{
"Source": "CVE FEED",
"Title": "CVE-2025-10369 - MiczFlor RPi-Jukebox-RFID cardRegisterNew.php cross site scripting",
"Content": "CVE ID : CVE-2025-10369
Published : Sept. 13, 2025, 5:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10369 - MiczFlor RPi-Jukebox-RFID cardRegisterNew.php cross site scripting",
"Content": "CVE ID : CVE-2025-10369
Published : Sept. 13, 2025, 5:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10370 - MiczFlor RPi-Jukebox-RFID userScripts.php cross site scripting",
"Content": "CVE ID : CVE-2025-10370
Published : Sept. 13, 2025, 5:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10370 - MiczFlor RPi-Jukebox-RFID userScripts.php cross site scripting",
"Content": "CVE ID : CVE-2025-10370
Published : Sept. 13, 2025, 5:15 p.m. | 1 hour, 31 minutes ago
Description : A vulnerability was identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This vulnerability affects unknown code of the file /htdocs/userScripts.php. The manipulation of the argument Custom script leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10384 - yangzongzhuan RuoYi Role cancelAll improper authorization",
"Content": "CVE ID : CVE-2025-10384
Published : Sept. 13, 2025, 8:15 p.m. | 33 minutes ago
Description : A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10384 - yangzongzhuan RuoYi Role cancelAll improper authorization",
"Content": "CVE ID : CVE-2025-10384
Published : Sept. 13, 2025, 8:15 p.m. | 33 minutes ago
Description : A flaw has been found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the file /system/role/authUser/cancelAll of the component Role Handler. Executing manipulation of the argument roleId/userIds can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10374 - Shenzhen Sixun Business Management System OperatorStop improper authorization",
"Content": "CVE ID : CVE-2025-10374
Published : Sept. 13, 2025, 7:15 p.m. | 1 hour, 33 minutes ago
Description : A security flaw has been discovered in Shenzhen Sixun Business Management System 7/11. This affects an unknown part of the file /Adm/OperatorStop. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10374 - Shenzhen Sixun Business Management System OperatorStop improper authorization",
"Content": "CVE ID : CVE-2025-10374
Published : Sept. 13, 2025, 7:15 p.m. | 1 hour, 33 minutes ago
Description : A security flaw has been discovered in Shenzhen Sixun Business Management System 7/11. This affects an unknown part of the file /Adm/OperatorStop. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "13 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10386 - Yida ECMS Consulting Enterprise Management System POST Request login.do cross site scripting",
"Content": "CVE ID : CVE-2025-10386
Published : Sept. 14, 2025, 2:15 a.m. | 36 minutes ago
Description : A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10386 - Yida ECMS Consulting Enterprise Management System POST Request login.do cross site scripting",
"Content": "CVE ID : CVE-2025-10386
Published : Sept. 14, 2025, 2:15 a.m. | 36 minutes ago
Description : A vulnerability was found in Yida ECMS Consulting Enterprise Management System 1.0. This affects an unknown part of the file /login.do of the component POST Request Handler. The manipulation of the argument requestUrl results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10385 - Mercury KM08-708H GiGA WiFi Wave2 mcr_setSysAdm sub_450B2C buffer overflow",
"Content": "CVE ID : CVE-2025-10385
Published : Sept. 14, 2025, 1:15 a.m. | 1 hour, 36 minutes ago
Description : A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10385 - Mercury KM08-708H GiGA WiFi Wave2 mcr_setSysAdm sub_450B2C buffer overflow",
"Content": "CVE ID : CVE-2025-10385
Published : Sept. 14, 2025, 1:15 a.m. | 1 hour, 36 minutes ago
Description : A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The manipulation of the argument ChgUserId leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 9.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
❤1
{
"Source": "CVE FEED",
"Title": "CVE-2025-10390 - CRMEB UserAddressServices.php editAddress improper authorization",
"Content": "CVE ID : CVE-2025-10390
Published : Sept. 14, 2025, 4:32 a.m. | 29 minutes ago
Description : A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10390 - CRMEB UserAddressServices.php editAddress improper authorization",
"Content": "CVE ID : CVE-2025-10390
Published : Sept. 14, 2025, 4:32 a.m. | 29 minutes ago
Description : A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10389 - CRMEB Administrator Password SystemAdminServices.php save improper authorization",
"Content": "CVE ID : CVE-2025-10389
Published : Sept. 14, 2025, 4:15 a.m. | 46 minutes ago
Description : A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10389 - CRMEB Administrator Password SystemAdminServices.php save improper authorization",
"Content": "CVE ID : CVE-2025-10389
Published : Sept. 14, 2025, 4:15 a.m. | 46 minutes ago
Description : A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in improper authorization. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10388 - Selleo Mentingo Create New Course Basic Settings enroll-course cross site scripting",
"Content": "CVE ID : CVE-2025-10388
Published : Sept. 14, 2025, 4:15 a.m. | 46 minutes ago
Description : A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10388 - Selleo Mentingo Create New Course Basic Settings enroll-course cross site scripting",
"Content": "CVE ID : CVE-2025-10388
Published : Sept. 14, 2025, 4:15 a.m. | 46 minutes ago
Description : A vulnerability was identified in Selleo Mentingo 2025.08.27. This issue affects some unknown processing of the file /api/course/enroll-course of the component Create New Course Basic Settings. Such manipulation of the argument Description leads to cross site scripting. The attack can be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 5.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10387 - codesiddhant Jasmin Ransomware handshake.php sql injection",
"Content": "CVE ID : CVE-2025-10387
Published : Sept. 14, 2025, 3:15 a.m. | 1 hour, 46 minutes ago
Description : A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machine_name/computer_user/os/date/time/ip/location/systemid/password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10387 - codesiddhant Jasmin Ransomware handshake.php sql injection",
"Content": "CVE ID : CVE-2025-10387
Published : Sept. 14, 2025, 3:15 a.m. | 1 hour, 46 minutes ago
Description : A vulnerability was determined in codesiddhant Jasmin Ransomware up to 1.0.1. This vulnerability affects unknown code of the file /handshake.php. This manipulation of the argument machine_name/computer_user/os/date/time/ip/location/systemid/password causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59363 - OneLogin OneLogin OIDC Client Secret Disclosure",
"Content": "CVE ID : CVE-2025-59363
Published : Sept. 14, 2025, midnight | 5 hours, 1 minute ago
Description : In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59363 - OneLogin OneLogin OIDC Client Secret Disclosure",
"Content": "CVE ID : CVE-2025-59363
Published : Sept. 14, 2025, midnight | 5 hours, 1 minute ago
Description : In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10394 - fcba_zzm ics-park Smart Park Management System Scheduled Task JobController.java code injection",
"Content": "CVE ID : CVE-2025-10394
Published : Sept. 14, 2025, 6:32 a.m. | 33 minutes ago
Description : A vulnerability has been found in fcba_zzm ics-park Smart Park Management System 2.0. Affected is an unknown function of the file ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/JobController.java of the component Scheduled Task Module. Such manipulation leads to code injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10394 - fcba_zzm ics-park Smart Park Management System Scheduled Task JobController.java code injection",
"Content": "CVE ID : CVE-2025-10394
Published : Sept. 14, 2025, 6:32 a.m. | 33 minutes ago
Description : A vulnerability has been found in fcba_zzm ics-park Smart Park Management System 2.0. Affected is an unknown function of the file ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/JobController.java of the component Scheduled Task Module. Such manipulation leads to code injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10393 - miurla morphic HTTP Status Code 3xx advanced-search fetchHtml server-side request forgery",
"Content": "CVE ID : CVE-2025-10393
Published : Sept. 14, 2025, 6:15 a.m. | 50 minutes ago
Description : A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10393 - miurla morphic HTTP Status Code 3xx advanced-search fetchHtml server-side request forgery",
"Content": "CVE ID : CVE-2025-10393
Published : Sept. 14, 2025, 6:15 a.m. | 50 minutes ago
Description : A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10392 - Mercury KM08-708H GiGA WiFi Wave2 HTTP Header stack-based overflow",
"Content": "CVE ID : CVE-2025-10392
Published : Sept. 14, 2025, 6:15 a.m. | 50 minutes ago
Description : A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10392 - Mercury KM08-708H GiGA WiFi Wave2 HTTP Header stack-based overflow",
"Content": "CVE ID : CVE-2025-10392
Published : Sept. 14, 2025, 6:15 a.m. | 50 minutes ago
Description : A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 10.0 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10391 - CRMEB OutAccountServices.php testOutUrl server-side request forgery",
"Content": "CVE ID : CVE-2025-10391
Published : Sept. 14, 2025, 5:15 a.m. | 1 hour, 50 minutes ago
Description : A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument push_token_url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10391 - CRMEB OutAccountServices.php testOutUrl server-side request forgery",
"Content": "CVE ID : CVE-2025-10391
Published : Sept. 14, 2025, 5:15 a.m. | 1 hour, 50 minutes ago
Description : A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument push_token_url leads to server-side request forgery. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10396 - SourceCodester Pet Grooming Management Software edit_role.php sql injection",
"Content": "CVE ID : CVE-2025-10396
Published : Sept. 14, 2025, 8:32 a.m. | 36 minutes ago
Description : A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_role.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10396 - SourceCodester Pet Grooming Management Software edit_role.php sql injection",
"Content": "CVE ID : CVE-2025-10396
Published : Sept. 14, 2025, 8:32 a.m. | 36 minutes ago
Description : A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_role.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10395 - Magicblack MacCMS Scheduled Task col_url server-side request forgery",
"Content": "CVE ID : CVE-2025-10395
Published : Sept. 14, 2025, 8:15 a.m. | 53 minutes ago
Description : A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10395 - Magicblack MacCMS Scheduled Task col_url server-side request forgery",
"Content": "CVE ID : CVE-2025-10395
Published : Sept. 14, 2025, 8:15 a.m. | 53 minutes ago
Description : A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely.
Severity: 5.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10399 - Korzh EasyQuery Query Builder UI fetch sql injection",
"Content": "CVE ID : CVE-2025-10399
Published : Sept. 14, 2025, 1:02 p.m. | 13 minutes ago
Description : A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10399 - Korzh EasyQuery Query Builder UI fetch sql injection",
"Content": "CVE ID : CVE-2025-10399
Published : Sept. 14, 2025, 1:02 p.m. | 13 minutes ago
Description : A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-0164 - IBM QRadar SIEM information disclosure",
"Content": "CVE ID : CVE-2025-0164
Published : Sept. 14, 2025, 12:57 p.m. | 17 minutes ago
Description : IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-0164 - IBM QRadar SIEM information disclosure",
"Content": "CVE ID : CVE-2025-0164
Published : Sept. 14, 2025, 12:57 p.m. | 17 minutes ago
Description : IBM QRadar SIEM 7.5 through 7.5 Update Pack 13 Independent Fix 01 could allow a local privileged user to perform unauthorized actions on configuration files due to improper permission assignment.
Severity: 2.3 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-36035 - IBM PowerVM Hypervisor denial of service",
"Content": "CVE ID : CVE-2025-36035
Published : Sept. 14, 2025, 12:52 p.m. | 22 minutes ago
Description : IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-36035 - IBM PowerVM Hypervisor denial of service",
"Content": "CVE ID : CVE-2025-36035
Published : Sept. 14, 2025, 12:52 p.m. | 22 minutes ago
Description : IBM PowerVM Hypervisor FW950.00 through FW950.E0, FW1050.00 through FW1050.50, and FW1060.00 through FW1060.40 could allow a local privileged user to cause a denial of service by issuing a specially crafted IBM i hypervisor call that would disclose memory contents or consume excessive memory resources.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-10204 - Unauth Admin Reset Password on AC Smart II",
"Content": "CVE ID : CVE-2025-10204
Published : Sept. 14, 2025, 12:43 p.m. | 31 minutes ago
Description : A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to change the administrator password without verifying login status or user permissions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-10204 - Unauth Admin Reset Password on AC Smart II",
"Content": "CVE ID : CVE-2025-10204
Published : Sept. 14, 2025, 12:43 p.m. | 31 minutes ago
Description : A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization. This page contains a hidden form for resetting the administrator password. The attacker can manipulate the page using developer tools to display and use the form. This form allows you to change the administrator password without verifying login status or user permissions.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "14 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹