{
"Source": "CVE FEED",
"Title": "CVE-2025-10074 - Portabilis i-Educar tipos cross site scripting",
"Content": "CVE ID : CVE-2025-10074
Published : Sept. 8, 2025, 1:15 a.m. | 15 minutes ago
Description : A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuรกrio/Descriรงรฃo leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10074 - Portabilis i-Educar tipos cross site scripting",
"Content": "CVE ID : CVE-2025-10074
Published : Sept. 8, 2025, 1:15 a.m. | 15 minutes ago
Description : A vulnerability was identified in Portabilis i-Educar up to 2.10. The affected element is an unknown function of the file /usuarios/tipos/. The manipulation of the argument Tipos de Usuรกrio/Descriรงรฃo leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10073 - Portabilis i-Educar turma improper authorization",
"Content": "CVE ID : CVE-2025-10073
Published : Sept. 8, 2025, 12:15 a.m. | 1 hour, 15 minutes ago
Description : A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10073 - Portabilis i-Educar turma improper authorization",
"Content": "CVE ID : CVE-2025-10073
Published : Sept. 8, 2025, 12:15 a.m. | 1 hour, 15 minutes ago
Description : A vulnerability was determined in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /module/Api/turma. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10079 - PHPGurukul Small CRM get-quote.php sql injection",
"Content": "CVE ID : CVE-2025-10079
Published : Sept. 8, 2025, 3:15 a.m. | 17 minutes ago
Description : A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10079 - PHPGurukul Small CRM get-quote.php sql injection",
"Content": "CVE ID : CVE-2025-10079
Published : Sept. 8, 2025, 3:15 a.m. | 17 minutes ago
Description : A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10078 - SourceCodester Online Polling System candidates.php sql injection",
"Content": "CVE ID : CVE-2025-10078
Published : Sept. 8, 2025, 3:15 a.m. | 17 minutes ago
Description : A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10078 - SourceCodester Online Polling System candidates.php sql injection",
"Content": "CVE ID : CVE-2025-10078
Published : Sept. 8, 2025, 3:15 a.m. | 17 minutes ago
Description : A vulnerability was detected in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/candidates.php. Performing manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10080 - running-elephant Datart API AESUtil.java getTokensecret hard-coded key",
"Content": "CVE ID : CVE-2025-10080
Published : Sept. 8, 2025, 3:02 a.m. | 31 minutes ago
Description : A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key
. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10080 - running-elephant Datart API AESUtil.java getTokensecret hard-coded key",
"Content": "CVE ID : CVE-2025-10080
Published : Sept. 8, 2025, 3:02 a.m. | 31 minutes ago
Description : A vulnerability has been found in running-elephant Datart up to 1.0.0-rc3. Affected by this issue is the function getTokensecret of the file datart/security/src/main/java/datart/security/util/AESUtil.java of the component API. The manipulation leads to use of hard-coded cryptographic key
. The attack is possible to be carried out remotely. The attack is considered to have high complexity. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10077 - SourceCodester Online Polling System registeracc.php sql injection",
"Content": "CVE ID : CVE-2025-10077
Published : Sept. 8, 2025, 2:15 a.m. | 1 hour, 17 minutes ago
Description : A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10077 - SourceCodester Online Polling System registeracc.php sql injection",
"Content": "CVE ID : CVE-2025-10077
Published : Sept. 8, 2025, 2:15 a.m. | 1 hour, 17 minutes ago
Description : A security vulnerability has been detected in SourceCodester Online Polling System 1.0. This impacts an unknown function of the file /registeracc.php. Such manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10084 - elunez eladmin SysLogController 1 queryErrorLogDetail improper authorization",
"Content": "CVE ID : CVE-2025-10084
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10084 - elunez eladmin SysLogController 1 queryErrorLogDetail improper authorization",
"Content": "CVE ID : CVE-2025-10084
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-58422 - RICOH Streamline NX HTTP Request Tampering Vulnerability",
"Content": "CVE ID : CVE-2025-58422
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of the productโs management tool.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-58422 - RICOH Streamline NX HTTP Request Tampering Vulnerability",
"Content": "CVE ID : CVE-2025-58422
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of the productโs management tool.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10083 - SourceCodester Pet Grooming Management Software profile.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10083
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10083 - SourceCodester Pet Grooming Management Software profile.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10083
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10082 - SourceCodester Online Polling System manage-admins.php sql injection",
"Content": "CVE ID : CVE-2025-10082
Published : Sept. 8, 2025, 4:16 a.m. | 1 hour, 20 minutes ago
Description : A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10082 - SourceCodester Online Polling System manage-admins.php sql injection",
"Content": "CVE ID : CVE-2025-10082
Published : Sept. 8, 2025, 4:16 a.m. | 1 hour, 20 minutes ago
Description : A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10081 - SourceCodester Pet Management System profile.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10081
Published : Sept. 8, 2025, 4:16 a.m. | 1 hour, 20 minutes ago
Description : A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10081 - SourceCodester Pet Management System profile.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10081
Published : Sept. 8, 2025, 4:16 a.m. | 1 hour, 20 minutes ago
Description : A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-41664 - Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates",
"Content": "CVE ID : CVE-2025-41664
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-41664 - Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates",
"Content": "CVE ID : CVE-2025-41664
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-41682 - Credential Disclosure via Insecure Storage on Charge Controller",
"Content": "CVE ID : CVE-2025-41682
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-41682 - Credential Disclosure via Insecure Storage on Charge Controller",
"Content": "CVE ID : CVE-2025-41682
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-41708 - Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface",
"Content": "CVE ID : CVE-2025-41708
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-41708 - Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface",
"Content": "CVE ID : CVE-2025-41708
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10088 - SourceCodester Time Tracker index.html cross site scripting",
"Content": "CVE ID : CVE-2025-10088
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10088 - SourceCodester Time Tracker index.html cross site scripting",
"Content": "CVE ID : CVE-2025-10088
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10087 - SourceCodester Pet Grooming Management Software profit_report.php sql injection",
"Content": "CVE ID : CVE-2025-10087
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10087 - SourceCodester Pet Grooming Management Software profit_report.php sql injection",
"Content": "CVE ID : CVE-2025-10087
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-8085 - Ditty < 3.1.58 - Unauthenticated SSRF",
"Content": "CVE ID : CVE-2025-8085
Published : Sept. 8, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-8085 - Ditty < 3.1.58 - Unauthenticated SSRF",
"Content": "CVE ID : CVE-2025-8085
Published : Sept. 8, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10086 - fuyang_lipengjun platform AdPositionController queryAll improper authorization",
"Content": "CVE ID : CVE-2025-10086
Published : Sept. 8, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : A weakness has been identified in fuyang_lipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. Affects another part than CVE-2025-9936.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10086 - fuyang_lipengjun platform AdPositionController queryAll improper authorization",
"Content": "CVE ID : CVE-2025-10086
Published : Sept. 8, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : A weakness has been identified in fuyang_lipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. Affects another part than CVE-2025-9936.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10085 - SourceCodester Pet Grooming Management Software manage_website.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10085
Published : Sept. 8, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10085 - SourceCodester Pet Grooming Management Software manage_website.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10085
Published : Sept. 8, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-5993 - Path Traversal in ITCube CRM",
"Content": "CVE ID : CVE-2025-5993
Published : Sept. 8, 2025, 10:18 a.m. | 39 minutes ago
Description : ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-5993 - Path Traversal in ITCube CRM",
"Content": "CVE ID : CVE-2025-5993
Published : Sept. 8, 2025, 10:18 a.m. | 39 minutes ago
Description : ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10090 - Jinher OA GetTreeDate.aspx sql injection",
"Content": "CVE ID : CVE-2025-10090
Published : Sept. 8, 2025, 10:15 a.m. | 42 minutes ago
Description : A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10090 - Jinher OA GetTreeDate.aspx sql injection",
"Content": "CVE ID : CVE-2025-10090
Published : Sept. 8, 2025, 10:15 a.m. | 42 minutes ago
Description : A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น