{
"Source": "CVE FEED",
"Title": "CVE-2025-43802 - Liferay Portal Liferay DXP Stored XSS",
"Content": "CVE ID : CVE-2025-43802
Published : Sept. 15, 2025, 9:58 p.m. | 30 minutes ago
Description : Stored cross-site scripting (XSS) vulnerability in a custom objectโs /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web script or HTML via the externalReferenceCode parameter.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43802 - Liferay Portal Liferay DXP Stored XSS",
"Content": "CVE ID : CVE-2025-43802
Published : Sept. 15, 2025, 9:58 p.m. | 30 minutes ago
Description : Stored cross-site scripting (XSS) vulnerability in a custom objectโs /o/c/ API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through update 35. allows remote attackers to inject arbitrary web script or HTML via the externalReferenceCode parameter.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10480 - SourceCodester Online Student File Management System save_file.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10480
Published : Sept. 15, 2025, 9:32 p.m. | 56 minutes ago
Description : A weakness has been identified in SourceCodester Online Student File Management System 1.0. This affects an unknown function of the file /save_file.php. Executing manipulation can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10480 - SourceCodester Online Student File Management System save_file.php unrestricted upload",
"Content": "CVE ID : CVE-2025-10480
Published : Sept. 15, 2025, 9:32 p.m. | 56 minutes ago
Description : A weakness has been identified in SourceCodester Online Student File Management System 1.0. This affects an unknown function of the file /save_file.php. Executing manipulation can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made available to the public and could be exploited.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43797 - Liferay Portal Open Membership Default Vulnerability",
"Content": "CVE ID : CVE-2025-43797
Published : Sept. 15, 2025, 9:28 p.m. | 59 minutes ago
Description : In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is โOpenโ which allows any registered users to become a member of the site. A remote attacker with site membership can potentially view, add or edit content on the site.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43797 - Liferay Portal Open Membership Default Vulnerability",
"Content": "CVE ID : CVE-2025-43797
Published : Sept. 15, 2025, 9:28 p.m. | 59 minutes ago
Description : In Liferay Portal 7.1.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions, the default membership type of a newly created site is โOpenโ which allows any registered users to become a member of the site. A remote attacker with site membership can potentially view, add or edit content on the site.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6947 - WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration",
"Content": "CVE ID : CVE-2025-6947
Published : Sept. 15, 2025, 9:18 p.m. | 1 hour, 9 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.
This issue affects Firebox: from 12.0 through 12.11.2.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6947 - WatchGuard Firebox Stored Cross-Site-Scripting (XSS) Vulnerability in SIP Proxy Configuration",
"Content": "CVE ID : CVE-2025-6947
Published : Sept. 15, 2025, 9:18 p.m. | 1 hour, 9 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally managed Firebox.
This issue affects Firebox: from 12.0 through 12.11.2.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-6999 - WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability",
"Content": "CVE ID : CVE-2025-6999
Published : Sept. 15, 2025, 9:17 p.m. | 1 hour, 10 minutes ago
Description : An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This issue affects Fireware OS: from 12.0 through 12.11.2.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-6999 - WatchGuard Firebox Authentication Portal Request Smuggling Vulnerability",
"Content": "CVE ID : CVE-2025-6999
Published : Sept. 15, 2025, 9:17 p.m. | 1 hour, 10 minutes ago
Description : An HTTP Request Smuggling [CWE-444] vulnerability in the Authentication portal of WatchGuard Fireware OS allows a remote attacker to evade request parameter sanitation and perform a reflected self-Cross-Site Scripting (XSS) attack.This issue affects Fireware OS: from 12.0 through 12.11.2.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-55211 - FreePBX Post-Authenticated Command Injection",
"Content": "CVE ID : CVE-2025-55211
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-55211 - FreePBX Post-Authenticated Command Injection",
"Content": "CVE ID : CVE-2025-55211
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : FreePBX is an open-source web-based graphical user interface. From 17.0.19.11 to before 17.0.21, authenticated users of the Administrator Control Panel (ACP) can run arbitrary shell commands by maliciously changing languages of the framework module. This vulnerability is fixed in 17.0.21.
Severity: 6.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59056 - FreePBX vulnerable to unauthenticated Denial of Service",
"Content": "CVE ID : CVE-2025-59056
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59056 - FreePBX vulnerable to unauthenticated Denial of Service",
"Content": "CVE ID : CVE-2025-59056
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : FreePBX is an open-source web-based graphical user interface. In FreePBX 15, 16, and 17, malicious connections to the Administrator Control Panel web interface can cause the uninstall function to be triggered for certain modules. This function drops the module's database tables, which is where most modules store their configuration. This vulnerability is fixed in 15.0.38, 16.0.41, and 17.0.21.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-59145 - color-name@2.0.1 contains malware after npm account takeover",
"Content": "CVE ID : CVE-2025-59145
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-59145 - color-name@2.0.1 contains malware after npm account takeover",
"Content": "CVE ID : CVE-2025-59145
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : color-name is a JSON with CSS color names. On 8 September 2025, an npm publishing account for color-name was taken over after a phishing attack. Version 2.0.1 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own addresses from within browser environments. Local environments, server environments, command line applications, etc. are not affected. If the package was used in a browser context (e.g. a direct",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43798 - Liferay DXP TOTP Authentication Replay Vulnerability",
"Content": "CVE ID : CVE-2025-43798
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a userโs TOTP to authenticate as the user.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43798 - Liferay DXP TOTP Authentication Replay Vulnerability",
"Content": "CVE ID : CVE-2025-43798
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35 allows a time-based one-time password (TOTP) to be used multiple times during the validity period, which allows attackers with access to a userโs TOTP to authenticate as the user.
Severity: 2.1 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43799 - Liferay Portal Unauthenticated API Access Vulnerability",
"Content": "CVE ID : CVE-2025-43799
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, which allows remote users to access and edit content via the API.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43799 - Liferay Portal Unauthenticated API Access Vulnerability",
"Content": "CVE ID : CVE-2025-43799
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA through update 35, and older unsupported versions does not limit access to APIs before a user has changed their initial password, which allows remote users to access and edit content via the API.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10477 - kidaze CourseSelectionSystem eligibility.php sql injection",
"Content": "CVE ID : CVE-2025-10477
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10477 - kidaze CourseSelectionSystem eligibility.php sql injection",
"Content": "CVE ID : CVE-2025-10477
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/PriProfile/eligibility.php. Such manipulation of the argument Branch leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-10479 - SourceCodester Online Student File Management System index.php sql injection",
"Content": "CVE ID : CVE-2025-10479
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : A security flaw has been discovered in SourceCodester Online Student File Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument stud_no results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-10479 - SourceCodester Online Student File Management System index.php sql injection",
"Content": "CVE ID : CVE-2025-10479
Published : Sept. 15, 2025, 9:15 p.m. | 1 hour, 12 minutes ago
Description : A security flaw has been discovered in SourceCodester Online Student File Management System 1.0. The impacted element is an unknown function of the file /index.php. Performing manipulation of the argument stud_no results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-56448 - Positron PX360BT Replay Attack",
"Content": "CVE ID : CVE-2025-56448
Published : Sept. 15, 2025, 8:15 p.m. | 2 hours, 12 minutes ago
Description : The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does not properly rotate or invalidate used codes, allowing repeated reuse of captured transmissions. This exposes users to significant security risks, including vehicle theft and loss of trust in the alarm's anti-cloning claims.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-56448 - Positron PX360BT Replay Attack",
"Content": "CVE ID : CVE-2025-56448
Published : Sept. 15, 2025, 8:15 p.m. | 2 hours, 12 minutes ago
Description : The Positron PX360BT SW REV 8 car alarm system is vulnerable to a replay attack due to a failure in implementing rolling code security. The alarm system does not properly rotate or invalidate used codes, allowing repeated reuse of captured transmissions. This exposes users to significant security risks, including vehicle theft and loss of trust in the alarm's anti-cloning claims.
Severity: 6.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43375 - Apple Xcode Path Truncation Vulnerability",
"Content": "CVE ID : CVE-2025-43375
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43375 - Apple Xcode Path Truncation Vulnerability",
"Content": "CVE ID : CVE-2025-43375
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : The issue was addressed with improved checks. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43372 - Apple Media File Processing Denial of Service/Corrupt Memory",
"Content": "CVE ID : CVE-2025-43372
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43372 - Apple Media File Processing Denial of Service/Corrupt Memory",
"Content": "CVE ID : CVE-2025-43372
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : The issue was addressed with improved input validation. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43362 - Apple iOS Keystroke Monitoring Vulnerability",
"Content": "CVE ID : CVE-2025-43362
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to monitor keystrokes without user permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43362 - Apple iOS Keystroke Monitoring Vulnerability",
"Content": "CVE ID : CVE-2025-43362
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : The issue was addressed with improved checks. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26. An app may be able to monitor keystrokes without user permission.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43366 - Apple macOS Tahoe Coprocessor Memory Disclosure",
"Content": "CVE ID : CVE-2025-43366
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to disclose coprocessor memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43366 - Apple macOS Tahoe Coprocessor Memory Disclosure",
"Content": "CVE ID : CVE-2025-43366
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to disclose coprocessor memory.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43367 - "Apple macOS User Data Protection Bypass"",
"Content": "CVE ID : CVE-2025-43367
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43367 - "Apple macOS User Data Protection Bypass"",
"Content": "CVE ID : CVE-2025-43367
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43368 - Safari Use-After-Free Vulnerability",
"Content": "CVE ID : CVE-2025-43368
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43368 - Safari Use-After-Free Vulnerability",
"Content": "CVE ID : CVE-2025-43368
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing maliciously crafted web content may lead to an unexpected Safari crash.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43369 - Apple macOS Tahoe Symlink Privilege Escalation",
"Content": "CVE ID : CVE-2025-43369
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43369 - Apple macOS Tahoe Symlink Privilege Escalation",
"Content": "CVE ID : CVE-2025-43369
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-43370 - Apple Xcode Path Handling Buffer Overflow",
"Content": "CVE ID : CVE-2025-43370
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-43370 - Apple Xcode Path Handling Buffer Overflow",
"Content": "CVE ID : CVE-2025-43370
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A path handling issue was addressed with improved validation. This issue is fixed in Xcode 26. Processing an overly large path value may crash a process.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น