{
"Source": "CVE FEED",
"Title": "CVE-2025-58422 - RICOH Streamline NX HTTP Request Tampering Vulnerability",
"Content": "CVE ID : CVE-2025-58422
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of the product’s management tool.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-58422 - RICOH Streamline NX HTTP Request Tampering Vulnerability",
"Content": "CVE ID : CVE-2025-58422
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of the product’s management tool.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10083 - SourceCodester Pet Grooming Management Software profile.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10083
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10083 - SourceCodester Pet Grooming Management Software profile.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10083
Published : Sept. 8, 2025, 5:15 a.m. | 21 minutes ago
Description : A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10082 - SourceCodester Online Polling System manage-admins.php sql injection",
"Content": "CVE ID : CVE-2025-10082
Published : Sept. 8, 2025, 4:16 a.m. | 1 hour, 20 minutes ago
Description : A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10082 - SourceCodester Online Polling System manage-admins.php sql injection",
"Content": "CVE ID : CVE-2025-10082
Published : Sept. 8, 2025, 4:16 a.m. | 1 hour, 20 minutes ago
Description : A vulnerability has been found in SourceCodester Online Polling System 1.0. Affected is an unknown function of the file /admin/manage-admins.php. Such manipulation of the argument email leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10081 - SourceCodester Pet Management System profile.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10081
Published : Sept. 8, 2025, 4:16 a.m. | 1 hour, 20 minutes ago
Description : A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10081 - SourceCodester Pet Management System profile.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10081
Published : Sept. 8, 2025, 4:16 a.m. | 1 hour, 20 minutes ago
Description : A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-41664 - Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates",
"Content": "CVE ID : CVE-2025-41664
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-41664 - Improper Permission Handling Enables Unauthorized Access to Firmware and Certificates",
"Content": "CVE ID : CVE-2025-41664
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : A low-privileged remote attacker could gain unauthorized access to critical resources, such as firmware and certificates, due to improper permission handling during the runtime of services (e.g., FTP/SFTP). This access could allow the attacker to escalate privileges and modify firmware.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-41682 - Credential Disclosure via Insecure Storage on Charge Controller",
"Content": "CVE ID : CVE-2025-41682
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-41682 - Credential Disclosure via Insecure Storage on Charge Controller",
"Content": "CVE ID : CVE-2025-41682
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-41708 - Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface",
"Content": "CVE ID : CVE-2025-41708
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-41708 - Cleartext Transmission of Sensitive Data via Insecure HTTP Web Interface",
"Content": "CVE ID : CVE-2025-41708
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.
Severity: 7.4 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10088 - SourceCodester Time Tracker index.html cross site scripting",
"Content": "CVE ID : CVE-2025-10088
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10088 - SourceCodester Time Tracker index.html cross site scripting",
"Content": "CVE ID : CVE-2025-10088
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10087 - SourceCodester Pet Grooming Management Software profit_report.php sql injection",
"Content": "CVE ID : CVE-2025-10087
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10087 - SourceCodester Pet Grooming Management Software profit_report.php sql injection",
"Content": "CVE ID : CVE-2025-10087
Published : Sept. 8, 2025, 7:15 a.m. | 32 minutes ago
Description : A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-8085 - Ditty < 3.1.58 - Unauthenticated SSRF",
"Content": "CVE ID : CVE-2025-8085
Published : Sept. 8, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-8085 - Ditty < 3.1.58 - Unauthenticated SSRF",
"Content": "CVE ID : CVE-2025-8085
Published : Sept. 8, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : The Ditty WordPress plugin before 3.1.58 lacks authorization and authentication for requests to its displayItems endpoint, allowing unauthenticated visitors to make requests to arbitrary URLs.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10086 - fuyang_lipengjun platform AdPositionController queryAll improper authorization",
"Content": "CVE ID : CVE-2025-10086
Published : Sept. 8, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : A weakness has been identified in fuyang_lipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. Affects another part than CVE-2025-9936.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10086 - fuyang_lipengjun platform AdPositionController queryAll improper authorization",
"Content": "CVE ID : CVE-2025-10086
Published : Sept. 8, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : A weakness has been identified in fuyang_lipengjun platform 1.0.0. This issue affects the function queryAll of the file /adposition/queryAll of the component AdPositionController. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. Affects another part than CVE-2025-9936.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10085 - SourceCodester Pet Grooming Management Software manage_website.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10085
Published : Sept. 8, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10085 - SourceCodester Pet Grooming Management Software manage_website.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10085
Published : Sept. 8, 2025, 6:15 a.m. | 1 hour, 32 minutes ago
Description : A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5993 - Path Traversal in ITCube CRM",
"Content": "CVE ID : CVE-2025-5993
Published : Sept. 8, 2025, 10:18 a.m. | 39 minutes ago
Description : ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5993 - Path Traversal in ITCube CRM",
"Content": "CVE ID : CVE-2025-5993
Published : Sept. 8, 2025, 10:18 a.m. | 39 minutes ago
Description : ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server process.
Severity: 9.2 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10090 - Jinher OA GetTreeDate.aspx sql injection",
"Content": "CVE ID : CVE-2025-10090
Published : Sept. 8, 2025, 10:15 a.m. | 42 minutes ago
Description : A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10090 - Jinher OA GetTreeDate.aspx sql injection",
"Content": "CVE ID : CVE-2025-10090
Published : Sept. 8, 2025, 10:15 a.m. | 42 minutes ago
Description : A flaw has been found in Jinher OA up to 1.2. The impacted element is an unknown function of the file /C6/Jhsoft.Web.departments/GetTreeDate.aspx. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2019-25225 - Sanitize-html Cross-site Scripting (XSS)",
"Content": "CVE ID : CVE-2019-25225
Published : Sept. 8, 2025, 10:15 a.m. | 42 minutes ago
Description : `sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2019-25225 - Sanitize-html Cross-site Scripting (XSS)",
"Content": "CVE ID : CVE-2019-25225
Published : Sept. 8, 2025, 10:15 a.m. | 42 minutes ago
Description : `sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2014-125128 - Sanitize-HTML XSS Vulnerability",
"Content": "CVE ID : CVE-2014-125128
Published : Sept. 8, 2025, 10:09 a.m. | 49 minutes ago
Description : 'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate the hyperreference (`href`) attribute in anchor tags (``), allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2014-125128 - Sanitize-HTML XSS Vulnerability",
"Content": "CVE ID : CVE-2014-125128
Published : Sept. 8, 2025, 10:09 a.m. | 49 minutes ago
Description : 'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate the hyperreference (`href`) attribute in anchor tags (``), allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-58782 - Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory",
"Content": "CVE ID : CVE-2025-58782
Published : Sept. 8, 2025, 9:15 a.m. | 1 hour, 42 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons.
This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1.
Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data.
Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-58782 - Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory",
"Content": "CVE ID : CVE-2025-58782
Published : Sept. 8, 2025, 9:15 a.m. | 1 hour, 42 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons.
This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1.
Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data.
Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-40641 - Stored Cross-Site Scripting (XSS) in the Multi-purpose Inventory Management System",
"Content": "CVE ID : CVE-2025-40641
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : Cross-site Scripting (XSS) vulnerability stored in Multi-Purpose Inventory Management System, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request using the product_name parameter in /Controller_Products/update. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-40641 - Stored Cross-Site Scripting (XSS) in the Multi-purpose Inventory Management System",
"Content": "CVE ID : CVE-2025-40641
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : Cross-site Scripting (XSS) vulnerability stored in Multi-Purpose Inventory Management System, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request using the product_name parameter in /Controller_Products/update. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-40642 - Reflected Cross-Site Scripting (XSS) in WebWork",
"Content": "CVE ID : CVE-2025-40642
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-40642 - Reflected Cross-Site Scripting (XSS) in WebWork",
"Content": "CVE ID : CVE-2025-40642
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10092 - Jinher OA XML Type xml external entity reference",
"Content": "CVE ID : CVE-2025-10092
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10092 - Jinher OA XML Type xml external entity reference",
"Content": "CVE ID : CVE-2025-10092
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10093 - D-Link DIR-852 Device Configuration getcfg.php phpcgi_main information disclosure",
"Content": "CVE ID : CVE-2025-10093
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10093 - D-Link DIR-852 Device Configuration getcfg.php phpcgi_main information disclosure",
"Content": "CVE ID : CVE-2025-10093
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹