{
"Source": "CVE FEED",
"Title": "CVE-2025-48934 - Deno Deny Env Variable Information Disclosure",
"Content": "CVE ID : CVE-2025-48934
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the `Deno.env.toObject` method ignores any variables listed in the `--deny-env` option of the `deno run` command. When looking at the documentation of the `--deny-env` option this might lead to a false impression that variables listed in the option are impossible to read. Software relying on the combination of both flags to allow access to most environment variables except a few sensitive ones will be vulnerable to malicious code trying to steal secrets using the `Deno.env.toObject()` method. Versions 2.1.13 and 2.2.13 contains a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48934 - Deno Deny Env Variable Information Disclosure",
"Content": "CVE ID : CVE-2025-48934
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to versions 2.1.13 and 2.2.13, the `Deno.env.toObject` method ignores any variables listed in the `--deny-env` option of the `deno run` command. When looking at the documentation of the `--deny-env` option this might lead to a false impression that variables listed in the option are impossible to read. Software relying on the combination of both flags to allow access to most environment variables except a few sensitive ones will be vulnerable to malicious code trying to steal secrets using the `Deno.env.toObject()` method. Versions 2.1.13 and 2.2.13 contains a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48935 - Deno SQLite Database Permission Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-48935
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48935 - Deno SQLite Database Permission Bypass Vulnerability",
"Content": "CVE ID : CVE-2025-48935
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using `ATTACH DATABASE` statement. Version 2.2.5 contains a patch for the issue.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5607 - "Tenda AC18 PPTP User List Buffer Overflow Vulnerability"",
"Content": "CVE ID : CVE-2025-5607
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5607 - "Tenda AC18 PPTP User List Buffer Overflow Vulnerability"",
"Content": "CVE ID : CVE-2025-5607
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the argument list leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5608 - Tenda AC18 Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-5608
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5608 - Tenda AC18 Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-5608
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formsetreboottimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-32015 - FreshRSS Cross-Site Scripting (XSS) Vulnerability",
"Content": "CVE ID : CVE-2025-32015
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `` attribute, which leads to cross-site scripting (XSS) by loading an attacker's UserJS inside `",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-32015 - FreshRSS Cross-Site Scripting (XSS) Vulnerability",
"Content": "CVE ID : CVE-2025-32015
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the `` attribute, which leads to cross-site scripting (XSS) by loading an attacker's UserJS inside `",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-46011 - Listmonk SQL Injection Privilege Escalation",
"Content": "CVE ID : CVE-2025-46011
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-46011 - Listmonk SQL Injection Privilege Escalation",
"Content": "CVE ID : CVE-2025-46011
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : Listmonk v2.4.0 through v4.1.0 is vulnerable to SQL Injection in the QuerySubscribers function which allows attackers to escalate privileges.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-46203 - Apache Unifiedtransform Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-46203
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-46203 - Apache Unifiedtransform Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-46203
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /students/edit/{id} endpoint.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-46339 - FreshRSS Favicon Poisoning Vulnerability",
"Content": "CVE ID : CVE-2025-46339
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not including the following variables: proxy address, proxy protocol, and whether SSL should be verified. Therefore it's possible to poison a favicon of a given feed by simply intercepting the response of the feed, and changing the website URL to one where a threat actor controls the feed favicon. Feed favicons can be replaced for all users by anyone. Version 1.26.2 fixes the issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-46339 - FreshRSS Favicon Poisoning Vulnerability",
"Content": "CVE ID : CVE-2025-46339
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, it's possible to poison feed favicons by adding a given URL as a feed with the proxy set to an attacker-controlled one and disabled SSL verifying. The favicon hash is computed by hashing the feed URL and the salt, whilst not including the following variables: proxy address, proxy protocol, and whether SSL should be verified. Therefore it's possible to poison a favicon of a given feed by simply intercepting the response of the feed, and changing the website URL to one where a threat actor controls the feed favicon. Feed favicons can be replaced for all users by anyone. Version 1.26.2 fixes the issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-48888 - Deno Deny-Read Allow-Read Permission Confusion",
"Content": "CVE ID : CVE-2025-48888
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, `deno run --allow-read --deny-read main.ts` results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions given as `--allow-* --deny-*`. This only affects a nonsensical combination of flags, so there shouldn't be a real impact on the userbase. Users may upgrade to version 2.1.13, 2.2.13, or 2.3.2 to receive a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-48888 - Deno Deny-Read Allow-Read Permission Confusion",
"Content": "CVE ID : CVE-2025-48888
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.41.3 and prior to versions 2.1.13, 2.2.13, and 2.3.2, `deno run --allow-read --deny-read main.ts` results in allowed, even though 'deny' should be stronger. The result is the same with all global unary permissions given as `--allow-* --deny-*`. This only affects a nonsensical combination of flags, so there shouldn't be a real impact on the userbase. Users may upgrade to version 2.1.13, 2.2.13, or 2.3.2 to receive a patch.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-31482 - FreshRSS Denial of Service (DoS) Vulnerability",
"Content": "CVE ID : CVE-2025-31482
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-31482 - FreshRSS Denial of Service (DoS) Vulnerability",
"Content": "CVE ID : CVE-2025-31482
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : FreshRSS is a self-hosted RSS feed aggregator. A vulnerability in versions prior to 1.26.2 causes a user to be repeatedly logged out after fetching a malicious feed entry, effectively causing that user to suffer denial of service. Version 1.26.2 contains a patch for the issue.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-46204 - Apache Unifiedtransform Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-46204
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-46204 - Apache Unifiedtransform Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-46204
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : An issue in Unifiedtransform v2.0 allows a remote attacker to escalate privileges via the /course/edit/{id} endpoint.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22243 - VMware NSX Manager UI Stored XSS Vulnerability",
"Content": "CVE ID : CVE-2025-22243
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22243 - VMware NSX Manager UI Stored XSS Vulnerability",
"Content": "CVE ID : CVE-2025-22243
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22244 - VMware NSX Stored XSS Vulnerability",
"Content": "CVE ID : CVE-2025-22244
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22244 - VMware NSX Stored XSS Vulnerability",
"Content": "CVE ID : CVE-2025-22244
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input validation.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-22245 - VMware NSX Stored XSS Vulnerability",
"Content": "CVE ID : CVE-2025-22245
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-22245 - VMware NSX Stored XSS Vulnerability",
"Content": "CVE ID : CVE-2025-22245
Published : June 4, 2025, 8:15 p.m. | 1 hour, 25 minutes ago
Description : VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validation.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "04 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5618 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5618
Published : June 4, 2025, 11:15 p.m. | 35 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5618 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5618
Published : June 4, 2025, 11:15 p.m. | 35 minutes ago
Description : A vulnerability classified as critical was found in PHPGurukul Online Fire Reporting System 1.2. This vulnerability affects unknown code of the file /admin/edit-team.php. The manipulation of the argument teamid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5619 - Tenda CH22 Stack-Based Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-5619
Published : June 4, 2025, 11:15 p.m. | 35 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5619 - Tenda CH22 Stack-Based Buffer Overflow Vulnerability",
"Content": "CVE ID : CVE-2025-5619
Published : June 4, 2025, 11:15 p.m. | 35 minutes ago
Description : A vulnerability, which was classified as critical, has been found in Tenda CH22 1.0.0.1. This issue affects the function formaddUserName of the file /goform/addUserName. The manipulation of the argument Password leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-49007 - Apache Rack Denial of Service Vulnerability",
"Content": "CVE ID : CVE-2025-49007
Published : June 4, 2025, 11:15 p.m. | 35 minutes ago
Description : Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-49007 - Apache Rack Denial of Service Vulnerability",
"Content": "CVE ID : CVE-2025-49007
Published : June 4, 2025, 11:15 p.m. | 35 minutes ago
Description : Rack is a modular Ruby web server interface. Starting in version 3.1.0 and prior to version 3.1.16, there is a denial of service vulnerability in the Content-Disposition parsing component of Rack. This is very similar to the previous security issue CVE-2022-44571. Carefully crafted input can cause Content-Disposition header parsing in Rack to take an unexpected amount of time, possibly resulting in a denial of service attack vector. This header is used typically used in multipart parsing. Any applications that parse multipart posts using Rack (virtually all Rails applications) are impacted. Version 3.1.16 contains a patch for the vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5616 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5616
Published : June 4, 2025, 11:15 p.m. | 35 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5616 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5616
Published : June 4, 2025, 11:15 p.m. | 35 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5617 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5617
Published : June 4, 2025, 11:15 p.m. | 35 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5617 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5617
Published : June 4, 2025, 11:15 p.m. | 35 minutes ago
Description : A vulnerability classified as critical has been found in PHPGurukul Online Fire Reporting System 1.2. This affects an unknown part of the file /admin/manage-teams.php. The manipulation of the argument teamid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5614 - PHPGurukul Online Fire Reporting System SQL Injection",
"Content": "CVE ID : CVE-2025-5614
Published : June 4, 2025, 10:15 p.m. | 1 hour, 35 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5614 - PHPGurukul Online Fire Reporting System SQL Injection",
"Content": "CVE ID : CVE-2025-5614
Published : June 4, 2025, 10:15 p.m. | 1 hour, 35 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been classified as critical. Affected is an unknown function of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-5615 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5615
Published : June 4, 2025, 10:15 p.m. | 1 hour, 35 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /details.php. The manipulation of the argument requestid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-5615 - PHPGurukul Online Fire Reporting System SQL Injection Vulnerability",
"Content": "CVE ID : CVE-2025-5615
Published : June 4, 2025, 10:15 p.m. | 1 hour, 35 minutes ago
Description : A vulnerability was found in PHPGurukul Online Fire Reporting System 1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /details.php. The manipulation of the argument requestid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "05 Jun 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹