{
"Source": "CVE FEED",
"Title": "CVE-2025-58374 - Roo Code: Auto-approve allows npm install execution of malicious postinstall scripts",
"Content": "CVE ID : CVE-2025-58374
Published : Sept. 6, 2025, 3:15 a.m. | 49 minutes ago
Description : Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle scripts, if a repositoryโs package.json file contains a malicious postinstall script, it would be executed automatically without user approval. This means that enabling auto-approved commands and opening a malicious repo could result in arbitrary code execution. This is fixed in version 3.26.0.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-58374 - Roo Code: Auto-approve allows npm install execution of malicious postinstall scripts",
"Content": "CVE ID : CVE-2025-58374
Published : Sept. 6, 2025, 3:15 a.m. | 49 minutes ago
Description : Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a default list of allowed commands that do not need manual approval if auto-approve is enabled, and npm install is included in that list. Because npm install executes lifecycle scripts, if a repositoryโs package.json file contains a malicious postinstall script, it would be executed automatically without user approval. This means that enabling auto-approved commands and opening a malicious repo could result in arbitrary code execution. This is fixed in version 3.26.0.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-58905 - Apache HTTP Server Directory Traversal",
"Content": "CVE ID : CVE-2025-58905
Published : Sept. 6, 2025, 3:15 a.m. | 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-58905 - Apache HTTP Server Directory Traversal",
"Content": "CVE ID : CVE-2025-58905
Published : Sept. 6, 2025, 3:15 a.m. | 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-58904 - Apache HTTP Server Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-58904
Published : Sept. 6, 2025, 3:15 a.m. | 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-58904 - Apache HTTP Server Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-58904
Published : Sept. 6, 2025, 3:15 a.m. | 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-58906 - Apache HTTP Server Information Disclosure",
"Content": "CVE ID : CVE-2025-58906
Published : Sept. 6, 2025, 3:15 a.m. | 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-58906 - Apache HTTP Server Information Disclosure",
"Content": "CVE ID : CVE-2025-58906
Published : Sept. 6, 2025, 3:15 a.m. | 49 minutes ago
Description : Rejected reason: Not used
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6757 - Recent Posts Widget Extended <= 2.0.2 - authenticated (contributor+) stored cross-site scripting via rpwe shortcode",
"Content": "CVE ID : CVE-2025-6757
Published : Sept. 6, 2025, 5:15 a.m. | 58 minutes ago
Description : The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6757 - Recent Posts Widget Extended <= 2.0.2 - authenticated (contributor+) stored cross-site scripting via rpwe shortcode",
"Content": "CVE ID : CVE-2025-6757
Published : Sept. 6, 2025, 5:15 a.m. | 58 minutes ago
Description : The Recent Posts Widget Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rpwe' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10046 - ELEX WooCommerce Google Shopping (Google Product Feed) <= 1.4.3 - authenticated (admin+) sql inejction",
"Content": "CVE ID : CVE-2025-10046
Published : Sept. 6, 2025, 7:15 a.m. | 1 hour, 8 minutes ago
Description : The ELEX WooCommerce Google Shopping (Google Product Feed) plugin for WordPress is vulnerable to SQL Injection via the 'file_to_delete' parameter in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10046 - ELEX WooCommerce Google Shopping (Google Product Feed) <= 1.4.3 - authenticated (admin+) sql inejction",
"Content": "CVE ID : CVE-2025-10046
Published : Sept. 6, 2025, 7:15 a.m. | 1 hour, 8 minutes ago
Description : The ELEX WooCommerce Google Shopping (Google Product Feed) plugin for WordPress is vulnerable to SQL Injection via the 'file_to_delete' parameter in all versions up to, and including, 1.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity: 4.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-9961 - Authenticated RCE by CWMP binary",
"Content": "CVE ID : CVE-2025-9961
Published : Sept. 6, 2025, 7:15 a.m. | 1 hour, 8 minutes ago
Description : An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.
The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.
This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-9961 - Authenticated RCE by CWMP binary",
"Content": "CVE ID : CVE-2025-9961
Published : Sept. 6, 2025, 7:15 a.m. | 1 hour, 8 minutes ago
Description : An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500.
The exploit can only be conducted via a Man-In-The-Middle (MITM) attack.
This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; AX1500 V1/V1.20/V1.26/V1.60/V1.80/V2.60/V3.6: before 1.3.11.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10028 - itsourcecode POS Point of Sale System 6776.php cross site scripting",
"Content": "CVE ID : CVE-2025-10028
Published : Sept. 6, 2025, 7:15 a.m. | 1 hour, 8 minutes ago
Description : A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This affects an unknown part of the file /inventory/main/vendors/datatables/unit_testing/templates/6776.php. Such manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10028 - itsourcecode POS Point of Sale System 6776.php cross site scripting",
"Content": "CVE ID : CVE-2025-10028
Published : Sept. 6, 2025, 7:15 a.m. | 1 hour, 8 minutes ago
Description : A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This affects an unknown part of the file /inventory/main/vendors/datatables/unit_testing/templates/6776.php. Such manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit is publicly available and might be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10029 - itsourcecode POS Point of Sale System complex_header_2.php cross site scripting",
"Content": "CVE ID : CVE-2025-10029
Published : Sept. 6, 2025, 9:15 a.m. | 1 hour, 14 minutes ago
Description : A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/complex_header_2.php. Performing manipulation of the argument scripts results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10029 - itsourcecode POS Point of Sale System complex_header_2.php cross site scripting",
"Content": "CVE ID : CVE-2025-10029
Published : Sept. 6, 2025, 9:15 a.m. | 1 hour, 14 minutes ago
Description : A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/complex_header_2.php. Performing manipulation of the argument scripts results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10031 - Campcodes Grocery Sales and Inventory System ajax.php sql injection",
"Content": "CVE ID : CVE-2025-10031
Published : Sept. 6, 2025, 12:15 p.m. | 16 minutes ago
Description : A security vulnerability has been detected in Campcodes Grocery Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10031 - Campcodes Grocery Sales and Inventory System ajax.php sql injection",
"Content": "CVE ID : CVE-2025-10031
Published : Sept. 6, 2025, 12:15 p.m. | 16 minutes ago
Description : A security vulnerability has been detected in Campcodes Grocery Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10030 - Campcodes Grocery Sales and Inventory System ajax.php sql injection",
"Content": "CVE ID : CVE-2025-10030
Published : Sept. 6, 2025, 11:15 a.m. | 1 hour, 16 minutes ago
Description : A weakness has been identified in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_receiving. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10030 - Campcodes Grocery Sales and Inventory System ajax.php sql injection",
"Content": "CVE ID : CVE-2025-10030
Published : Sept. 6, 2025, 11:15 a.m. | 1 hour, 16 minutes ago
Description : A weakness has been identified in Campcodes Grocery Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_receiving. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10033 - itsourcecode Online Discussion Forum admin sql injection",
"Content": "CVE ID : CVE-2025-10033
Published : Sept. 6, 2025, 1:15 p.m. | 1 hour, 17 minutes ago
Description : A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10033 - itsourcecode Online Discussion Forum admin sql injection",
"Content": "CVE ID : CVE-2025-10033
Published : Sept. 6, 2025, 1:15 p.m. | 1 hour, 17 minutes ago
Description : A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10032 - Campcodes Grocery Sales and Inventory System index.php cross site scripting",
"Content": "CVE ID : CVE-2025-10032
Published : Sept. 6, 2025, 1:15 p.m. | 1 hour, 17 minutes ago
Description : A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /index.php. The manipulation of the argument page results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10032 - Campcodes Grocery Sales and Inventory System index.php cross site scripting",
"Content": "CVE ID : CVE-2025-10032
Published : Sept. 6, 2025, 1:15 p.m. | 1 hour, 17 minutes ago
Description : A vulnerability was detected in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /index.php. The manipulation of the argument page results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-31306 - AMD Graphics Driver Array Index Validation Vulnerability (Information Disclosure)",
"Content": "CVE ID : CVE-2023-31306
Published : Sept. 6, 2025, 4:26 p.m. | 8 minutes ago
Description : Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-31306 - AMD Graphics Driver Array Index Validation Vulnerability (Information Disclosure)",
"Content": "CVE ID : CVE-2023-31306
Published : Sept. 6, 2025, 4:26 p.m. | 8 minutes ago
Description : Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2021-46750 - Intel TEE Graphics Mailbox TMR Overlap Vulnerability",
"Content": "CVE ID : CVE-2021-46750
Published : Sept. 6, 2025, 4:15 p.m. | 20 minutes ago
Description : Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (Trusted Memory Region) that was previously allocated by the ASP bootloader leading to a potential loss of integrity.
Severity: 3.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2021-46750 - Intel TEE Graphics Mailbox TMR Overlap Vulnerability",
"Content": "CVE ID : CVE-2021-46750
Published : Sept. 6, 2025, 4:15 p.m. | 20 minutes ago
Description : Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (Trusted Memory Region) that was previously allocated by the ASP bootloader leading to a potential loss of integrity.
Severity: 3.0 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2021-26377 - Citrix XenServer Integer Overflow Denial of Service",
"Content": "CVE ID : CVE-2021-26377
Published : Sept. 6, 2025, 4:15 p.m. | 20 minutes ago
Description : Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2021-26377 - Citrix XenServer Integer Overflow Denial of Service",
"Content": "CVE ID : CVE-2021-26377
Published : Sept. 6, 2025, 4:15 p.m. | 20 minutes ago
Description : Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service.
Severity: 4.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2023-20516 - Fusion-io ASP Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2023-20516
Published : Sept. 6, 2025, 4:13 p.m. | 22 minutes ago
Description : Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2023-20516 - Fusion-io ASP Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2023-20516
Published : Sept. 6, 2025, 4:13 p.m. | 22 minutes ago
Description : Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity.
Severity: 3.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10034 - D-Link DIR-825 httpd ping6_response.cg get_ping6_app_stat buffer overflow",
"Content": "CVE ID : CVE-2025-10034
Published : Sept. 6, 2025, 3:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10034 - D-Link DIR-825 httpd ping6_response.cg get_ping6_app_stat buffer overflow",
"Content": "CVE ID : CVE-2025-10034
Published : Sept. 6, 2025, 3:15 p.m. | 1 hour, 20 minutes ago
Description : A vulnerability was found in D-Link DIR-825 1.08.01. This impacts the function get_ping6_app_stat of the file ping6_response.cg of the component httpd. Performing manipulation of the argument ping6_ipaddr results in buffer overflow. It is possible to initiate the attack remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
โค1
{
"Source": "CVE FEED",
"Title": "CVE-2024-36354 - Intel DIMM SMM Isolation Bypass Vulnerability",
"Content": "CVE ID : CVE-2024-36354
Published : Sept. 6, 2025, 6:15 p.m. | 21 minutes ago
Description : Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-36354 - Intel DIMM SMM Isolation Bypass Vulnerability",
"Content": "CVE ID : CVE-2024-36354
Published : Sept. 6, 2025, 6:15 p.m. | 21 minutes ago
Description : Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to bypass SMM isolation potentially resulting in arbitrary code execution at the SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-36352 - AMD Graphics Driver Pointer Validation Vulnerability",
"Content": "CVE ID : CVE-2024-36352
Published : Sept. 6, 2025, 6:15 p.m. | 21 minutes ago
Description : Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-36352 - AMD Graphics Driver Pointer Validation Vulnerability",
"Content": "CVE ID : CVE-2024-36352
Published : Sept. 6, 2025, 6:15 p.m. | 21 minutes ago
Description : Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service.
Severity: 8.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-21947 - Intel SMM Arbitrary Code Execution Vulnerability",
"Content": "CVE ID : CVE-2024-21947
Published : Sept. 6, 2025, 6:15 p.m. | 21 minutes ago
Description : Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-21947 - Intel SMM Arbitrary Code Execution Vulnerability",
"Content": "CVE ID : CVE-2024-21947
Published : Sept. 6, 2025, 6:15 p.m. | 21 minutes ago
Description : Improper input validation in the system management mode (SMM) could allow a privileged attacker to overwrite arbitrary memory potentially resulting in arbitrary code execution at the SMM level.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "06 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น