.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-55304 - Exiv2 ICC Profile Parsing Denial-of-Service Vulnerability",
"Content": "CVE ID : CVE-2025-55304
Published : Aug. 29, 2025, 3:15 p.m. | 1 hour, 21 minutes ago
Description : Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. A denial-of-service was found in Exiv2 version 0.28.5: a quadratic algorithm in the ICC profile parsing code in jpegBase::readMetadata() can cause Exiv2 to run for a long time. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted jpg image file. The bug is fixed in version 0.28.6.
Severity: 1.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9377 - "TP-Link Archer C7/EU and TL-WR841N/ND(MS) Remote Command Execution Vulnerability"",
"Content": "CVE ID : CVE-2025-9377
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.
This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108.
Both products have reached the status of EOL (end-of-life).
It's recommending to
purchase the new
product to ensure better performance and security. If replacement is not
an option in the short term, please use the second reference link to
download and install the patch(es).
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9377 - "TP-Link Archer C7/EU and TL-WR841N/ND(MS) Remote Command Execution Vulnerability"",
"Content": "CVE ID : CVE-2025-9377
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : The authenticated remote command execution (RCE) vulnerability exists in the Parental Control page on TP-Link Archer C7(EU) V2 and TL-WR841N/ND(MS) V9.
This issue affects Archer C7(EU) V2: before 241108 and TL-WR841N/ND(MS) V9: before 241108.
Both products have reached the status of EOL (end-of-life).
It's recommending to
purchase the new
product to ensure better performance and security. If replacement is not
an option in the short term, please use the second reference link to
download and install the patch(es).
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9665 - Code-projects Simple Grading System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9665
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : A weakness has been identified in code-projects Simple Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_student.php of the component Admin Panel. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9665 - Code-projects Simple Grading System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-9665
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : A weakness has been identified in code-projects Simple Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_student.php of the component Admin Panel. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9666 - "Code-projects Simple Grading System SQL Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-9666
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : A security vulnerability has been detected in code-projects Simple Grading System 1.0. Affected by this issue is some unknown functionality of the file /delete_student.php of the component Admin Panel. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9666 - "Code-projects Simple Grading System SQL Injection Vulnerability"",
"Content": "CVE ID : CVE-2025-9666
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : A security vulnerability has been detected in code-projects Simple Grading System 1.0. Affected by this issue is some unknown functionality of the file /delete_student.php of the component Admin Panel. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-44015 - HybridDesk Station Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-44015
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
HybridDesk Station 4.2.18 and later
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-44015 - HybridDesk Station Command Injection Vulnerability",
"Content": "CVE ID : CVE-2025-44015
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : A command injection vulnerability has been reported to affect HybridDesk Station. If an attacker gains local network access, they can then exploit the vulnerability to execute arbitrary commands.
We have already fixed the vulnerability in the following version:
HybridDesk Station 4.2.18 and later
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-44033 - Oa System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-44033
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-44033 - Oa System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-44033
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : SQL injection vulnerability in oa_system oasys v.1.1 allows a remote attacker to execute arbitrary code via the allDirector() method declaration in src/main/java/cn/gson/oasys/mappers/AddressMapper.java
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-52856 - VioStor Improper Authentication Vulnerability",
"Content": "CVE ID : CVE-2025-52856
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerability in the following version:
VioStor 5.1.6 build 20250621 and later
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-52856 - VioStor Improper Authentication Vulnerability",
"Content": "CVE ID : CVE-2025-52856
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : An improper authentication vulnerability has been reported to affect VioStor. If a remote attacker, they can then exploit the vulnerability to compromise the security of the system.
We have already fixed the vulnerability in the following version:
VioStor 5.1.6 build 20250621 and later
Severity: 9.3 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-52861 - VioStor Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-52861
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
VioStor 5.1.6 build 20250621 and later
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-52861 - VioStor Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-52861
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : A path traversal vulnerability has been reported to affect VioStor. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
VioStor 5.1.6 build 20250621 and later
Severity: 7.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-58158 - "Harness Git LFS Arbitrary File Write Vulnerability"",
"Content": "CVE ID : CVE-2025-58158
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git LFS. Implementation of upload git LFS file api is vulnerable to arbitrary file write. Due to improper sanitization for upload path, a malicious authenticated user who has access to Harness Gitness server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromise the server. Users using git LFS are vulnerable. This issue has been patched in version 3.3.0.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-58158 - "Harness Git LFS Arbitrary File Write Vulnerability"",
"Content": "CVE ID : CVE-2025-58158
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : Harness Open Source is an end-to-end developer platform with Source Control Management, CI/CD Pipelines, Hosted Developer Environments, and Artifact Registries. Prior to version 3.3.0, Open Source Harness git LFS server (Gitness) exposes api to retrieve and upload files via git LFS. Implementation of upload git LFS file api is vulnerable to arbitrary file write. Due to improper sanitization for upload path, a malicious authenticated user who has access to Harness Gitness server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromise the server. Users using git LFS are vulnerable. This issue has been patched in version 3.3.0.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-33033 - Qsync Central Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-33033
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-33033 - Qsync Central Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-33033
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-33036 - Qsync Central Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-33036
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-33036 - Qsync Central Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-33036
Published : Aug. 29, 2025, 6:15 p.m. | 23 minutes ago
Description : A path traversal vulnerability has been reported to affect Qsync Central. If a remote attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data.
We have already fixed the vulnerability in the following version:
Qsync Central 4.5.0.7 ( 2025/04/23 ) and later
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "29 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น