{
"Source": "CVE FEED",
"Title": "CVE-2025-58782 - Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory",
"Content": "CVE ID : CVE-2025-58782
Published : Sept. 8, 2025, 9:15 a.m. | 1 hour, 42 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons.
This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1.
Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data.
Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-58782 - Apache Jackrabbit Core, Apache Jackrabbit JCR Commons: JNDI injection risk with JndiRepositoryFactory",
"Content": "CVE ID : CVE-2025-58782
Published : Sept. 8, 2025, 9:15 a.m. | 1 hour, 42 minutes ago
Description : Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons.
This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1.
Deployments that accept JNDI URIs for JCR lookup from untrusted users allows them to inject malicious JNDI references, potentially leading to arbitrary code execution through deserialization of untrusted data.
Users are recommended to upgrade to version 2.22.2. JCR lookup through JNDI has been disabled by default in 2.22.2. Users of this feature need to enable it explicitly and are adviced to review their use of JNDI URI for JCR lookup.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-40641 - Stored Cross-Site Scripting (XSS) in the Multi-purpose Inventory Management System",
"Content": "CVE ID : CVE-2025-40641
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : Cross-site Scripting (XSS) vulnerability stored in Multi-Purpose Inventory Management System, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request using the product_name parameter in /Controller_Products/update. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-40641 - Stored Cross-Site Scripting (XSS) in the Multi-purpose Inventory Management System",
"Content": "CVE ID : CVE-2025-40641
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : Cross-site Scripting (XSS) vulnerability stored in Multi-Purpose Inventory Management System, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request using the product_name parameter in /Controller_Products/update. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their cookie session details.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-40642 - Reflected Cross-Site Scripting (XSS) in WebWork",
"Content": "CVE ID : CVE-2025-40642
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-40642 - Reflected Cross-Site Scripting (XSS) in WebWork",
"Content": "CVE ID : CVE-2025-40642
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10092 - Jinher OA XML Type xml external entity reference",
"Content": "CVE ID : CVE-2025-10092
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10092 - Jinher OA XML Type xml external entity reference",
"Content": "CVE ID : CVE-2025-10092
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : A vulnerability was found in Jinher OA up to 1.2. This impacts an unknown function of the file /c6/Jhsoft.Web.projectmanage/TaskManage/AddTask.aspx/?Type=add of the component XML Handler. The manipulation results in xml external entity reference. The attack can be executed remotely. The exploit has been made public and could be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10093 - D-Link DIR-852 Device Configuration getcfg.php phpcgi_main information disclosure",
"Content": "CVE ID : CVE-2025-10093
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10093 - D-Link DIR-852 Device Configuration getcfg.php phpcgi_main information disclosure",
"Content": "CVE ID : CVE-2025-10093
Published : Sept. 8, 2025, 12:15 p.m. | 42 minutes ago
Description : A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10091 - Jinher OA XML Type xml external entity reference",
"Content": "CVE ID : CVE-2025-10091
Published : Sept. 8, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10091 - Jinher OA XML Type xml external entity reference",
"Content": "CVE ID : CVE-2025-10091
Published : Sept. 8, 2025, 11:15 a.m. | 1 hour, 42 minutes ago
Description : A vulnerability has been found in Jinher OA up to 1.2. This affects an unknown function of the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add of the component XML Handler. The manipulation leads to xml external entity reference. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-7709 - Out Of Bounds write in FTS5 Extension in SQLite",
"Content": "CVE ID : CVE-2025-7709
Published : Sept. 8, 2025, 2:51 p.m. | 13 minutes ago
Description : An integer overflow exists in the FTS5 extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-7709 - Out Of Bounds write in FTS5 Extension in SQLite",
"Content": "CVE ID : CVE-2025-7709
Published : Sept. 8, 2025, 2:51 p.m. | 13 minutes ago
Description : An integer overflow exists in the FTS5 extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of bounds.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-36853 - EOL .NET 6.0 Runtime Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-36853
Published : Sept. 8, 2025, 2:15 p.m. | 49 minutes ago
Description : A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow.
Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().โ
Per CWE-190: Integer Overflow or Wraparound, is when a product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-36853 - EOL .NET 6.0 Runtime Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-36853
Published : Sept. 8, 2025, 2:15 p.m. | 49 minutes ago
Description : A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow.
Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().โ
Per CWE-190: Integer Overflow or Wraparound, is when a product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-36854 - EOL ASP.NET 6.0 Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-36854
Published : Sept. 8, 2025, 2:15 p.m. | 49 minutes ago
Description : A vulnerability ( CVE-2024-38229 ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Execution.
Per CWE-416: Use After Free , Use After Free is when a product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
This issue affects EOL ASP.NET 6.0.0 <=<=<=
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-36854 - EOL ASP.NET 6.0 Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-36854
Published : Sept. 8, 2025, 2:15 p.m. | 49 minutes ago
Description : A vulnerability ( CVE-2024-38229 ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Execution.
Per CWE-416: Use After Free , Use After Free is when a product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
This issue affects EOL ASP.NET 6.0.0 <=<=<=
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-36855 - EOL .NET 6.0 Runtime Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-36855
Published : Sept. 8, 2025, 2:15 p.m. | 49 minutes ago
Description : A vulnerability ( CVE-2025-21176 ) exists in DiaSymReader.dll due to buffer over-read.
Per CWE-126: Buffer Over-read , Buffer Over-read is when a product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
This issue affects EOL ASP.NET 6.0.0 <=<=<=
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-36855 - EOL .NET 6.0 Runtime Remote Code Execution Vulnerability",
"Content": "CVE ID : CVE-2025-36855
Published : Sept. 8, 2025, 2:15 p.m. | 49 minutes ago
Description : A vulnerability ( CVE-2025-21176 ) exists in DiaSymReader.dll due to buffer over-read.
Per CWE-126: Buffer Over-read , Buffer Over-read is when a product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.
This issue affects EOL ASP.NET 6.0.0 <=<=<=
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-22956 - OPSI Windomain Property Disclosure",
"Content": "CVE ID : CVE-2025-22956
Published : Sept. 8, 2025, 2:15 p.m. | 49 minutes ago
Description : OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account password for the windomain package.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-22956 - OPSI Windomain Property Disclosure",
"Content": "CVE ID : CVE-2025-22956
Published : Sept. 8, 2025, 2:15 p.m. | 49 minutes ago
Description : OPSI before 4.3 allows any client to retrieve any ProductPropertyState, including those of other clients. This can lead to privilege escalation if any ProductPropertyState contains a secret only intended to be accessible by a subset of clients. One example of this is a domain join account password for the windomain package.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-3212 - Mali GPU Kernel Driver allows access to already freed memory",
"Content": "CVE ID : CVE-2025-3212
Published : Sept. 8, 2025, 1:15 p.m. | 1 hour, 49 minutes ago
Description : Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p4, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-3212 - Mali GPU Kernel Driver allows access to already freed memory",
"Content": "CVE ID : CVE-2025-3212
Published : Sept. 8, 2025, 1:15 p.m. | 1 hour, 49 minutes ago
Description : Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user process to perform valid GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r41p0 through r49p4, from r50p0 through r51p0; Valhall GPU Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r49p4, from r50p0 through r54p0.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10097 - SimStudioAI sim route.ts code injection",
"Content": "CVE ID : CVE-2025-10097
Published : Sept. 8, 2025, 4:32 p.m. | 42 minutes ago
Description : A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10097 - SimStudioAI sim route.ts code injection",
"Content": "CVE ID : CVE-2025-10097
Published : Sept. 8, 2025, 4:32 p.m. | 42 minutes ago
Description : A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10096 - SimStudioAI sim route.ts server-side request forgery",
"Content": "CVE ID : CVE-2025-10096
Published : Sept. 8, 2025, 4:15 p.m. | 59 minutes ago
Description : A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10096 - SimStudioAI sim route.ts server-side request forgery",
"Content": "CVE ID : CVE-2025-10096
Published : Sept. 8, 2025, 4:15 p.m. | 59 minutes ago
Description : A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59033 - Microsoft Windows Defender Application Control HVCI Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-59033
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. On systems that do not have hypervisor-protected code integrity (HVCI) enabled, entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificateรขโฌโขs TBS hash along with a 'FileAttribRef' qualifier (such as file name or version) will not be blocked. This vulnerability affects any Windows system that does not have HVCI enabled or supported (HVCI is available in Windows 10, Windows 11, and Windows Server 2016 and later). NOTE: The vendor states that the driver blocklist is intended for use with HVCI, while systems without HVCI should use App Control, and any custom blocklist entries require a granular approach for proper enforcement.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59033 - Microsoft Windows Defender Application Control HVCI Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-59033
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : The Microsoft vulnerable driver block list is implemented as Windows Defender Application Control (WDAC) policy. On systems that do not have hypervisor-protected code integrity (HVCI) enabled, entries that specify only the to-be-signed (TBS) part of the code signer certificate are properly blocked, but entries that specify the signing certificateรขโฌโขs TBS hash along with a 'FileAttribRef' qualifier (such as file name or version) will not be blocked. This vulnerability affects any Windows system that does not have HVCI enabled or supported (HVCI is available in Windows 10, Windows 11, and Windows Server 2016 and later). NOTE: The vendor states that the driver blocklist is intended for use with HVCI, while systems without HVCI should use App Control, and any custom blocklist entries require a granular approach for proper enforcement.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-40930 - JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact",
"Content": "CVE ID : CVE-2025-40930
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-40930 - JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact",
"Content": "CVE ID : CVE-2025-40930
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-52161 - Scholl Communications AG Weblication CMS Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-52161
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting (XSS) vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-52161 - Scholl Communications AG Weblication CMS Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-52161
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : Scholl Communications AG Weblication CMS Core v019.004.000.000 was discovered to contain a cross-site scripting (XSS) vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-55998 - Shopify Smart Search & Filter XSS",
"Content": "CVE ID : CVE-2025-55998
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify App 1.0 allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the color filter parameter.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-55998 - Shopify Smart Search & Filter XSS",
"Content": "CVE ID : CVE-2025-55998
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : A cross-site scripting (XSS) vulnerability in Smart Search & Filter Shopify App 1.0 allows a remote attacker to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the color filter parameter.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-56630 - FoxCMS SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-56630
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Column.php file.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-56630 - FoxCMS SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-56630
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : FoxCMS v1.2.5 and before is vulnerable to SQL Injection via the column_model parameter in the app/admin/controller/Column.php file.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-57141 - RSBI-OS SQLite-JDBC RCE",
"Content": "CVE ID : CVE-2025-57141
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-57141 - RSBI-OS SQLite-JDBC RCE",
"Content": "CVE ID : CVE-2025-57141
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : rsbi-os 4.7 is vulnerable to Remote Code Execution (RCE) in sqlite-jdbc.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-40928 - JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact",
"Content": "CVE ID : CVE-2025-40928
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-40928 - JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact",
"Content": "CVE ID : CVE-2025-40928
Published : Sept. 8, 2025, 3:15 p.m. | 1 hour, 59 minutes ago
Description : JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "08 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น