{
"Source": "CVE FEED",
"Title": "CVE-2025-59398 - Everest OCPP JSON Denial of Service",
"Content": "CVE ID : CVE-2025-59398
Published : Sept. 15, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255 object is created with StringTooLarge set to Throw.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59398 - Everest OCPP JSON Denial of Service",
"Content": "CVE ID : CVE-2025-59398
Published : Sept. 15, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : The OCPP implementation in libocpp before 0.26.2 allows a denial of service (EVerest crash) via JSON input larger than 255 characters, because a CiString<255 object is created with StringTooLarge set to Throw.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59399 - Libocpp Everest Denial of Service",
"Content": "CVE ID : CVE-2025-59399
Published : Sept. 15, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59399 - Libocpp Everest Denial of Service",
"Content": "CVE ID : CVE-2025-59399
Published : Sept. 15, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : libocpp before 0.28.0 allows a denial of service (EVerest crash) because a secondary exception is thrown during error message generation.
Severity: 3.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43800 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-43800
Published : Sept. 15, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a rich text type field.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43800 - Liferay Portal Liferay DXP Cross-Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-43800
Published : Sept. 15, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : Cross-site scripting (XSS) vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a rich text type field.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10472 - harry0703 MoneyPrinterTurbo URL video.py stream_video path traversal",
"Content": "CVE ID : CVE-2025-10472
Published : Sept. 15, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10472 - harry0703 MoneyPrinterTurbo URL video.py stream_video path traversal",
"Content": "CVE ID : CVE-2025-10472
Published : Sept. 15, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function download_video/stream_video of the file app/controllers/v1/video.py of the component URL Handler. The manipulation of the argument file_path leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10473 - yangzongzhuan RuoYi Blacklist SqlUtil.java filterKeyword sql injection",
"Content": "CVE ID : CVE-2025-10473
Published : Sept. 15, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10473 - yangzongzhuan RuoYi Blacklist SqlUtil.java filterKeyword sql injection",
"Content": "CVE ID : CVE-2025-10473
Published : Sept. 15, 2025, 7:15 p.m. | 1 hour, 9 minutes ago
Description : A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This impacts the function filterKeyword of the file /com/ruoyi/common/utils/sql/SqlUtil.java of the component Blacklist Handler. The manipulation results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59142 - color-string@2.1.1 contains malware after npm account takeover",
"Content": "CVE ID : CVE-2025-59142
Published : Sept. 15, 2025, 7:10 p.m. | 1 hour, 14 minutes ago
Description : color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59142 - color-string@2.1.1 contains malware after npm account takeover",
"Content": "CVE ID : CVE-2025-59142
Published : Sept. 15, 2025, 7:10 p.m. | 1 hour, 14 minutes ago
Description : color-string is a parser and generator for CSS color strings. On 8 September 2025, the npm publishing account for color-string was taken over after a phishing attack. Version 2.1.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59144 - debug@4.4.2 contains malware after npm account takeover",
"Content": "CVE ID : CVE-2025-59144
Published : Sept. 15, 2025, 7:10 p.m. | 1 hour, 14 minutes ago
Description : debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59144 - debug@4.4.2 contains malware after npm account takeover",
"Content": "CVE ID : CVE-2025-59144
Published : Sept. 15, 2025, 7:10 p.m. | 1 hour, 14 minutes ago
Description : debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59143 - color@5.0.1 contains malware after npm account takeover",
"Content": "CVE ID : CVE-2025-59143
Published : Sept. 15, 2025, 7:10 p.m. | 1 hour, 14 minutes ago
Description : color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59143 - color@5.0.1 contains malware after npm account takeover",
"Content": "CVE ID : CVE-2025-59143
Published : Sept. 15, 2025, 7:10 p.m. | 1 hour, 14 minutes ago
Description : color is a Javascript color conversion and manipulation library. On 8 September 2025, the npm publishing account for color was taken over after a phishing attack. Version 5.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59141 - simple-swizzle@0.2.3 contains malware after npm account takeover",
"Content": "CVE ID : CVE-2025-59141
Published : Sept. 15, 2025, 7:09 p.m. | 1 hour, 15 minutes ago
Description : simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59141 - simple-swizzle@0.2.3 contains malware after npm account takeover",
"Content": "CVE ID : CVE-2025-59141
Published : Sept. 15, 2025, 7:09 p.m. | 1 hour, 15 minutes ago
Description : simple-swizzle swizzles function arguments. On 8 September 2025, the npm publishing account for simple-swizzle was taken over after a phishing attack. Version 0.2.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59140 - backslash@0.2.1 contains malware after npm account takeover",
"Content": "CVE ID : CVE-2025-59140
Published : Sept. 15, 2025, 7:09 p.m. | 1 hour, 15 minutes ago
Description : backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59140 - backslash@0.2.1 contains malware after npm account takeover",
"Content": "CVE ID : CVE-2025-59140
Published : Sept. 15, 2025, 7:09 p.m. | 1 hour, 15 minutes ago
Description : backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-55777 - Apache Non-Security Issue",
"Content": "CVE ID : CVE-2025-55777
Published : Sept. 15, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-55777 - Apache Non-Security Issue",
"Content": "CVE ID : CVE-2025-55777
Published : Sept. 15, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-52344 - Explorance Blue Cross Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-52344
Published : Sept. 15, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-52344 - Explorance Blue Cross Site Scripting (XSS)",
"Content": "CVE ID : CVE-2025-52344
Published : Sept. 15, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields.
Severity: 6.1 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43791 - Liferay Portal Cross-Site Scripting (XSS) Vulnerability",
"Content": "CVE ID : CVE-2025-43791
Published : Sept. 15, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a "Rich Text" type field to (1) a web content structure, (2) a Documents and Media Document Type , or (3) custom assets that uses the Data Engine's module Rich Text field.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43791 - Liferay Portal Cross-Site Scripting (XSS) Vulnerability",
"Content": "CVE ID : CVE-2025-43791
Published : Sept. 15, 2025, 6:15 p.m. | 2 hours, 9 minutes ago
Description : Multiple cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.3.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 36 allow remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a "Rich Text" type field to (1) a web content structure, (2) a Documents and Media Document Type , or (3) custom assets that uses the Data Engine's module Rich Text field.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "15 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10482 - SourceCodester Online Student File Management System index.php sql injection",
"Content": "CVE ID : CVE-2025-10482
Published : Sept. 15, 2025, 10:02 p.m. | 26 minutes ago
Description : A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10482 - SourceCodester Online Student File Management System index.php sql injection",
"Content": "CVE ID : CVE-2025-10482
Published : Sept. 15, 2025, 10:02 p.m. | 26 minutes ago
Description : A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10481 - SourceCodester Online Student File Management System remove_file.php sql injection",
"Content": "CVE ID : CVE-2025-10481
Published : Sept. 15, 2025, 10:02 p.m. | 26 minutes ago
Description : A security vulnerability has been detected in SourceCodester Online Student File Management System 1.0. This impacts an unknown function of the file /remove_file.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10481 - SourceCodester Online Student File Management System remove_file.php sql injection",
"Content": "CVE ID : CVE-2025-10481
Published : Sept. 15, 2025, 10:02 p.m. | 26 minutes ago
Description : A security vulnerability has been detected in SourceCodester Online Student File Management System 1.0. This impacts an unknown function of the file /remove_file.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43802 - Liferay Portal Liferay DXP Stored XSS",
"Content": "CVE ID : CVE-2025-43802
Published : Sept. 15, 2025, 9:58 p.m. | 30 minutes ago
Description : Stored cross-site scripting (XSS) vulnerability in a custom objectโs /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web script or HTML via the externalReferenceCode parameter.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43802 - Liferay Portal Liferay DXP Stored XSS",
"Content": "CVE ID : CVE-2025-43802
Published : Sept. 15, 2025, 9:58 p.m. | 30 minutes ago
Description : Stored cross-site scripting (XSS) vulnerability in a custom objectโs /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web script or HTML via the externalReferenceCode parameter.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10480 - SourceCodester Online Student File Management System save_file.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10480
Published : Sept. 15, 2025, 9:32 p.m. | 56 minutes ago
Description : A weakness has been identified in SourceCodester Online Student File Management System 1.0. This affects an unknown function of the file /save_file.php. Executing manipulation can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10480 - SourceCodester Online Student File Management System save_file.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10480
Published : Sept. 15, 2025, 9:32 p.m. | 56 minutes ago
Description : A weakness has been identified in SourceCodester Online Student File Management System 1.0. This affects an unknown function of the file /save_file.php. Executing manipulation can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43797 - Liferay Portal Open Membership Default Vulnerability",
"Content": "CVE ID : CVE-2025-43797
Published : Sept. 15, 2025, 9:28 p.m. | 59 minutes ago
Description : In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is โOpenโ which allows any registered users to become a member of the site. A remote attacker with site membership can potentially view, add or edit content on the site.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43797 - Liferay Portal Open Membership Default Vulnerability",
"Content": "CVE ID : CVE-2025-43797
Published : Sept. 15, 2025, 9:28 p.m. | 59 minutes ago
Description : In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is โOpenโ which allows any registered users to become a member of the site. A remote attacker with site membership can potentially view, add or edit content on the site.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6947 - WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration",
"Content": "CVE ID : CVE-2025-6947
Published : Sept. 15, 2025, 9:18 p.m. | 1 hour, 9 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.
This issue affects Firebox: from 12.0 through 12.11.2.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6947 - WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration",
"Content": "CVE ID : CVE-2025-6947
Published : Sept. 15, 2025, 9:18 p.m. | 1 hour, 9 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.
This issue affects Firebox: from 12.0 through 12.11.2.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6999 - WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability",
"Content": "CVE ID : CVE-2025-6999
Published : Sept. 15, 2025, 9:17 p.m. | 1 hour, 10 minutes ago
Description : An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This issue affects Fireware OS: from 12.0 through 12.11.2.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6999 - WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability",
"Content": "CVE ID : CVE-2025-6999
Published : Sept. 15, 2025, 9:17 p.m. | 1 hour, 10 minutes ago
Description : An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This issue affects Fireware OS: from 12.0 through 12.11.2.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-55211 - FreePBX Post-Authenticated Command Injection",
"Content": "CVE ID : CVE-2025-55211
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-55211 - FreePBX Post-Authenticated Command Injection",
"Content": "CVE ID : CVE-2025-55211
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น