{
"Source": "CVE FEED",
"Title": "CVE-2025-55173 - Next.js Image Optimization File Download Content Injection Vulnerability",
"Content": "CVE ID : CVE-2025-55173
Published : Aug. 29, 2025, 10:15 p.m. | 33 minutes ago
Description : Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-55173 - Next.js Image Optimization File Download Content Injection Vulnerability",
"Content": "CVE ID : CVE-2025-55173
Published : Aug. 29, 2025, 10:15 p.m. | 33 minutes ago
Description : Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization is vulnerable to content injection. The issue allowed attacker-controlled external image sources to trigger file downloads with arbitrary content and filenames under specific configurations. This behavior could be abused for phishing or malicious file delivery. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-57752 - Next.js Image Optimization API Cache Key Confusion Vulnerability",
"Content": "CVE ID : CVE-2025-57752
Published : Aug. 29, 2025, 10:15 p.m. | 33 minutes ago
Description : Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-57752 - Next.js Image Optimization API Cache Key Confusion Vulnerability",
"Content": "CVE ID : CVE-2025-57752
Published : Aug. 29, 2025, 10:15 p.m. | 33 minutes ago
Description : Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.
Severity: 6.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9677 - Modo Legend of the Phoenix Android Application Component Export Vulnerability",
"Content": "CVE ID : CVE-2025-9677
Published : Aug. 29, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9677 - Modo Legend of the Phoenix Android Application Component Export Vulnerability",
"Content": "CVE ID : CVE-2025-9677
Published : Aug. 29, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : A security flaw has been discovered in Modo Legend of the Phoenix up to 1.0.5. The affected element is an unknown function of the file AndroidManifest.xml of the component com.duige.hzw.multilingual. The manipulation results in improper export of android application components. The attack needs to be approached locally. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9674 - Transbyte Scooper News App Android Application Component Export Vulnerability",
"Content": "CVE ID : CVE-2025-9674
Published : Aug. 29, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9674 - Transbyte Scooper News App Android Application Component Export Vulnerability",
"Content": "CVE ID : CVE-2025-9674
Published : Aug. 29, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : A flaw has been found in Transbyte Scooper News App up to 1.2 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.hatsune.eagleee. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9675 - Voice Changer App AndroidManifest.xml Component Export Vulnerability",
"Content": "CVE ID : CVE-2025-9675
Published : Aug. 29, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9675 - Voice Changer App AndroidManifest.xml Component Export Vulnerability",
"Content": "CVE ID : CVE-2025-9675
Published : Aug. 29, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability was determined in Voice Changer App up to 1.1.0. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.tuyangkeji.changevoice. Executing manipulation can lead to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been publicly disclosed and may be utilized.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9676 - NCSOFT Universe App Android Application Component Export Vulnerability",
"Content": "CVE ID : CVE-2025-9676
Published : Aug. 29, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9676 - NCSOFT Universe App Android Application Component Export Vulnerability",
"Content": "CVE ID : CVE-2025-9676
Published : Aug. 29, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : A vulnerability was identified in NCSOFT Universe App up to 1.3.0. Impacted is an unknown function of the file AndroidManifest.xml of the component com.ncsoft.universeapp. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-58066 - Ntpd-rs NTS Protocol Denial of Service Vulnerability",
"Content": "CVE ID : CVE-2025-58066
Published : Aug. 29, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP servers running ntpd-rs. Client-only configurations are not affected. Affected users are recommended to upgrade to version 1.6.2 as soon as possible.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-58066 - Ntpd-rs NTS Protocol Denial of Service Vulnerability",
"Content": "CVE ID : CVE-2025-58066
Published : Aug. 29, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : nptd-rs is a tool for synchronizing your computer's clock, implementing the NTP and NTS protocols. In versions between 1.2.0 and 1.6.1 inclusive servers which allow non-NTS traffic are affected by a denial of service vulnerability, where an attacker can induce a message storm between two NTP servers running ntpd-rs. Client-only configurations are not affected. Affected users are recommended to upgrade to version 1.6.2 as soon as possible.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-58067 - Basecamp Google Sign-In Open Redirect Vulnerability",
"Content": "CVE ID : CVE-2025-58067
Published : Aug. 29, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library or the calling application. However, it may be possible to set this session value from a malicious site with a form submission. Any Rails applications using the google_sign_in gem may be vulnerable, if this vector can be chained with another attack that is able to modify the OAuth2 request parameters. This issue has been patched in version 1.3.1. There are no workarounds.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-58067 - Basecamp Google Sign-In Open Redirect Vulnerability",
"Content": "CVE ID : CVE-2025-58067
Published : Aug. 29, 2025, 9:15 p.m. | 1 hour, 33 minutes ago
Description : Basecamp's Google Sign-In adds Google sign-in to Rails applications. Prior to version 1.3.1, it is possible to redirect a user to another origin if the "proceed_to" value in the session store is set to a protocol-relative URL. Normally the value of this URL is only written and read by the library or the calling application. However, it may be possible to set this session value from a malicious site with a form submission. Any Rails applications using the google_sign_in gem may be vulnerable, if this vector can be chained with another attack that is able to modify the OAuth2 request parameters. This issue has been patched in version 1.3.1. There are no workarounds.
Severity: 4.2 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9673 - Kakao Hey Kakao App Android Manifest XML Component Export Vulnerability",
"Content": "CVE ID : CVE-2025-9673
Published : Aug. 29, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : A vulnerability was detected in Kakao ํค์ด์นด์นด์ค Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9673 - Kakao Hey Kakao App Android Manifest XML Component Export Vulnerability",
"Content": "CVE ID : CVE-2025-9673
Published : Aug. 29, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : A vulnerability was detected in Kakao ํค์ด์นด์นด์ค Hey Kakao App up to 2.17.4 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.kakao.i.connect. The manipulation results in improper export of android application components. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-56577 - Evope Core Cryptographic Key Disclosure",
"Content": "CVE ID : CVE-2025-56577
Published : Aug. 29, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-56577 - Evope Core Cryptographic Key Disclosure",
"Content": "CVE ID : CVE-2025-56577
Published : Aug. 29, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : An issue in Evope Core v.1.1.3.20 allows a local attacker to obtain sensitive information via the use of hard coded cryptographic keys.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9671 - "UAB Paytend App Android Component Export Vulnerability"",
"Content": "CVE ID : CVE-2025-9671
Published : Aug. 29, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9671 - "UAB Paytend App Android Component Export Vulnerability"",
"Content": "CVE ID : CVE-2025-9671
Published : Aug. 29, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : A weakness has been identified in UAB Paytend App up to 2.1.9 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.passport.cash. Executing manipulation can lead to improper export of android application components. The attack needs to be launched locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9672 - Rejseplanen App Android Manifest XML Component Export Vulnerability",
"Content": "CVE ID : CVE-2025-9672
Published : Aug. 29, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Affected is an unknown function of the file AndroidManifest.xml of the component de.hafas.android.rejseplanen. The manipulation leads to improper export of android application components. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9672 - Rejseplanen App Android Manifest XML Component Export Vulnerability",
"Content": "CVE ID : CVE-2025-9672
Published : Aug. 29, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : A security vulnerability has been detected in Rejseplanen App up to 8.2.2. Affected is an unknown function of the file AndroidManifest.xml of the component de.hafas.android.rejseplanen. The manipulation leads to improper export of android application components. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-46484 - TRENDnet TV-IP410 OS Command Injection",
"Content": "CVE ID : CVE-2024-46484
Published : Aug. 29, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-46484 - TRENDnet TV-IP410 OS Command Injection",
"Content": "CVE ID : CVE-2024-46484
Published : Aug. 29, 2025, 8:15 p.m. | 2 hours, 33 minutes ago
Description : TRENDnet TV-IP410 vA1.0R was discovered to contain an OS command injection vulnerability via the /server/cgi-bin/testserv.cgi component.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-58159 - WeGIA Web Manager Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-58159
Published : Aug. 29, 2025, 11:15 p.m. | 1 hour, 34 minutes ago
Description : WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-58159 - WeGIA Web Manager Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-58159
Published : Aug. 29, 2025, 11:15 p.m. | 1 hour, 34 minutes ago
Description : WeGIA is a Web manager for charitable institutions. Prior to version 3.4.11, a remote code execution vulnerability was identified, caused by improper validation of uploaded files. The application allows an attacker to upload files with arbitrary filenames, including those with a .php extension. Because the uploaded file is written directly to disk without adequate sanitization or extension restrictions, a spreadsheet file followed by PHP code can be uploaded and executed on the server, leading to arbitrary code execution. This is due to insufficient mitigation of CVE-2025-22133. This issue has been patched in version 3.4.11.
Severity: 9.9 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-34165 - NetSupport Manager Denial of Service and Information Leak Buffer Overflow",
"Content": "CVE ID : CVE-2025-34165
Published : Aug. 30, 2025, 12:15 a.m. | 2 hours, 40 minutes ago
Description : A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-34165 - NetSupport Manager Denial of Service and Information Leak Buffer Overflow",
"Content": "CVE ID : CVE-2025-34165
Published : Aug. 30, 2025, 12:15 a.m. | 2 hours, 40 minutes ago
Description : A stack-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially leak a limited amount of memory.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-34164 - NetSupport Manager Heap-Based Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-34164
Published : Aug. 30, 2025, 12:15 a.m. | 2 hours, 40 minutes ago
Description : A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-34164 - NetSupport Manager Heap-Based Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-34164
Published : Aug. 30, 2025, 12:15 a.m. | 2 hours, 40 minutes ago
Description : A heap-based buffer overflow vulnerability in NetSupport Manager 14.x versions prior to 14.12.0000 allows a remote, unauthenticated attacker to cause a denial of service (DoS) or potentially result in arbitrary code execution.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4956 - AA-Team Pro Bulk Watermark Plugin for WordPress Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-4956
Published : Aug. 30, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4956 - AA-Team Pro Bulk Watermark Plugin for WordPress Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-4956
Published : Aug. 30, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : Path Traversal: '.../...//' vulnerability in AA-Team Pro Bulk Watermark Plugin for WordPress allows Path Traversal.This issue affects Pro Bulk Watermark Plugin for WordPress: from n/a through 2.0.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9618 - WordPress Related Posts Lite CSRF",
"Content": "CVE ID : CVE-2025-9618
Published : Aug. 30, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9618 - WordPress Related Posts Lite CSRF",
"Content": "CVE ID : CVE-2025-9618
Published : Aug. 30, 2025, 2:15 a.m. | 2 hours, 49 minutes ago
Description : The Related Posts Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9680 - O2OA Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-9680
Published : Aug. 30, 2025, 7:15 a.m. | 1 hour, 52 minutes ago
Description : A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9680 - O2OA Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-9680
Published : Aug. 30, 2025, 7:15 a.m. | 1 hour, 52 minutes ago
Description : A vulnerability was detected in O2OA up to 10.0-410. This impacts an unknown function of the file /x_portal_assemble_designer/jaxrs/page of the component Personal Profile Page. Performing manipulation results in cross site scripting. The attack can be initiated remotely. The exploit is now public and may be used. The vendor replied in the GitHub issue (translated from simplified Chinese): "This issue will be fixed in the new version."
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9499 - WordPress Ocean Extra Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-9499
Published : Aug. 30, 2025, 5:15 a.m. | 3 hours, 52 minutes ago
Description : The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwp_library shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9499 - WordPress Ocean Extra Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-9499
Published : Aug. 30, 2025, 5:15 a.m. | 3 hours, 52 minutes ago
Description : The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's oceanwp_library shortcode in all versions up to, and including, 2.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9500 - TablePress Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-9500
Published : Aug. 30, 2025, 5:15 a.m. | 3 hours, 52 minutes ago
Description : The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โshortcode_debugโ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9500 - TablePress Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-9500
Published : Aug. 30, 2025, 5:15 a.m. | 3 hours, 52 minutes ago
Description : The TablePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the โshortcode_debugโ parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "30 Aug 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น