{
"Source": "CVE FEED",
"Title": "CVE-2025-39734 - Revert "fs/ntfs3: Replace inode_trylock with inode_lock"",
"Content": "CVE ID : CVE-2025-39734
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
Revert "fs/ntfs3: Replace inode_trylock with inode_lock"
This reverts commit 69505fe98f198ee813898cbcaf6770949636430b.
Initially, conditional lock acquisition was removed to fix an xfstest bug
that was observed during internal testing. The deadlock reported by syzbot
is resolved by reintroducing conditional acquisition. The xfstest bug no
longer occurs on kernel version 6.16-rc1 during internal testing. I
assume that changes in other modules may have contributed to this.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-39734 - Revert "fs/ntfs3: Replace inode_trylock with inode_lock"",
"Content": "CVE ID : CVE-2025-39734
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
Revert "fs/ntfs3: Replace inode_trylock with inode_lock"
This reverts commit 69505fe98f198ee813898cbcaf6770949636430b.
Initially, conditional lock acquisition was removed to fix an xfstest bug
that was observed during internal testing. The deadlock reported by syzbot
is resolved by reintroducing conditional acquisition. The xfstest bug no
longer occurs on kernel version 6.16-rc1 during internal testing. I
assume that changes in other modules may have contributed to this.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-39733 - team: replace team lock with rtnl lock",
"Content": "CVE ID : CVE-2025-39733
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
team: replace team lock with rtnl lock
syszbot reports various ordering issues for lower instance locks and
team lock. Switch to using rtnl lock for protecting team device,
similar to bonding. Based on the patch by Tetsuo Handa.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-39733 - team: replace team lock with rtnl lock",
"Content": "CVE ID : CVE-2025-39733
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
team: replace team lock with rtnl lock
syszbot reports various ordering issues for lower instance locks and
team lock. Switch to using rtnl lock for protecting team device,
similar to bonding. Based on the patch by Tetsuo Handa.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-39729 - crypto: ccp - Fix dereferencing uninitialized error pointer",
"Content": "CVE ID : CVE-2025-39729
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix dereferencing uninitialized error pointer
Fix below smatch warnings:
drivers/crypto/ccp/sev-dev.c:1312 __sev_platform_init_locked()
error: we previously assumed 'error' could be null
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-39729 - crypto: ccp - Fix dereferencing uninitialized error pointer",
"Content": "CVE ID : CVE-2025-39729
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix dereferencing uninitialized error pointer
Fix below smatch warnings:
drivers/crypto/ccp/sev-dev.c:1312 __sev_platform_init_locked()
error: we previously assumed 'error' could be null
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-39730 - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()",
"Content": "CVE ID : CVE-2025-39730
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
The function needs to check the minimal filehandle length before it can
access the embedded filehandle.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-39730 - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()",
"Content": "CVE ID : CVE-2025-39730
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()
The function needs to check the minimal filehandle length before it can
access the embedded filehandle.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-39731 - f2fs: vm_unmap_ram() may be called from an invalid context",
"Content": "CVE ID : CVE-2025-39731
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
f2fs: vm_unmap_ram() may be called from an invalid context
When testing F2FS with xfstests using UFS backed virtual disks the
kernel complains sometimes that f2fs_release_decomp_mem() calls
vm_unmap_ram() from an invalid context. Example trace from
f2fs/007 test:
f2fs/007 5s ... [12:59:38][ 8.902525] run fstests f2fs/007
[ 11.468026] BUG: sleeping function called from invalid context at mm/vmalloc.c:2978
[ 11.471849] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 68, name: irq/22-ufshcd
[ 11.475357] preempt_count: 1, expected: 0
[ 11.476970] RCU nest depth: 0, expected: 0
[ 11.478531] CPU: 0 UID: 0 PID: 68 Comm: irq/22-ufshcd Tainted: G W 6.16.0-rc5-xfstests-ufs-g40f92e79b0aa #9 PREEMPT(none)
[ 11.478535] Tainted: [W]=WARN
[ 11.478536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 11.478537] Call Trace:
[ 11.478543]
[ 11.478545] dump_stack_lvl+0x4e/0x70
[ 11.478554] __might_resched.cold+0xaf/0xbe
[ 11.478557] vm_unmap_ram+0x21/0xb0
[ 11.478560] f2fs_release_decomp_mem+0x59/0x80
[ 11.478563] f2fs_free_dic+0x18/0x1a0
[ 11.478565] f2fs_finish_read_bio+0xd7/0x290
[ 11.478570] blk_update_request+0xec/0x3b0
[ 11.478574] ? sbitmap_queue_clear+0x3b/0x60
[ 11.478576] scsi_end_request+0x27/0x1a0
[ 11.478582] scsi_io_completion+0x40/0x300
[ 11.478583] ufshcd_mcq_poll_cqe_lock+0xa3/0xe0
[ 11.478588] ufshcd_sl_intr+0x194/0x1f0
[ 11.478592] ufshcd_threaded_intr+0x68/0xb0
[ 11.478594] ? __pfx_irq_thread_fn+0x10/0x10
[ 11.478599] irq_thread_fn+0x20/0x60
[ 11.478602] ? __pfx_irq_thread_fn+0x10/0x10
[ 11.478603] irq_thread+0xb9/0x180
[ 11.478605] ? __pfx_irq_thread_dtor+0x10/0x10
[ 11.478607] ? __pfx_irq_thread+0x10/0x10
[ 11.478609] kthread+0x10a/0x230
[ 11.478614] ? __pfx_kthread+0x10/0x10
[ 11.478615] ret_from_fork+0x7e/0xd0
[ 11.478619] ? __pfx_kthread+0x10/0x10
[ 11.478621] ret_from_fork_asm+0x1a/0x30
[ 11.478623]
This patch modifies in_task() check inside f2fs_read_end_io() to also
check if interrupts are disabled. This ensures that pages are unmapped
asynchronously in an interrupt handler.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-39731 - f2fs: vm_unmap_ram() may be called from an invalid context",
"Content": "CVE ID : CVE-2025-39731
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
f2fs: vm_unmap_ram() may be called from an invalid context
When testing F2FS with xfstests using UFS backed virtual disks the
kernel complains sometimes that f2fs_release_decomp_mem() calls
vm_unmap_ram() from an invalid context. Example trace from
f2fs/007 test:
f2fs/007 5s ... [12:59:38][ 8.902525] run fstests f2fs/007
[ 11.468026] BUG: sleeping function called from invalid context at mm/vmalloc.c:2978
[ 11.471849] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 68, name: irq/22-ufshcd
[ 11.475357] preempt_count: 1, expected: 0
[ 11.476970] RCU nest depth: 0, expected: 0
[ 11.478531] CPU: 0 UID: 0 PID: 68 Comm: irq/22-ufshcd Tainted: G W 6.16.0-rc5-xfstests-ufs-g40f92e79b0aa #9 PREEMPT(none)
[ 11.478535] Tainted: [W]=WARN
[ 11.478536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[ 11.478537] Call Trace:
[ 11.478543]
[ 11.478545] dump_stack_lvl+0x4e/0x70
[ 11.478554] __might_resched.cold+0xaf/0xbe
[ 11.478557] vm_unmap_ram+0x21/0xb0
[ 11.478560] f2fs_release_decomp_mem+0x59/0x80
[ 11.478563] f2fs_free_dic+0x18/0x1a0
[ 11.478565] f2fs_finish_read_bio+0xd7/0x290
[ 11.478570] blk_update_request+0xec/0x3b0
[ 11.478574] ? sbitmap_queue_clear+0x3b/0x60
[ 11.478576] scsi_end_request+0x27/0x1a0
[ 11.478582] scsi_io_completion+0x40/0x300
[ 11.478583] ufshcd_mcq_poll_cqe_lock+0xa3/0xe0
[ 11.478588] ufshcd_sl_intr+0x194/0x1f0
[ 11.478592] ufshcd_threaded_intr+0x68/0xb0
[ 11.478594] ? __pfx_irq_thread_fn+0x10/0x10
[ 11.478599] irq_thread_fn+0x20/0x60
[ 11.478602] ? __pfx_irq_thread_fn+0x10/0x10
[ 11.478603] irq_thread+0xb9/0x180
[ 11.478605] ? __pfx_irq_thread_dtor+0x10/0x10
[ 11.478607] ? __pfx_irq_thread+0x10/0x10
[ 11.478609] kthread+0x10a/0x230
[ 11.478614] ? __pfx_kthread+0x10/0x10
[ 11.478615] ret_from_fork+0x7e/0xd0
[ 11.478619] ? __pfx_kthread+0x10/0x10
[ 11.478621] ret_from_fork_asm+0x1a/0x30
[ 11.478623]
This patch modifies in_task() check inside f2fs_read_end_io() to also
check if interrupts are disabled. This ensures that pages are unmapped
asynchronously in an interrupt handler.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-39732 - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()",
"Content": "CVE ID : CVE-2025-39732
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()
ath11k_mac_disable_peer_fixed_rate() is passed as the iterator to
ieee80211_iterate_stations_atomic(). Note in this case the iterator is
required to be atomic, however ath11k_mac_disable_peer_fixed_rate() does
not follow it as it might sleep. Consequently below warning is seen:
BUG: sleeping function called from invalid context at wmi.c:304
Call Trace:
dump_stack_lvl
__might_resched.cold
ath11k_wmi_cmd_send
ath11k_wmi_set_peer_param
ath11k_mac_disable_peer_fixed_rate
ieee80211_iterate_stations_atomic
ath11k_mac_op_set_bitrate_mask.cold
Change to ieee80211_iterate_stations_mtx() to fix this issue.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-39732 - wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()",
"Content": "CVE ID : CVE-2025-39732
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()
ath11k_mac_disable_peer_fixed_rate() is passed as the iterator to
ieee80211_iterate_stations_atomic(). Note in this case the iterator is
required to be atomic, however ath11k_mac_disable_peer_fixed_rate() does
not follow it as it might sleep. Consequently below warning is seen:
BUG: sleeping function called from invalid context at wmi.c:304
Call Trace:
dump_stack_lvl
__might_resched.cold
ath11k_wmi_cmd_send
ath11k_wmi_set_peer_param
ath11k_mac_disable_peer_fixed_rate
ieee80211_iterate_stations_atomic
ath11k_mac_op_set_bitrate_mask.cold
Change to ieee80211_iterate_stations_mtx() to fix this issue.
Tested-on: WCN6855 hw2.0 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.30
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-39727 - mm: swap: fix potential buffer overflow in setup_clusters()",
"Content": "CVE ID : CVE-2025-39727
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
mm: swap: fix potential buffer overflow in setup_clusters()
In setup_swap_map(), we only ensure badpages are in range (0, last_page].
As maxpages might be < last_page, setup_clusters() will encounter a buffer
overflow when a badpage is >= maxpages.
Only call inc_cluster_info_page() for badpage which is < maxpages to fix
the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-39727 - mm: swap: fix potential buffer overflow in setup_clusters()",
"Content": "CVE ID : CVE-2025-39727
Published : Sept. 7, 2025, 4:15 p.m. | 1 hour, 5 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
mm: swap: fix potential buffer overflow in setup_clusters()
In setup_swap_map(), we only ensure badpages are in range (0, last_page].
As maxpages might be < last_page, setup_clusters() will encounter a buffer
overflow when a badpage is >= maxpages.
Only call inc_cluster_info_page() for badpage which is < maxpages to fix
the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "07 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10072 - Portabilis i-Educar enturmar access control",
"Content": "CVE ID : CVE-2025-10072
Published : Sept. 7, 2025, 11:02 p.m. | 27 minutes ago
Description : A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10072 - Portabilis i-Educar enturmar access control",
"Content": "CVE ID : CVE-2025-10072
Published : Sept. 7, 2025, 11:02 p.m. | 27 minutes ago
Description : A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/[ID_STUDENT]/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10071 - Portabilis i-Educar cancelar-enturmacao-em-lote access control",
"Content": "CVE ID : CVE-2025-10071
Published : Sept. 7, 2025, 10:32 p.m. | 57 minutes ago
Description : A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10071 - Portabilis i-Educar cancelar-enturmacao-em-lote access control",
"Content": "CVE ID : CVE-2025-10071
Published : Sept. 7, 2025, 10:32 p.m. | 57 minutes ago
Description : A vulnerability has been found in Portabilis i-Educar up to 2.10. This vulnerability affects unknown code of the file /cancelar-enturmacao-em-lote/. Such manipulation leads to improper access controls. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
โค1
{
"Source": "CVE FEED",
"Title": "CVE-2025-10070 - Portabilis i-Educar enturmacao-em-lote access control",
"Content": "CVE ID : CVE-2025-10070
Published : Sept. 7, 2025, 10:15 p.m. | 1 hour, 14 minutes ago
Description : A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10070 - Portabilis i-Educar enturmacao-em-lote access control",
"Content": "CVE ID : CVE-2025-10070
Published : Sept. 7, 2025, 10:15 p.m. | 1 hour, 14 minutes ago
Description : A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
โค1
{
"Source": "CVE FEED",
"Title": "CVE-2025-10076 - SourceCodester Online Polling System manage-profile.php sql injection",
"Content": "CVE ID : CVE-2025-10076
Published : Sept. 8, 2025, 1:15 a.m. | 15 minutes ago
Description : A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10076 - SourceCodester Online Polling System manage-profile.php sql injection",
"Content": "CVE ID : CVE-2025-10076
Published : Sept. 8, 2025, 1:15 a.m. | 15 minutes ago
Description : A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10075 - SourceCodester Online Polling System manage-profile.php cross site scripting",
"Content": "CVE ID : CVE-2025-10075
Published : Sept. 8, 2025, 1:15 a.m. | 15 minutes ago
Description : A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10075 - SourceCodester Online Polling System manage-profile.php cross site scripting",
"Content": "CVE ID : CVE-2025-10075
Published : Sept. 8, 2025, 1:15 a.m. | 15 minutes ago
Description : A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10074 - Portabilis i-Educar tipos cross site scripting",
"Content": "CVE ID : CVE-2025-10074
Published : Sept. 8, 2025, 1:15 a.m. | 15 minutes ago
Description : A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuรกrio/Descriรงรฃo leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10074 - Portabilis i-Educar tipos cross site scripting",
"Content": "CVE ID : CVE-2025-10074
Published : Sept. 8, 2025, 1:15 a.m. | 15 minutes ago
Description : A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuรกrio/Descriรงรฃo leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10073 - Portabilis i-Educar turma improper authorization",
"Content": "CVE ID : CVE-2025-10073
Published : Sept. 8, 2025, 12:15 a.m. | 1 hour, 15 minutes ago
Description : A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10073 - Portabilis i-Educar turma improper authorization",
"Content": "CVE ID : CVE-2025-10073
Published : Sept. 8, 2025, 12:15 a.m. | 1 hour, 15 minutes ago
Description : A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10079 - PHPGurukul Small CRM get-quote.php sql injection",
"Content": "CVE ID : CVE-2025-10079
Published : Sept. 8, 2025, 3:15 a.m. | 17 minutes ago
Description : A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10079 - PHPGurukul Small CRM get-quote.php sql injection",
"Content": "CVE ID : CVE-2025-10079
Published : Sept. 8, 2025, 3:15 a.m. | 17 minutes ago
Description : A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10078 - SourceCodester Online Polling System candidates.php sql injection",
"Content": "CVE ID : CVE-2025-10078
Published : Sept. 8, 2025, 3:15 a.m. | 17 minutes ago
Description : A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10078 - SourceCodester Online Polling System candidates.php sql injection",
"Content": "CVE ID : CVE-2025-10078
Published : Sept. 8, 2025, 3:15 a.m. | 17 minutes ago
Description : A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10080 - running-elephant Datart API AESUtil.java getTokensecret hard-coded key",
"Content": "CVE ID : CVE-2025-10080
Published : Sept. 8, 2025, 3:02 a.m. | 31 minutes ago
Description : A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key
. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10080 - running-elephant Datart API AESUtil.java getTokensecret hard-coded key",
"Content": "CVE ID : CVE-2025-10080
Published : Sept. 8, 2025, 3:02 a.m. | 31 minutes ago
Description : A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key
. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10077 - SourceCodester Online Polling System registeracc.php sql injection",
"Content": "CVE ID : CVE-2025-10077
Published : Sept. 8, 2025, 2:15 a.m. | 1 hour, 17 minutes ago
Description : A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10077 - SourceCodester Online Polling System registeracc.php sql injection",
"Content": "CVE ID : CVE-2025-10077
Published : Sept. 8, 2025, 2:15 a.m. | 1 hour, 17 minutes ago
Description : A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10084 - elunez eladmin SysLogController 1 queryErrorLogDetail improper authorization",
"Content": "CVE ID : CVE-2025-10084
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10084 - elunez eladmin SysLogController 1 queryErrorLogDetail improper authorization",
"Content": "CVE ID : CVE-2025-10084
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-58422 - RICOH Streamline NX HTTP Request Tampering Vulnerability",
"Content": "CVE ID : CVE-2025-58422
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of the productโs management tool.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-58422 - RICOH Streamline NX HTTP Request Tampering Vulnerability",
"Content": "CVE ID : CVE-2025-58422
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of the productโs management tool.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10083 - SourceCodester Pet Grooming Management Software profile.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10083
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10083 - SourceCodester Pet Grooming Management Software profile.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10083
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น